how to get consistent value of "nf_conntrack_htable_size" and "nf_conntrack_hash" in a kernel module ?

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Fri Jul 7 12:30:03 EDT 2017


On Fri, 07 Jul 2017 23:55:25 +0800, Shiyao Ma said:

> I want to foreach all the `struct nf_conn's in my out-of-tree kernel module.

What are you trying to do?  Hint: the very concept of "all" the nf_conn's is a
very racy one, especially on high-powered servers that have multiple 40 gigabit
ethernet cards on them, talking to other high-powered servers on the same
subnet. It's possible to get several million TCP connections in TIME_WAIT in a
matter of seconds.  The end result is that the kernel code is very much
optimized for the problem of "find *THIS* one nf_conn related to the packet
we're looking at before the next one shows up in a few microseconds", and
things like 'netstat -a' can basically go pound sand if they want to be 100%
accurate.

Summary:  It's quite possible for hundreds or even thousands of nf_conn's
to come and go in the time it takes you to walk the list.

> How to get a consistent value of `nf_conntrack_htable_size' and `nf_conntrack_hash' ?

What makes you think that "consistent value" is a concept that applies
to these numbers?  As mentioned above, they can be bouncing all over
the place on timespans smaller than the time needed to walk the list...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20170707/7a0225bd/attachment.bin 


More information about the Kernelnewbies mailing list