diff options
| author | Vincent Pelletier <plr.vincent@gmail.com> | 2022-02-19 02:06:23 +0000 |
|---|---|---|
| committer | Rui Salvaterra <rsalvaterra@gmail.com> | 2022-04-01 13:23:41 +0100 |
| commit | 15fbb916669dcdfcc706e9e75263ab63f9f27c00 (patch) | |
| tree | 57fdbd70407d0a5f1fb49b5f2942ecbfbe1c3898 /package | |
| parent | 56ce110b73970bcd65d309440baada84c8e1504b (diff) | |
| download | upstream-15fbb916669dcdfcc706e9e75263ab63f9f27c00.tar.gz upstream-15fbb916669dcdfcc706e9e75263ab63f9f27c00.tar.bz2 upstream-15fbb916669dcdfcc706e9e75263ab63f9f27c00.zip | |
kernel: scale nf_conntrack_max more reasonably
Use the kernel's built-in formula for computing this value.
The value applied by OpenWRT's sysctl configuration file does not scale
with the available memory, under-using hardware capabilities.
Also, that formula also influences net.netfilter.nf_conntrack_buckets,
which should improve conntrack performance in average (fewer connections
per hashtable bucket).
Backport upstream commit for its effect on the number of connections per
hashtable bucket.
Apply a hack patch to set the RAM size divisor to a more reasonable value (2048,
down from 16384) for our use case, a typical router handling several thousands
of connections.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Diffstat (limited to 'package')
| -rw-r--r-- | package/kernel/linux/files/sysctl-nf-conntrack.conf | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/package/kernel/linux/files/sysctl-nf-conntrack.conf b/package/kernel/linux/files/sysctl-nf-conntrack.conf index 37baf5fd6f..c6a0ef362b 100644 --- a/package/kernel/linux/files/sysctl-nf-conntrack.conf +++ b/package/kernel/linux/files/sysctl-nf-conntrack.conf @@ -3,7 +3,6 @@ net.netfilter.nf_conntrack_acct=1 net.netfilter.nf_conntrack_checksum=0 -net.netfilter.nf_conntrack_max=16384 net.netfilter.nf_conntrack_tcp_timeout_established=7440 net.netfilter.nf_conntrack_udp_timeout=60 net.netfilter.nf_conntrack_udp_timeout_stream=180 |