netfilter: conntrack: allow increasing bucket size via sysctl too
authorFlorian Westphal <fw@strlen.de>
Wed, 22 Jun 2016 11:26:10 +0000 (13:26 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 24 Jun 2016 09:03:28 +0000 (11:03 +0200)
commit3183ab8997a477c8d9ad175a1cef70dff77c6dbc
tree05fc36b7e2fa3b896cc412cdd8f0f1ac796965a3
parent8eee54be73f4b938dbf48e95c0dbecb5f19b08ee
netfilter: conntrack: allow increasing bucket size via sysctl too

No need to restrict this to module parameter.

We export a copy of the real hash size -- when user alters the value we
allocate the new table, copy entries etc before we update the real size
to the requested one.

This is also needed because the real size is used by concurrent readers
and cannot be changed without synchronizing the conntrack generation
seqcnt.

We only allow changing this value from the initial net namespace.

Tested using http-client-benchmark vs. httpterm with concurrent

while true;do
 echo $RANDOM > /proc/sys/net/netfilter/nf_conntrack_buckets
done

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Documentation/networking/nf_conntrack-sysctl.txt
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_standalone.c