Re: max ip_conntrack entries

Rusty Russell (rusty@rustcorp.com.au)
Sat, 24 Mar 2001 20:32:22 +1100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andreas Eckleder: "Proposed changes to isofs driver"
Previous message: Eric Buddington: "Re: 386 'ls' gets SIGILL iff /proc is mounted"

In message <20010321193447.A555@grobbebol.xs4all.nl> you write:
>
> is there a way to dynamically change the limit : kernel: ip_conntrack:
> maximum limit of 16384 entries exceeded ?

echo 32768 > /proc/net/ipv4/ip_conntrack_max

Don't increase it too much, or your efficiency will go out the window
(the hash table size doesn't increase).

> either a newssus scan or a weird ftp server I tried to connect to,
> caused the table to fill pretty fast and all other connections stopped
> for a short time.

It will start dropping "unreplied" connections.

Rusty.

--
Premature optmztion is rt of all evl. --DK
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Andreas Eckleder: "Proposed changes to isofs driver"
Previous message: Eric Buddington: "Re: 386 'ls' gets SIGILL iff /proc is mounted"