Eyal Birger <eyal.birger@xxxxxxxxx> wrote:
> In Commit 4608fdfc07e1 ("netfilter: conntrack: collect all entries in one cycle")
> conntrack gc was changed to run periodically every 2 minutes.
>
> On systems handling many UDP connections, this leads to bursts of session
> termination handling.
>
> As suggested in the original commit, provide the ability to control the gc
> interval using a sysctl knob.
Apologies, I was afk and could not respond sooner.
I'd like to propose an additional knob that allows to switch to partial
scan to spread netlink event bursts.
Its largely identical to this proposed change.
Will submit a patch soon and put you on CC.
