Re: [PATCH net 2/2] conntrack: enable to tune gc parameters

2016-10-14 Thread Florian Westphal
Pablo Neira Ayuso wrote: > I would prefer not to expose sysctl knobs, if we don't really know > what good default values are good, then we cannot expect our users to > know this for us. > > I would go tune this in a way that this resembles to the previous > behaviour. I do

Re: [PATCH net 2/2] conntrack: enable to tune gc parameters

2016-10-14 Thread Pablo Neira Ayuso
On Fri, Oct 14, 2016 at 12:37:26PM +0200, Florian Westphal wrote: > Nicolas Dichtel wrote: > > Le 13/10/2016 à 22:43, Florian Westphal a écrit : [...] > > > (Or cause too many useless scans) > > > > > > Another idea worth trying might be to get rid of the max cap and >

Re: [PATCH net 2/2] conntrack: enable to tune gc parameters

2016-10-14 Thread Florian Westphal
Nicolas Dichtel wrote: > Le 13/10/2016 à 22:43, Florian Westphal a écrit : > > Nicolas Dichtel wrote: > >> Le 10/10/2016 à 16:04, Florian Westphal a écrit : > >>> Nicolas Dichtel wrote: > After commit

Re: [PATCH net 2/2] conntrack: enable to tune gc parameters

2016-10-14 Thread Nicolas Dichtel
Le 13/10/2016 à 22:43, Florian Westphal a écrit : > Nicolas Dichtel wrote: >> Le 10/10/2016 à 16:04, Florian Westphal a écrit : >>> Nicolas Dichtel wrote: After commit b87a2f9199ea ("netfilter: conntrack: add gc worker to remove

Re: [PATCH net 2/2] conntrack: enable to tune gc parameters

2016-10-13 Thread Florian Westphal
Nicolas Dichtel wrote: > Le 10/10/2016 à 16:04, Florian Westphal a écrit : > > Nicolas Dichtel wrote: > >> After commit b87a2f9199ea ("netfilter: conntrack: add gc worker to remove > >> timed-out entries"), netlink conntrack deletion events

Re: [PATCH net 2/2] conntrack: enable to tune gc parameters

2016-10-10 Thread Nicolas Dichtel
Le 10/10/2016 à 16:04, Florian Westphal a écrit : > Nicolas Dichtel wrote: >> After commit b87a2f9199ea ("netfilter: conntrack: add gc worker to remove >> timed-out entries"), netlink conntrack deletion events may be sent with a >> huge delay. It could be interesting to

Re: [PATCH net 2/2] conntrack: enable to tune gc parameters

2016-10-10 Thread Florian Westphal
Nicolas Dichtel wrote: > After commit b87a2f9199ea ("netfilter: conntrack: add gc worker to remove > timed-out entries"), netlink conntrack deletion events may be sent with a > huge delay. It could be interesting to let the user tweak gc parameters > depending on its