> Do you mean that it should be computed based on memory size or you mean
> that it should be changeable on-the-fly, even when we have some
> connections in the tables already?

I mean the latter.  We do this in other subsystems, such as
IPSEC, for various hashes.

> Do you have some hints (where to look for a similar thing)?
> The thing that worries me a little is the locking around the move and
> maybe the latency involved. Yes, of course you will not change it several
> times per minute, but...

You only increase, never decrease.

A lock is held during every access to these hash tables, so
the locking should be very similar.

Have a look at xfrm_hash_resize() in net/xfrm/xfrm_state.c to get
a good idea on how this stuff can be done.  And hey, that code
resizes 3 tables at once, you only need to handle one :)
