git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Mon, 26 Jul 2021 22:29:19 +0000 (00:29 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 3 Sep 2021 08:08:12 +0000 (10:08 +0200)
commit	6bcf058b694c177086f8019d76c6c5c1b2c5a069
tree	22ae8ce182ce5b3acfb10954c481b6d4c2a41bef	tree \| snapshot
parent	82e7b770190095b44fdc9aea18201e98b3f7c4b0	commit \| diff

netfilter: conntrack: collect all entries in one cycle

[ Upstream commit 4608fdfc07e116f9fc0895beb40abad7cdb5ee3d ]

Michal Kubecek reports that conntrack gc is responsible for frequent
wakeups (every 125ms) on idle systems.

On busy systems, timed out entries are evicted during lookup.
The gc worker is only needed to remove entries after system becomes idle
after a busy period.

To resolve this, always scan the entire table.
If the scan is taking too long, reschedule so other work_structs can run
and resume from next bucket.

After a completed scan, wait for 2 minutes before the next cycle.
Heuristics for faster re-schedule are removed.

GC_SCAN_INTERVAL could be exposed as a sysctl in the future to allow
tuning this as-needed or even turn the gc worker off.

Reported-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>