Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries

2016-08-24 Thread Eric Dumazet
On Wed, 2016-08-24 at 22:11 +0200, Florian Westphal wrote: > Eric Dumazet wrote: > > On Wed, 2016-08-24 at 13:55 +0200, Florian Westphal wrote: > > > Conntrack gc worker to evict stale entries. > > > > > > > static struct nf_conn * > > > __nf_conntrack_alloc(struct net

Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries

2016-08-24 Thread Florian Westphal
Eric Dumazet wrote: > On Wed, 2016-08-24 at 13:55 +0200, Florian Westphal wrote: > > Conntrack gc worker to evict stale entries. > > > > static struct nf_conn * > > __nf_conntrack_alloc(struct net *net, > > const struct nf_conntrack_zone *zone, > > @@

Re: [PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries

2016-08-24 Thread Eric Dumazet
On Wed, 2016-08-24 at 13:55 +0200, Florian Westphal wrote: > Conntrack gc worker to evict stale entries. > static struct nf_conn * > __nf_conntrack_alloc(struct net *net, >const struct nf_conntrack_zone *zone, > @@ -1527,6 +1597,7 @@ static int untrack_refs(void) > >

[PATCH v2 nf-next 4/7] netfilter: conntrack: add gc worker to remove timed-out entries

2016-08-24 Thread Florian Westphal
Conntrack gc worker to evict stale entries. GC happens once every 5 seconds, but we only scan at most 1/64th of the table (and not more than 8k) buckets to avoid hogging cpu. This means that a complete scan of the table will take several minutes of wall-clock time. Considering that the gc run