netfilter: conntrack: restart gc immediately if GC_MAX_EVICTS is reached
authorNicolas Dichtel <nicolas.dichtel@6wind.com>
Tue, 18 Oct 2016 12:37:32 +0000 (14:37 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 20 Oct 2016 17:59:53 +0000 (19:59 +0200)
When the maximum evictions number is reached, do not wait 5 seconds before
the next run.

CC: Florian Westphal <fw@strlen.de>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_core.c

index ba6a1d4212225f5ff735eed006e12b3a244a5076..df2f5a3901dfce580e051bf9a52d2e71da0f8e9b 100644 (file)
@@ -983,7 +983,7 @@ static void gc_worker(struct work_struct *work)
                return;
 
        ratio = scanned ? expired_count * 100 / scanned : 0;
-       if (ratio >= 90)
+       if (ratio >= 90 || expired_count == GC_MAX_EVICTS)
                next_run = 0;
 
        gc_work->last_bucket = i;