From 057369ae1f3ad8d10b1a9e0baa5b63bc2b9087f5 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 5 Mar 2018 09:13:53 +0100 Subject: base-files: tune fragment queue thresholds for available system memory The default fragment low/high thresholds are 3 and 4 MB. On devices with only 32MB RAM, these settings may lead to OOM when many fragments that cannot be reassembled are received. Decrease fragment low/high thresholds to 384 and 512 kB on devices with less than 64 MB RAM. Signed-off-by: Matthias Schiffer --- package/base-files/files/etc/init.d/sysctl | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) (limited to 'package/base-files/files/etc/init.d') diff --git a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl index 3a497fb66c..65e6aa9925 100755 --- a/package/base-files/files/etc/init.d/sysctl +++ b/package/base-files/files/etc/init.d/sysctl @@ -3,22 +3,33 @@ START=11 -set_vm_min_free() { - mem="$(grep MemTotal /proc/meminfo | awk '{print $2}')" +apply_defaults() { + local mem="$(awk '/^MemTotal:/ {print $2}' /proc/meminfo)" + local min_free frag_low_thresh frag_high_thresh + if [ "$mem" -gt 65536 ]; then # 128M - val=16384 + min_free=16384 elif [ "$mem" -gt 32768 ]; then # 64M - val=8192 - elif [ "$mem" -gt 16384 ]; then # 32M - val=1024 + min_free=8192 else - return + min_free=1024 + frag_low_thresh=393216 + frag_high_thresh=524288 fi - sysctl -qw vm.min_free_kbytes="$val" + + sysctl -qw vm.min_free_kbytes="$min_free" + + [ "$frag_low_thresh" ] && sysctl -qw \ + net.ipv4.ipfrag_low_thresh="$frag_low_thresh" \ + net.ipv4.ipfrag_high_thresh="$frag_high_thresh" \ + net.ipv6.ip6frag_low_thresh="$frag_low_thresh" \ + net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \ + net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \ + net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh" } start() { - set_vm_min_free + apply_defaults for CONF in /etc/sysctl.conf /etc/sysctl.d/*.conf; do [ -f "$CONF" ] && sysctl -p "$CONF" -e >&- done -- cgit v1.2.3