Re: [PATCH net-next] netfilter: conntrack: expose gc_scan_interval_max via sysctl
From: Florian Westphal <fw@strlen.de>
Date: 2026-03-12 23:10:23
Also in:
linux-doc, lkml, netfilter-devel
From: Florian Westphal <fw@strlen.de>
Date: 2026-03-12 23:10:23
Also in:
linux-doc, lkml, netfilter-devel
Prasanna Panchamukhi [off-list ref] wrote:
Our primary goal is to cap the maximum time taken by the GC to clean up expired entries. We rely on user-space notifications to clean up these entries from the hardware, so ensuring a predictable upper bound is important for our use case.
Sure, but why can't we try to give a better default behavior? while true; conntrack -L >/dev/null;done basically does what you want already (but in a dumb way).
Regarding the adaptive strategy, we are using this sysctl to address environments where the current average-based calculation delays the cleanup of short-lived entries.
Yes, and I did propose to adapt the existing strategy to provide more timely notifications.