{"id":2219829,"url":"http://patchwork.ozlabs.org/api/patches/2219829/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260404153439.30077-4-ja@ssi.bg/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260404153439.30077-4-ja@ssi.bg>","list_archive_url":null,"date":"2026-04-04T15:34:39","name":"[PATCHv2,nf-next,3/3] ipvs: add conn_lfactor and svc_lfactor sysctl vars","commit_ref":null,"pull_url":null,"state":"under-review","archived":false,"hash":"ce345de3908643b91cbae461e4eef652bbb6b1f6","submitter":{"id":2825,"url":"http://patchwork.ozlabs.org/api/people/2825/?format=json","name":"Julian Anastasov","email":"ja@ssi.bg"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260404153439.30077-4-ja@ssi.bg/mbox/","series":[{"id":498737,"url":"http://patchwork.ozlabs.org/api/series/498737/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=498737","date":"2026-04-04T15:34:36","name":"IPVS changes, part 4 of 4 - extras","version":1,"mbox":"http://patchwork.ozlabs.org/series/498737/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2219829/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2219829/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (4096-bit key;\n unprotected) header.d=ssi.bg header.i=@ssi.bg header.a=rsa-sha256\n header.s=ssi header.b=Fj5SuTR2;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c09:e001:a7::12fc:5321; helo=sto.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11635-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (4096-bit key) header.d=ssi.bg header.i=@ssi.bg header.b=\"Fj5SuTR2\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=193.238.174.39","smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=ssi.bg","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=ssi.bg"],"Received":["from sto.lore.kernel.org (sto.lore.kernel.org\n [IPv6:2600:3c09:e001:a7::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fp08c4n9wz1yCs\n\tfor ; Sun, 05 Apr 2026 02:37:36 +1100 (AEDT)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id 9BF2E30058F5\n\tfor ; Sat, 4 Apr 2026 15:37:33 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id DBA563191BB;\n\tSat, 4 Apr 2026 15:37:32 +0000 (UTC)","from mx.ssi.bg (mx.ssi.bg [193.238.174.39])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id CE8532765D7;\n\tSat, 4 Apr 2026 15:37:29 +0000 (UTC)","from mx.ssi.bg (localhost [127.0.0.1])\n\tby mx.ssi.bg (Potsfix) with ESMTP id 2F8A521C5D;\n\tSat, 04 Apr 2026 18:37:21 +0300 (EEST)","from box.ssi.bg (box.ssi.bg [193.238.174.46])\n\tby mx.ssi.bg (Potsfix) with ESMTPS;\n\tSat, 04 Apr 2026 18:37:19 +0300 (EEST)","from ja.ssi.bg (unknown [213.16.62.126])\n\tby box.ssi.bg (Potsfix) with ESMTPSA id 3866D60F6C;\n\tSat, 4 Apr 2026 18:37:20 +0300 (EEST)","from ja.home.ssi.bg (localhost.localdomain [127.0.0.1])\n\tby ja.ssi.bg (8.18.1/8.18.1) with ESMTP id 634FZD3p030111;\n\tSat, 4 Apr 2026 18:35:13 +0300","(from root@localhost)\n\tby ja.home.ssi.bg (8.18.1/8.18.1/Submit) id 634FZDmJ030110;\n\tSat, 4 Apr 2026 18:35:13 +0300"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775317051; cv=none;\n b=QpvQCjujcMuRj9fc+t++iI/CS6+PTyPzcq64fe2FVEYZQswscpTDpQPkXLmjnWt6E8MdrA/3ujueE63diDOMa4V2s18jSimFp2ewLL+ucBjkn1bBIcjiVzBiHKXNrEQJOjHZiGLqEW3OdqApX0atNApdvLiJm2AevsdIPcEq5JM=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775317051; c=relaxed/simple;\n\tbh=0AcHdYKpyk/ve/9v5b85h8vnpiXNF3Q9qnlCZnmbjkw=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=nWpC6L+y+vQN/RvjaxOg0gIhh1LaA2OUr7wFXea+2f4hKKEv9ToIKW6eeyB1HJJJ60M3Uo24LHRMUi/zj9JxeqqSYnn4kRVQ+xlF8A2zMSdjsPbwxFV5wA4zGDBr+nsx6AaXOWZCris3JgN/MMn0k5vsf4/TIVPG00ByFSVD2wQ=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=reject dis=none) header.from=ssi.bg;\n spf=pass smtp.mailfrom=ssi.bg;\n dkim=pass (4096-bit key) header.d=ssi.bg header.i=@ssi.bg header.b=Fj5SuTR2;\n arc=none smtp.client-ip=193.238.174.39","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=ssi.bg; h=cc:cc\n\t:content-transfer-encoding:date:from:from:in-reply-to:message-id\n\t:mime-version:references:reply-to:subject:subject:to:to; s=ssi;\n\t bh=IKNtC3sWk8fs5vW+4pGmB7vsVE293oMtstHYJtbH/vQ=; b=Fj5SuTR25w/N\n\tkV55J/OGidU6pSKF0mRyaEuRkNaoYUSk0rhyh3UrRQANFYd6FVJzCnSkXDno1VI7\n\tXIlLte5eHI0ErwyLRXaECGJdb634s91fCU09x5arUrc8QyLvVbo3cO15eFtGrkYT\n\tKeaCGCXkJIMHAljKN3HEHDwvrNHkvX4LGtAJnM2oLj5QCHGJgb1OtRzqvZAwk9Xa\n\tN7m3xQG7iOflL4Awn6augE2kuN9DoJK4eLmf8C19QXrKdVjs+kPhvFhyMEPvCQEc\n\t/YgOUweTxAU1xMpmPu9e4B+yQtG8lqmHOck1lGiMg3uVsC01wtYw16fpjHKdBDMf\n\tbqNeAEhB8JRjzVeAYrYK7XLczbax1WAbvUHL6xUWpvc4Su9v3UAPAc8whwyVXxTd\n\tjS+u24jd+1N/yICxpM04SIcQuaRfWmSW2Fw7KNqnCRifZHszN5TtdVdJ/K/+/Zb8\n\t4qdGxHKDBIDel2zt0KAdImtBHseYHvrw/6QY+v5NDfMr0lQP4jC87dPIOfF1K32C\n\txRR4oa/Vlb4Xtrq5nDB+qESjeOHSjuVJfmBSau7OZNDXVoQKwNwT4qFIw/Mc8YPN\n\tw28hl8JGvUpr/QbHKIBYl783PpzqeJa05kRfj0ZjDD5+fXc6Lu6jDgqCAGa7COGN\n\trSAZ6ctU5+Otx6tKIbt+fsXMpr+Apqg=","From":"Julian Anastasov ","To":"Simon Horman ","Cc":"Pablo Neira Ayuso , Florian Westphal ,\n lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org,\n Dust Li ,\n Jiejian Wu ","Subject":"[PATCHv2 nf-next 3/3] ipvs: add conn_lfactor and svc_lfactor sysctl\n vars","Date":"Sat, 4 Apr 2026 18:34:39 +0300","Message-ID":"<20260404153439.30077-4-ja@ssi.bg>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260404153439.30077-1-ja@ssi.bg>","References":"<20260404153439.30077-1-ja@ssi.bg>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"Allow the default load factor for the connection and service tables\nto be configured.\n\nSigned-off-by: Julian Anastasov \n---\n Documentation/networking/ipvs-sysctl.rst | 35 +++++++++++\n net/netfilter/ipvs/ip_vs_ctl.c | 76 ++++++++++++++++++++++++\n 2 files changed, 111 insertions(+)","diff":"diff --git a/Documentation/networking/ipvs-sysctl.rst b/Documentation/networking/ipvs-sysctl.rst\nindex 3fb5fa142eef..3c43857d7dbd 100644\n--- a/Documentation/networking/ipvs-sysctl.rst\n+++ b/Documentation/networking/ipvs-sysctl.rst\n@@ -29,6 +29,31 @@ backup_only - BOOLEAN\n \tIf set, disable the director function while the server is\n \tin backup mode to avoid packet loops for DR/TUN methods.\n \n+conn_lfactor - INTEGER\n+\tPossible values: -8 (larger table) .. 8 (smaller table)\n+\n+\tDefault: -4\n+\n+\tControls the sizing of the connection hash table based on the\n+\tload factor (number of connections per table buckets):\n+\t\t2^conn_lfactor = nodes / buckets\n+\tAs result, the table grows if load increases and shrinks when\n+\tload decreases in the range of 2^8 - 2^conn_tab_bits (module\n+\tparameter).\n+\tThe value is a shift count where negative values select\n+\tbuckets = (connection hash nodes << -value) while positive\n+\tvalues select buckets = (connection hash nodes >> value). The\n+\tnegative values reduce the collisions and reduce the time for\n+\tlookups but increase the table size. Positive values will\n+\ttolerate load above 100% when using smaller table is\n+\tpreferred with the cost of more collisions. If using NAT\n+\tconnections consider decreasing the value with one because\n+\tthey add two nodes in the hash table.\n+\n+\tExample:\n+\t-4: grow if load goes above 6% (buckets = nodes * 16)\n+\t2: grow if load goes above 400% (buckets = nodes / 4)\n+\n conn_reuse_mode - INTEGER\n \t1 - default\n \n@@ -219,6 +244,16 @@ secure_tcp - INTEGER\n \tThe value definition is the same as that of drop_entry and\n \tdrop_packet.\n \n+svc_lfactor - INTEGER\n+\tPossible values: -8 (larger table) .. 8 (smaller table)\n+\n+\tDefault: -3\n+\n+\tControls the sizing of the service hash table based on the\n+\tload factor (number of services per table buckets). The table\n+\twill grow and shrink in the range of 2^4 - 2^20.\n+\tSee conn_lfactor for explanation.\n+\n sync_threshold - vector of 2 INTEGERs: sync_threshold, sync_period\n \tdefault 3 50\n \ndiff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c\nindex b536799a725f..bc351e57a30c 100644\n--- a/net/netfilter/ipvs/ip_vs_ctl.c\n+++ b/net/netfilter/ipvs/ip_vs_ctl.c\n@@ -2446,6 +2446,60 @@ static int ipvs_proc_run_estimation(const struct ctl_table *table, int write,\n \treturn ret;\n }\n \n+static int ipvs_proc_conn_lfactor(const struct ctl_table *table, int write,\n+\t\t\t\t void *buffer, size_t *lenp, loff_t *ppos)\n+{\n+\tstruct netns_ipvs *ipvs = table->extra2;\n+\tint *valp = table->data;\n+\tint val = *valp;\n+\tint ret;\n+\n+\tstruct ctl_table tmp_table = {\n+\t\t.data = &val,\n+\t\t.maxlen = sizeof(int),\n+\t};\n+\n+\tret = proc_dointvec(&tmp_table, write, buffer, lenp, ppos);\n+\tif (write && ret >= 0) {\n+\t\tif (val < -8 || val > 8) {\n+\t\t\tret = -EINVAL;\n+\t\t} else {\n+\t\t\t*valp = val;\n+\t\t\tif (rcu_access_pointer(ipvs->conn_tab))\n+\t\t\t\tmod_delayed_work(system_unbound_wq,\n+\t\t\t\t\t\t &ipvs->conn_resize_work, 0);\n+\t\t}\n+\t}\n+\treturn ret;\n+}\n+\n+static int ipvs_proc_svc_lfactor(const struct ctl_table *table, int write,\n+\t\t\t\t void *buffer, size_t *lenp, loff_t *ppos)\n+{\n+\tstruct netns_ipvs *ipvs = table->extra2;\n+\tint *valp = table->data;\n+\tint val = *valp;\n+\tint ret;\n+\n+\tstruct ctl_table tmp_table = {\n+\t\t.data = &val,\n+\t\t.maxlen = sizeof(int),\n+\t};\n+\n+\tret = proc_dointvec(&tmp_table, write, buffer, lenp, ppos);\n+\tif (write && ret >= 0) {\n+\t\tif (val < -8 || val > 8) {\n+\t\t\tret = -EINVAL;\n+\t\t} else {\n+\t\t\t*valp = val;\n+\t\t\tif (rcu_access_pointer(ipvs->svc_table))\n+\t\t\t\tmod_delayed_work(system_unbound_wq,\n+\t\t\t\t\t\t &ipvs->svc_resize_work, 0);\n+\t\t}\n+\t}\n+\treturn ret;\n+}\n+\n /*\n *\tIPVS sysctl table (under the /proc/sys/net/ipv4/vs/)\n *\tDo not change order or insert new entries without\n@@ -2634,6 +2688,18 @@ static struct ctl_table vs_vars[] = {\n \t\t.mode\t\t= 0644,\n \t\t.proc_handler\t= ipvs_proc_est_nice,\n \t},\n+\t{\n+\t\t.procname\t= \"conn_lfactor\",\n+\t\t.maxlen\t\t= sizeof(int),\n+\t\t.mode\t\t= 0644,\n+\t\t.proc_handler\t= ipvs_proc_conn_lfactor,\n+\t},\n+\t{\n+\t\t.procname\t= \"svc_lfactor\",\n+\t\t.maxlen\t\t= sizeof(int),\n+\t\t.mode\t\t= 0644,\n+\t\t.proc_handler\t= ipvs_proc_svc_lfactor,\n+\t},\n #ifdef CONFIG_IP_VS_DEBUG\n \t{\n \t\t.procname\t= \"debug_level\",\n@@ -4854,6 +4920,16 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)\n \ttbl[idx].extra2 = ipvs;\n \ttbl[idx++].data = &ipvs->sysctl_est_nice;\n \n+\tif (unpriv)\n+\t\ttbl[idx].mode = 0444;\n+\ttbl[idx].extra2 = ipvs;\n+\ttbl[idx++].data = &ipvs->sysctl_conn_lfactor;\n+\n+\tif (unpriv)\n+\t\ttbl[idx].mode = 0444;\n+\ttbl[idx].extra2 = ipvs;\n+\ttbl[idx++].data = &ipvs->sysctl_svc_lfactor;\n+\n #ifdef CONFIG_IP_VS_DEBUG\n \t/* Global sysctls must be ro in non-init netns */\n \tif (!net_eq(net, &init_net))\n","prefixes":["PATCHv2","nf-next","3/3"]}