Re: [PATCH net-next v2] netfilter: conntrack: expose gc_scan_interval_max via sysctl

Next message: Ratheesh Kannoth: "Re: [v3,net-next,5/5] octeontx2-af: Add support for loading custom KPU profile from filesystem"
Previous message: Sherry Sun: "[PATCH V8 04/13] PCI: imx6: Assert PERST# before enabling regulators"
In reply to: Prasanna S Panchamukhi: "[PATCH net-next v2] netfilter: conntrack: expose gc_scan_interval_max via sysctl"
Next in thread: Pablo Neira Ayuso: "Re: [PATCH net-next v2] netfilter: conntrack: expose gc_scan_interval_max via sysctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Florian Westphal

Date: Thu Mar 12 2026 - 22:10:41 EST

Prasanna S Panchamukhi <panchamukhi@xxxxxxxxxx> wrote:
> The conntrack garbage collection worker uses an adaptive algorithm that
> adjusts the scan interval based on the average timeout of tracked
> entries. The upper bound of this interval is hardcoded as
> GC_SCAN_INTERVAL_MAX (60 seconds).

I already said that I'm not keen on this approach.
Its a 'we can't do any better' type "solution".

If anything I'd be more inclined to make a change that allows to
more easily override the next_run computation via bpf.