| To: | netdev@xxxxxxxxxxx |
|---|---|
| Subject: | Re: limited number if iptable rules on 64bit hosts |
| From: | Olaf Hering <olh@xxxxxxx> |
| Date: | Wed, 2 Feb 2005 23:25:16 +0100 |
| In-reply-to: | <20050202133851.GA9680@xxxxxxx> |
| References: | <20050202133851.GA9680@xxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt und vi sind doch schneller als Notes (und GroupWise) |
On Wed, Feb 02, Olaf Hering wrote: > > What buffer or sysctrl value has to change to allow more than 3445 rules > like this (on a 64bit host with 64bit iptables)? > > iptables -A FORWARD -j ACCEPT > > setsockopt(3, SOL_IP, 0x40 /* IP_??? */, > "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 524368) = > -1 ENOMEM (Cannot allocate memory) it triggers the first -ENOMEM in net/ipv4/netfilter/ip_tables.c:do_replace sizeof(struct ipt_table_info)+SMP_ALIGN(tmp.size)*NR_CPUS == 67108992 bytes 128+524288*128==67108992 (sizeof(struct ipt_table_info) + (((tmp.size) + (1 << 7)-1) & ~((1 << 7)-1)) * 128) hmm, no braces missing. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: where is the proper place for r8169 bug reports?, Francois Romieu |
|---|---|
| Next by Date: | [PATCH 2.4] PKT_SCHED: Fix ingress qdisc to pick up IPv6 packets, Thomas Graf |
| Previous by Thread: | limited number if iptable rules on 64bit hosts, Olaf Hering |
| Next by Thread: | Re: limited number if iptable rules on 64bit hosts, Bill Rugolsky Jr. |
| Indexes: | [Date] [Thread] [Top] [All Lists] |