Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/2214936/?format=api
{ "id": 2214936, "url": "http://patchwork.ozlabs.org/api/1.2/patches/2214936/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260323162523.44964-4-ja@ssi.bg/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.2/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260323162523.44964-4-ja@ssi.bg>", "list_archive_url": null, "date": "2026-03-23T16:25:23", "name": "[nf-next,3/3] ipvs: add conn_lfactor and svc_lfactor sysctl vars", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "999a427f2a389e83116fb962f7deb0a8f84fec04", "submitter": { "id": 2825, "url": "http://patchwork.ozlabs.org/api/1.2/people/2825/?format=api", "name": "Julian Anastasov", "email": "ja@ssi.bg" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260323162523.44964-4-ja@ssi.bg/mbox/", "series": [ { "id": 497148, "url": "http://patchwork.ozlabs.org/api/1.2/series/497148/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=497148", "date": "2026-03-23T16:25:21", "name": "IPVS changes, part 4 of 4 - extras", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/497148/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2214936/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2214936/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <netfilter-devel+bounces-11373-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (4096-bit key;\n unprotected) header.d=ssi.bg header.i=@ssi.bg header.a=rsa-sha256\n header.s=ssi header.b=nxLTfm87;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11373-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (4096-bit key) header.d=ssi.bg header.i=@ssi.bg header.b=\"nxLTfm87\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=193.238.174.39", "smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=ssi.bg", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=ssi.bg" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4ffgsn4ClYz1xyt\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 24 Mar 2026 04:59:25 +1100 (AEDT)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 65A1D317C228\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 23 Mar 2026 16:31:45 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 4A3543BBA16;\n\tMon, 23 Mar 2026 16:31:35 +0000 (UTC)", "from mx.ssi.bg (mx.ssi.bg [193.238.174.39])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id BBBCB26A0A7;\n\tMon, 23 Mar 2026 16:31:31 +0000 (UTC)", "from mx.ssi.bg (localhost [127.0.0.1])\n\tby mx.ssi.bg (Potsfix) with ESMTP id CF03321850;\n\tMon, 23 Mar 2026 18:31:20 +0200 (EET)", "from box.ssi.bg (box.ssi.bg [193.238.174.46])\n\tby mx.ssi.bg (Potsfix) with ESMTPS;\n\tMon, 23 Mar 2026 18:31:19 +0200 (EET)", "from ja.ssi.bg (unknown [213.16.62.126])\n\tby box.ssi.bg (Potsfix) with ESMTPSA id 0E44660D1F;\n\tMon, 23 Mar 2026 18:31:20 +0200 (EET)", "from ja.home.ssi.bg (localhost.localdomain [127.0.0.1])\n\tby ja.ssi.bg (8.18.1/8.18.1) with ESMTP id 62NGQX0Q045013;\n\tMon, 23 Mar 2026 18:26:33 +0200", "(from root@localhost)\n\tby ja.home.ssi.bg (8.18.1/8.18.1/Submit) id 62NGQXwf045012;\n\tMon, 23 Mar 2026 18:26:33 +0200" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1774283494; cv=none;\n b=D93gjjMYlNn/mkMPojd0LXN3QpLLO4YcCpB/LQsAij6ir96smxIwLNcLaMJTjnoxkI6SbdYeUWlYJ6j8t9He7FmTt4R2U0MNZ68+oys5XxmBLVF8EQY+r8edTIHYYZ5uOCQU1gB0///eSqWY1ztOJAThub2m/uf+83bkkN9MkOw=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1774283494; c=relaxed/simple;\n\tbh=x44BRjzQGNAYwPbQxrLYFOHS1XnY7WmoYsoke5VXAb8=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=bKstdupXHLYshXRjBtcseZqB9LcEWIzHnIwGzNt5iPQKK41XUjv5IJrVux4nzjhPqUz5uIVDDPx6MutmOzkgYtg6cMkYSjHaPlWUYZTj1TiUZaESEc+/bKLD2n1Xq1CFr7LseiNRg+bOLK9fioaDhiDvycnOhPDktGi7B3I4BYo=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=ssi.bg;\n spf=pass smtp.mailfrom=ssi.bg;\n dkim=pass (4096-bit key) header.d=ssi.bg header.i=@ssi.bg header.b=nxLTfm87;\n arc=none smtp.client-ip=193.238.174.39", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=ssi.bg; h=cc:cc\n\t:content-transfer-encoding:date:from:from:in-reply-to:message-id\n\t:mime-version:references:reply-to:subject:subject:to:to; s=ssi;\n\t bh=fwpWlYQ4SiFTqS1rvN/XlU8rTyCrz1M+rcmOL6knyFU=; b=nxLTfm87DLKq\n\tpYmKCY+B44L0IocBGckExJ6PjB1c0CCCUXVjuvqi8HKObXseXZu8cq/xxvAQKeRY\n\tZiPVll81swrFch5IokqiZJZlwu7U8y0y+QgImVl43BG2KqZX6Py3thQbngLeR3NK\n\tI34b2rDmWpk6NGJmDk/Lpb0C8Co+TEDiwlQcYtIoBktcGLyAl5/H14jJrGZPNd8q\n\tQ5HZJfCNt6S6UQwtJ+Ulqc8cN34WEM5tTVlwk59oYbBZCcrLR7LOTktzqX6fVpiN\n\tUUPXBwXGspVB1u22NIOE9jsPa4rzklnrFD3LZZJgqfHE7ViJ5cPGnawalmcs4UyM\n\tmih6gUT95SPZNsEAC/61M/yzxZQ+eWKRXcs/tccWRD8WMIXKcIils1/xhCQyFgNy\n\tCvI51hImjFUkosFgFzXqp+uJLD3T9pW+UTVgM9jjNDFDr66DNbifSYaOBtXO0A5x\n\t7639N6LnihFU28wISCg/QOX9yCG64BE6Knxi/6LXJTG44YuDxa1xU1BwEnA8eK1G\n\tIxazPtzXwrxg+OZ+7IpoAZd0x8mT8YcHOE0F81bpty6sL9Pyvd9afslGpim2ctY8\n\ttzyfLZ4yT5j9vuQDGsVxXvjQ4LFRXCJAHXgMONSrZLkAMzLl+iNvO++Pqx0/xS4c\n\tweObAw8YM2GL6y1fnuXAKbebQP3INCo=", "From": "Julian Anastasov <ja@ssi.bg>", "To": "Simon Horman <horms@verge.net.au>", "Cc": "Pablo Neira Ayuso <pablo@netfilter.org>, Florian Westphal <fw@strlen.de>,\n lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org,\n Dust Li <dust.li@linux.alibaba.com>,\n Jiejian Wu <jiejian@linux.alibaba.com>", "Subject": "[PATCH nf-next 3/3] ipvs: add conn_lfactor and svc_lfactor sysctl\n vars", "Date": "Mon, 23 Mar 2026 18:25:23 +0200", "Message-ID": "<20260323162523.44964-4-ja@ssi.bg>", "X-Mailer": "git-send-email 2.53.0", "In-Reply-To": "<20260323162523.44964-1-ja@ssi.bg>", "References": "<20260323162523.44964-1-ja@ssi.bg>", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "Allow the default load factor for the connection and service tables\nto be configured.\n\nSigned-off-by: Julian Anastasov <ja@ssi.bg>\n---\n Documentation/networking/ipvs-sysctl.rst | 35 +++++++++++\n net/netfilter/ipvs/ip_vs_ctl.c | 76 ++++++++++++++++++++++++\n 2 files changed, 111 insertions(+)", "diff": "diff --git a/Documentation/networking/ipvs-sysctl.rst b/Documentation/networking/ipvs-sysctl.rst\nindex 3fb5fa142eef..3c43857d7dbd 100644\n--- a/Documentation/networking/ipvs-sysctl.rst\n+++ b/Documentation/networking/ipvs-sysctl.rst\n@@ -29,6 +29,31 @@ backup_only - BOOLEAN\n \tIf set, disable the director function while the server is\n \tin backup mode to avoid packet loops for DR/TUN methods.\n \n+conn_lfactor - INTEGER\n+\tPossible values: -8 (larger table) .. 8 (smaller table)\n+\n+\tDefault: -4\n+\n+\tControls the sizing of the connection hash table based on the\n+\tload factor (number of connections per table buckets):\n+\t\t2^conn_lfactor = nodes / buckets\n+\tAs result, the table grows if load increases and shrinks when\n+\tload decreases in the range of 2^8 - 2^conn_tab_bits (module\n+\tparameter).\n+\tThe value is a shift count where negative values select\n+\tbuckets = (connection hash nodes << -value) while positive\n+\tvalues select buckets = (connection hash nodes >> value). The\n+\tnegative values reduce the collisions and reduce the time for\n+\tlookups but increase the table size. Positive values will\n+\ttolerate load above 100% when using smaller table is\n+\tpreferred with the cost of more collisions. If using NAT\n+\tconnections consider decreasing the value with one because\n+\tthey add two nodes in the hash table.\n+\n+\tExample:\n+\t-4: grow if load goes above 6% (buckets = nodes * 16)\n+\t2: grow if load goes above 400% (buckets = nodes / 4)\n+\n conn_reuse_mode - INTEGER\n \t1 - default\n \n@@ -219,6 +244,16 @@ secure_tcp - INTEGER\n \tThe value definition is the same as that of drop_entry and\n \tdrop_packet.\n \n+svc_lfactor - INTEGER\n+\tPossible values: -8 (larger table) .. 8 (smaller table)\n+\n+\tDefault: -3\n+\n+\tControls the sizing of the service hash table based on the\n+\tload factor (number of services per table buckets). The table\n+\twill grow and shrink in the range of 2^4 - 2^20.\n+\tSee conn_lfactor for explanation.\n+\n sync_threshold - vector of 2 INTEGERs: sync_threshold, sync_period\n \tdefault 3 50\n \ndiff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c\nindex 88c3f145fa4a..df7430639e79 100644\n--- a/net/netfilter/ipvs/ip_vs_ctl.c\n+++ b/net/netfilter/ipvs/ip_vs_ctl.c\n@@ -2439,6 +2439,60 @@ static int ipvs_proc_run_estimation(const struct ctl_table *table, int write,\n \treturn ret;\n }\n \n+static int ipvs_proc_conn_lfactor(const struct ctl_table *table, int write,\n+\t\t\t\t void *buffer, size_t *lenp, loff_t *ppos)\n+{\n+\tstruct netns_ipvs *ipvs = table->extra2;\n+\tint *valp = table->data;\n+\tint val = *valp;\n+\tint ret;\n+\n+\tstruct ctl_table tmp_table = {\n+\t\t.data = &val,\n+\t\t.maxlen = sizeof(int),\n+\t};\n+\n+\tret = proc_dointvec(&tmp_table, write, buffer, lenp, ppos);\n+\tif (write && ret >= 0) {\n+\t\tif (val < -8 || val > 8) {\n+\t\t\tret = -EINVAL;\n+\t\t} else {\n+\t\t\t*valp = val;\n+\t\t\tif (rcu_dereference_protected(ipvs->conn_tab, 1))\n+\t\t\t\tmod_delayed_work(system_unbound_wq,\n+\t\t\t\t\t\t &ipvs->conn_resize_work, 0);\n+\t\t}\n+\t}\n+\treturn ret;\n+}\n+\n+static int ipvs_proc_svc_lfactor(const struct ctl_table *table, int write,\n+\t\t\t\t void *buffer, size_t *lenp, loff_t *ppos)\n+{\n+\tstruct netns_ipvs *ipvs = table->extra2;\n+\tint *valp = table->data;\n+\tint val = *valp;\n+\tint ret;\n+\n+\tstruct ctl_table tmp_table = {\n+\t\t.data = &val,\n+\t\t.maxlen = sizeof(int),\n+\t};\n+\n+\tret = proc_dointvec(&tmp_table, write, buffer, lenp, ppos);\n+\tif (write && ret >= 0) {\n+\t\tif (val < -8 || val > 8) {\n+\t\t\tret = -EINVAL;\n+\t\t} else {\n+\t\t\t*valp = val;\n+\t\t\tif (rcu_dereference_protected(ipvs->svc_table, 1))\n+\t\t\t\tmod_delayed_work(system_unbound_wq,\n+\t\t\t\t\t\t &ipvs->svc_resize_work, 0);\n+\t\t}\n+\t}\n+\treturn ret;\n+}\n+\n /*\n *\tIPVS sysctl table (under the /proc/sys/net/ipv4/vs/)\n *\tDo not change order or insert new entries without\n@@ -2627,6 +2681,18 @@ static struct ctl_table vs_vars[] = {\n \t\t.mode\t\t= 0644,\n \t\t.proc_handler\t= ipvs_proc_est_nice,\n \t},\n+\t{\n+\t\t.procname\t= \"conn_lfactor\",\n+\t\t.maxlen\t\t= sizeof(int),\n+\t\t.mode\t\t= 0644,\n+\t\t.proc_handler\t= ipvs_proc_conn_lfactor,\n+\t},\n+\t{\n+\t\t.procname\t= \"svc_lfactor\",\n+\t\t.maxlen\t\t= sizeof(int),\n+\t\t.mode\t\t= 0644,\n+\t\t.proc_handler\t= ipvs_proc_svc_lfactor,\n+\t},\n #ifdef CONFIG_IP_VS_DEBUG\n \t{\n \t\t.procname\t= \"debug_level\",\n@@ -4854,6 +4920,16 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)\n \ttbl[idx].extra2 = ipvs;\n \ttbl[idx++].data = &ipvs->sysctl_est_nice;\n \n+\tif (unpriv)\n+\t\ttbl[idx].mode = 0444;\n+\ttbl[idx].extra2 = ipvs;\n+\ttbl[idx++].data = &ipvs->sysctl_conn_lfactor;\n+\n+\tif (unpriv)\n+\t\ttbl[idx].mode = 0444;\n+\ttbl[idx].extra2 = ipvs;\n+\ttbl[idx++].data = &ipvs->sysctl_svc_lfactor;\n+\n #ifdef CONFIG_IP_VS_DEBUG\n \t/* Global sysctls must be ro in non-init netns */\n \tif (!net_eq(net, &init_net))\n", "prefixes": [ "nf-next", "3/3" ] }