{"id":2219827,"url":"http://patchwork.ozlabs.org/api/covers/2219827/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/cover/20260404153439.30077-1-ja@ssi.bg/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260404153439.30077-1-ja@ssi.bg>","list_archive_url":null,"date":"2026-04-04T15:34:36","name":"[PATCHv2,nf-next,0/3] IPVS changes, part 4 of 4 - extras","submitter":{"id":2825,"url":"http://patchwork.ozlabs.org/api/people/2825/?format=json","name":"Julian Anastasov","email":"ja@ssi.bg"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/cover/20260404153439.30077-1-ja@ssi.bg/mbox/","series":[{"id":498737,"url":"http://patchwork.ozlabs.org/api/series/498737/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=498737","date":"2026-04-04T15:34:36","name":"IPVS changes, part 4 of 4 - extras","version":1,"mbox":"http://patchwork.ozlabs.org/series/498737/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/2219827/comments/","headers":{"Return-Path":"\n <netfilter-devel+bounces-11633-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (4096-bit key;\n unprotected) header.d=ssi.bg header.i=@ssi.bg header.a=rsa-sha256\n header.s=ssi header.b=Kd8lWSuW;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11633-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (4096-bit key) header.d=ssi.bg header.i=@ssi.bg header.b=\"Kd8lWSuW\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=193.238.174.39","smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=ssi.bg","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=ssi.bg"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fp0694zt8z1yCs\n\tfor <incoming@patchwork.ozlabs.org>; Sun, 05 Apr 2026 02:35:29 +1100 (AEDT)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 088FB300CBEC\n\tfor <incoming@patchwork.ozlabs.org>; Sat,  4 Apr 2026 15:35:24 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 00B1A318BB8;\n\tSat,  4 Apr 2026 15:35:23 +0000 (UTC)","from mx.ssi.bg (mx.ssi.bg [193.238.174.39])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 8436C2BE7AC;\n\tSat,  4 Apr 2026 15:35:19 +0000 (UTC)","from mx.ssi.bg (localhost [127.0.0.1])\n\tby mx.ssi.bg (Potsfix) with ESMTP id 8982821C5B;\n\tSat, 04 Apr 2026 18:35:16 +0300 (EEST)","from box.ssi.bg (box.ssi.bg [193.238.174.46])\n\tby mx.ssi.bg (Potsfix) with ESMTPS;\n\tSat, 04 Apr 2026 18:35:15 +0300 (EEST)","from ja.ssi.bg (unknown [213.16.62.126])\n\tby box.ssi.bg (Potsfix) with ESMTPSA id 911716084A;\n\tSat,  4 Apr 2026 18:35:14 +0300 (EEST)","from ja.home.ssi.bg (localhost.localdomain [127.0.0.1])\n\tby ja.ssi.bg (8.18.1/8.18.1) with ESMTP id 634FZDMh030099;\n\tSat, 4 Apr 2026 18:35:13 +0300","(from root@localhost)\n\tby ja.home.ssi.bg (8.18.1/8.18.1/Submit) id 634FZB2A030098;\n\tSat, 4 Apr 2026 18:35:11 +0300"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775316922; cv=none;\n b=BXYbvBq7RGJPTAjeU3mlecpB9zdBjHXw0RR6jPFjVqnSnBj+CuTGgR2S73y7ezx4mBjE6GBVAqyDQtrSWqFh8hlZlEpn5MTgKio4nr/HMHnKTQVblFvxBgvJ0d/uF01/R99XYUc2J0jTHyC5S+3bI2OtImy+5rG0cuG+/0TO2Ns=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775316922; c=relaxed/simple;\n\tbh=iQlocxQMyMWHqFgoHwEOzI6MuxUgC3wX9JEWywdTnCg=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=Y9YhfFlXQbLf/JmBKk3iG9hLQ663qiev6yh8JiXLEp7dEH0/MqxQKH6cP/+0EOBr7yOVUOEwKQs42yQ4hd7CYJztYFa/z2xWz5QXYufS18QDGi54Q4wAnOnfdzmEc+TNlRXw0Vao9S3EXyeJ5HXLqwgmxo4iv2ES23Jo1kJqRgU=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=ssi.bg;\n spf=pass smtp.mailfrom=ssi.bg;\n dkim=pass (4096-bit key) header.d=ssi.bg header.i=@ssi.bg header.b=Kd8lWSuW;\n arc=none smtp.client-ip=193.238.174.39","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=ssi.bg; h=cc:cc\n\t:content-transfer-encoding:date:from:from:message-id\n\t:mime-version:reply-to:subject:subject:to:to; s=ssi; bh=DpCpgUQF\n\tg/lpUnIpTL+BVB0jvTO+SegIe50A7nQF0t0=; b=Kd8lWSuW1FrGgFymepRR3pyj\n\tfurZjOcuPjPoAErwd+Z11GEisBq0LNFK9yueWpcTxwW+ba6efRCNE5qs4XuPKJaf\n\tmsyAdS4cEx+RZpgm9BNkqTjjzeXTjm/wdxxHcUZDjc4rM5I3mbCwdAHrk3/UgQ52\n\tYTeXzuq0Zp7yAyb8ROtVMXtvxWKcMlBDlMAnNgPEuwonsHUbtUKTRc7/7tpPrJBw\n\tSYtxgKAfn5GIyCYPqYqImKsM6B/Jkz4CNsVPA4aLcP9iBmN7UgKaCmepxlGfBlEy\n\t5cxOJQddyUejsTqerbh582R0Qm0xcNa0V3eyLb8c3LKQdcbO3UNpArJ04w3dajC3\n\t538wg0s+XqlJkFnLC/djt8jJ93cW21p5Vk1PsXOb6/sEnrSca0hA9w2Hp+J2Vu90\n\twbTKIcvEOVmr4tcFIUWa/xIoM8kaIGxE9y45uKJFHhXmp4by5W7b0JXuGHw0vNsG\n\tcYeue34Qs/9wZYmnCw+RPYkjxEQUuFWZnbnFWlx9db8762+XXNhnuLDaaIoSAMFI\n\t0qfKrhJTNFZh1iigYxYOqCngq7EGtJnVe/KbRCKtyM3372LK2EjOkkg22s8VFEu3\n\ta6LRfeIaHGWAPU3OpGifRtIvOmBGUsr+5wvcE6FJCwVNQBiK3vveV8+9J6xLSWDN\n\t3Gp+096lz9e+qSFreNA=","From":"Julian Anastasov <ja@ssi.bg>","To":"Simon Horman <horms@verge.net.au>","Cc":"Pablo Neira Ayuso <pablo@netfilter.org>, Florian Westphal <fw@strlen.de>,\n        lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org,\n        Dust Li <dust.li@linux.alibaba.com>,\n        Jiejian Wu <jiejian@linux.alibaba.com>","Subject":"[PATCHv2 nf-next 0/3] IPVS changes, part 4 of 4 - extras","Date":"Sat,  4 Apr 2026 18:34:36 +0300","Message-ID":"<20260404153439.30077-1-ja@ssi.bg>","X-Mailer":"git-send-email 2.53.0","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"Hello,\n\n        This patchset is part 4 of changes that accumulated in\nrecent time. It is for nf-next and should be applied when the\npatches from part 1-3 are already applied. It contains extras\nfor the per-net tables.\n\n        All patches here come from the work\n\"ipvs: per-net tables and optimizations\" last posted\non 19 Oct 2025 as v6, with the following changes:\n\nPatch 1 comes from v6/patch 10 with added get_conn_tab_size() helper\n\nPatch 2 comes from v6/patch 13 with added text for the commit\n\nPatch 3 comes from v6/patch 14 with updated docs\n\n\tAs result, the following patches will:\n\n* As the connection table is not with fixed size, show its current\n  size to user space\n\n* Add /proc/net/ip_vs_status to show current state of IPVS, per-net\n\ncat /proc/net/ip_vs_status\nConns:\t9401\nConn buckets:\t524288 (19 bits, lfactor -5)\nConn buckets empty:\t505633 (96%)\nConn buckets len-1:\t18322 (98%)\nConn buckets len-2:\t329 (1%)\nConn buckets len-3:\t3 (0%)\nConn buckets len-4:\t1 (0%)\nServices:\t12\nService buckets:\t128 (7 bits, lfactor -3)\nService buckets empty:\t116 (90%)\nService buckets len-1:\t12 (100%)\nStats thread slots:\t1 (max 16)\nStats chain max len:\t16\nStats thread ests:\t38400\n\nIt shows the table size, the load factor (2^n), how many are the empty\nbuckets, with percents from the all buckets, the number of buckets\nwith length 1..7 where len-7 catches all len>=7 (zero values are\nnot shown). The len-N percents ignore the empty buckets, so they\nare relative among all len-N buckets. It shows that smaller lfactor\nis needed to achieve len-1 buckets to be ~98%. Only real tests can\nshow if relying on len-1 buckets is a better option because the\nhash table becomes too large with multiple connections. And as\nevery table uses random key, the services may not avoid collision\nin all cases.\n\n* add conn_lfactor and svc_lfactor sysctl vars, so that one can tune\n  the connection/service hash table sizing\n\nv2:\n* patch 1: move RCU read lock into get_conn_tab_size() as\n  suggested by Pablo and Florian\n* patch 3: prefer rcu_access_pointer() over rcu_dereference_protected()\n  as suggested by Florian\n\nJulian Anastasov (3):\n  ipvs: show the current conn_tab size to users\n  ipvs: add ip_vs_status info\n  ipvs: add conn_lfactor and svc_lfactor sysctl vars\n\n Documentation/networking/ipvs-sysctl.rst |  35 ++++\n net/netfilter/ipvs/ip_vs_ctl.c           | 247 ++++++++++++++++++++++-\n 2 files changed, 278 insertions(+), 4 deletions(-)"}