doc: increase hashtable bucket size and limits in example files

This patch details a bit more the hashtable parameters. Moreover,
it increases the default size of the hashtable.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 27 insertions, 15 deletions

diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index da11887..ad9bcd9 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -135,15 +135,19 @@ Sync {
 #
 General {
 	#
-	# Number of buckets in the caches: hash table.
+	# Number of buckets in the cache hashtable. The bigger it is,
+	# the closer it gets to O(1) at the cost of consuming more memory.
+	# Read some documents about tuning hashtables for further reference.
 	#
-	HashSize 16384
+	HashSize 32768
 
 	#
-	# Maximum number of conntracks: 
-	# it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+	# Maximum number of conntracks, it should be double of: 
+	# $ cat /proc/sys/net/netfilter/nf_conntrack_max
+	# since the daemon may keep some dead entries cached for possible
+	# retransmission during state synchronization.
 	#
-	HashLimit 65536
+	HashLimit 131072
 
 	#
 	# Logfile: on (/var/log/conntrackd.log), off, or a filename
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 3c39291..0021ea8 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -144,15 +144,19 @@ Sync {
 #
 General {
 	#
-	# Number of buckets in the caches: hash table.
+	# Number of buckets in the cache hashtable. The bigger it is,
+	# the closer it gets to O(1) at the cost of consuming more memory.
+	# Read some documents about tuning hashtables for further reference.
 	#
-	HashSize 16384
+	HashSize 32768
 
 	#
-	# Maximum number of conntracks: 
-	# it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+	# Maximum number of conntracks, it should be double of: 
+	# $ cat /proc/sys/net/netfilter/nf_conntrack_max
+	# since the daemon may keep some dead entries cached for possible
+	# retransmission during state synchronization.
 	#
-	HashLimit 65536
+	HashLimit 131072
 
 	#
 	# Logfile: on (/var/log/conntrackd.log), off, or a filename
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index f86d17b..b77d589 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -125,15 +125,19 @@ Sync {
 #
 General {
 	#
-	# Number of buckets in the caches: hash table.
+	# Number of buckets in the cache hashtable. The bigger it is,
+	# the closer it gets to O(1) at the cost of consuming more memory.
+	# Read some documents about tuning hashtables for further reference.
 	#
-	HashSize 16384
+	HashSize 32768
 
 	#
-	# Maximum number of conntracks: 
-	# it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+	# Maximum number of conntracks, it should be double of: 
+	# $ cat /proc/sys/net/netfilter/nf_conntrack_max
+	# since the daemon may keep some dead entries cached for possible
+	# retransmission during state synchronization.
 	#
-	HashLimit 65536
+	HashLimit 131072
 
 	#
 	# Logfile: on (/var/log/conntrackd.log), off, or a filename