Thread (8 messages) 8 messages, 4 authors, 2026-03-12

Re: [PATCH net-next] netfilter: conntrack: expose gc_scan_interval_max via sysctl

From: Florian Westphal <fw@strlen.de>
Date: 2026-03-12 23:10:23
Also in: linux-doc, lkml, netfilter-devel

Prasanna Panchamukhi [off-list ref] wrote:
Our primary goal is to cap the maximum time taken by the GC to clean
up expired entries. We rely on user-space notifications to clean up
these entries from the hardware, so ensuring a predictable upper bound
is important for our use case.
Sure, but why can't we try to give a better default behavior?

while true; conntrack -L >/dev/null;done

basically does what you want already (but in a dumb way).
Regarding the adaptive strategy, we are using this sysctl to address
environments where the current average-based calculation delays the
cleanup of short-lived entries.
Yes, and I did propose to adapt the existing strategy to provide more
timely notifications.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help