From 789cfad661f4fbaa97384efa5843a60027b1ec91 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 17 Dec 2008 18:54:27 +0100 Subject: doc: document the netlink buffer size clauses This patch documents the SocketBufferSize and SocketBufferSizeGrowth clause. It also rises the default values which are fairly small for busy firewalls. Signed-off-by: Pablo Neira Ayuso --- doc/sync/alarm/conntrackd.conf | 16 ++++++++++++---- doc/sync/ftfw/conntrackd.conf | 16 ++++++++++++---- doc/sync/notrack/conntrackd.conf | 16 ++++++++++++---- 3 files changed, 36 insertions(+), 12 deletions(-) (limited to 'doc') diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf index 0ace99e..0d4847b 100644 --- a/doc/sync/alarm/conntrackd.conf +++ b/doc/sync/alarm/conntrackd.conf @@ -145,14 +145,22 @@ General { } # - # Netlink socket buffer size + # Netlink event socket buffer size. If you do not specify this clause, + # the default buffer size value in /proc/net/core/rmem_default is + # used. This default value is usually around 100 Kbytes which is + # fairly small for busy firewalls. This leads to event message dropping + # and high CPU consumption. This example configuration file sets the + # size to 2 MBytes to avoid this sort of problems. # - SocketBufferSize 262142 + SocketBufferSize 2097152 # - # Increase the socket buffer up to maximum if required + # The daemon doubles the size of the netlink event socket buffer size + # if it detects netlink event message dropping. This clause sets the + # maximum buffer size growth that can be reached. This example file + # sets the size to 8 MBytes. # - SocketBufferSizeMaxGrowth 655355 + SocketBufferSizeMaxGrowth 8388608 # # Event filtering: This clause allows you to filter certain traffic, diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf index 868ee5a..d415fcd 100644 --- a/doc/sync/ftfw/conntrackd.conf +++ b/doc/sync/ftfw/conntrackd.conf @@ -149,14 +149,22 @@ General { } # - # Netlink socket buffer size + # Netlink event socket buffer size. If you do not specify this clause, + # the default buffer size value in /proc/net/core/rmem_default is + # used. This default value is usually around 100 Kbytes which is + # fairly small for busy firewalls. This leads to event message dropping + # and high CPU consumption. This example configuration file sets the + # size to 2 MBytes to avoid this sort of problems. # - SocketBufferSize 262142 + SocketBufferSize 2097152 # - # Increase the socket buffer up to maximum if required + # The daemon doubles the size of the netlink event socket buffer size + # if it detects netlink event message dropping. This clause sets the + # maximum buffer size growth that can be reached. This example file + # sets the size to 8 MBytes. # - SocketBufferSizeMaxGrowth 655355 + SocketBufferSizeMaxGrowth 8388608 # # Event filtering: This clause allows you to filter certain traffic, diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index 514b5ba..bc1a3a6 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -133,14 +133,22 @@ General { } # - # Netlink socket buffer size + # Netlink event socket buffer size. If you do not specify this clause, + # the default buffer size value in /proc/net/core/rmem_default is + # used. This default value is usually around 100 Kbytes which is + # fairly small for busy firewalls. This leads to event message dropping + # and high CPU consumption. This example configuration file sets the + # size to 2 MBytes to avoid this sort of problems. # - SocketBufferSize 262142 + SocketBufferSize 2097152 # - # Increase the socket buffer up to maximum if required + # The daemon doubles the size of the netlink event socket buffer size + # if it detects netlink event message dropping. This clause sets the + # maximum buffer size growth that can be reached. This example file + # sets the size to 8 MBytes. # - SocketBufferSizeMaxGrowth 655355 + SocketBufferSizeMaxGrowth 8388608 # # Event filtering: This clause allows you to filter certain traffic, -- cgit v1.2.3