1. 21 Sep, 2022 3 commits
    • Christophe JAILLET's avatar
      headers: Remove some left-over license text in include/uapi/linux/netfilter/ · 7b5541a9
      Christophe JAILLET authored
      When the SPDX-License-Identifier tag has been added, the corresponding
      license text has not been removed.
      
      Remove it now.
      
      Also, in xt_connmark.h, move the copyright text at the top of the file
      which is a much more common pattern.
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      7b5541a9
    • Antoine Tenart's avatar
      netfilter: conntrack: revisit the gc initial rescheduling bias · 2aa19275
      Antoine Tenart authored
      The previous commit changed the way the rescheduling delay is computed
      which has a side effect: the bias is now represented as much as the
      other entries in the rescheduling delay which makes the logic to kick in
      only with very large sets, as the initial interval is very large
      (INT_MAX).
      
      Revisit the GC initial bias to allow more frequent GC for smaller sets
      while still avoiding wakeups when a machine is mostly idle. We're moving
      from a large initial value to pretending we have 100 entries expiring at
      the upper bound. This way only a few entries having a small timeout
      won't impact much the rescheduling delay and non-idle machines will have
      enough entries to lower the delay when needed. This also improves
      readability as the initial bias is now linked to what is computed
      instead of being an arbitrary large value.
      
      Fixes: 2cfadb76 ("netfilter: conntrack: revisit gc autotuning")
      Suggested-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarAntoine Tenart <atenart@kernel.org>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      2aa19275
    • Antoine Tenart's avatar
      netfilter: conntrack: fix the gc rescheduling delay · 95eabdd2
      Antoine Tenart authored
      Commit 2cfadb76 ("netfilter: conntrack: revisit gc autotuning")
      changed the eviction rescheduling to the use average expiry of scanned
      entries (within 1-60s) by doing:
      
        for (...) {
            expires = clamp(nf_ct_expires(tmp), ...);
            next_run += expires;
            next_run /= 2;
        }
      
      The issue is the above will make the average ('next_run' here) more
      dependent on the last expiration values than the firsts (for sets > 2).
      Depending on the expiration values used to compute the average, the
      result can be quite different than what's expected. To fix this we can
      do the following:
      
        for (...) {
            expires = clamp(nf_ct_expires(tmp), ...);
            next_run += (expires - next_run) / ++count;
        }
      
      Fixes: 2cfadb76 ("netfilter: conntrack: revisit gc autotuning")
      Cc: Florian Westphal <fw@strlen.de>
      Signed-off-by: default avatarAntoine Tenart <atenart@kernel.org>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      95eabdd2
  2. 20 Sep, 2022 37 commits