From 0855549b4bdfb7ff0aacfcfe888919c4060ed102 Mon Sep 17 00:00:00 2001 From: Vincent Pelletier Date: Sat, 19 Feb 2022 02:06:23 +0000 Subject: kernel: scale nf_conntrack_max more reasonably Use the kernel's built-in formula for computing this value. The value applied by OpenWRT's sysctl configuration file does not scale with the available memory, under-using hardware capabilities. Also, that formula also influences net.netfilter.nf_conntrack_buckets, which should improve conntrack performance in average (fewer connections per hashtable bucket). Backport upstream commit for its effect on the number of connections per hashtable bucket. Apply a hack patch to set the RAM size divisor to a more reasonable value (2048, down from 16384) for our use case, a typical router handling several thousands of connections. Signed-off-by: Vincent Pelletier Signed-off-by: Rui Salvaterra (cherry picked from commit 15fbb916669dcdfcc706e9e75263ab63f9f27c00) --- package/kernel/linux/files/sysctl-nf-conntrack.conf | 1 - 1 file changed, 1 deletion(-) (limited to 'package/kernel') diff --git a/package/kernel/linux/files/sysctl-nf-conntrack.conf b/package/kernel/linux/files/sysctl-nf-conntrack.conf index 37baf5fd6f..c6a0ef362b 100644 --- a/package/kernel/linux/files/sysctl-nf-conntrack.conf +++ b/package/kernel/linux/files/sysctl-nf-conntrack.conf @@ -3,7 +3,6 @@ net.netfilter.nf_conntrack_acct=1 net.netfilter.nf_conntrack_checksum=0 -net.netfilter.nf_conntrack_max=16384 net.netfilter.nf_conntrack_tcp_timeout_established=7440 net.netfilter.nf_conntrack_udp_timeout=60 net.netfilter.nf_conntrack_udp_timeout_stream=180 -- cgit v1.2.3