|
Hello,
This patchset is part 2 of changes that accumulated in
recent time. It is for nf-next and should be applied when the patches
from part 1 are already applied. It contains optimizations and
per-net changes.
All patches here come from the work
"ipvs: per-net tables and optimizations" last posted
on 19 Oct 2025 as v6, with the following changes:
Patch 1 comes from v6/patch 2 without changes
Patch 2 comes from v6/patch 3 with cosmetic change:
- we can not use lockdep_is_held() condition because hlist_bl does
not support such debugging yet, readers can be only under RCU lock.
That is the reason for the rcu_read_lock() in the updating code
in ip_vs_genl_set_cmd().
Patch 3 comes from v6/patch 4 without changes
Patch 4 comes from v6/patch 5 but some of its content was moved
also to part1/patch 2
Patch 5 comes from v6/patch 6 without changes
Patch 6 comes from v6/patch 11 with small changes because
it was moved forward before other patches from part 3 and 4
As result, the following patches will:
* Convert the global __ip_vs_mutex to per-net service_mutex and
switch the service tables to be per-net, cowork by Jiejian Wu and
Dust Li
* Convert some code that walks the service lists to use RCU instead of
the service_mutex
* We used two tables for services (non-fwmark and fwmark), merge them
into single svc_table
* The list for unavailable destinations (dest_trash) holds dsts and
thus dev references causing extra work for the ip_vs_dst_event() dev
notifier handler. Change this by dropping the reference when dest
is removed and saved into dest_trash. The dest_trash will need more
changes to make it light for lookups. TODO.
* On new connection we can do multiple lookups for services by trying
different fallback options. Add more counters for service types, so
that we can avoid unneeded lookups for services.
* The no_cport and dropentry counters can be per-net and also we can
avoid extra conn lookups
Jiejian Wu (1):
ipvs: make ip_vs_svc_table and ip_vs_svc_fwm_table per netns
Julian Anastasov (5):
ipvs: some service readers can use RCU
ipvs: use single svc table
ipvs: do not keep dest_dst after dest is removed
ipvs: use more counters to avoid service lookups
ipvs: no_cport and dropentry counters can be per-net
include/net/ip_vs.h | 39 +++-
net/netfilter/ipvs/ip_vs_conn.c | 64 +++---
net/netfilter/ipvs/ip_vs_core.c | 2 +-
net/netfilter/ipvs/ip_vs_ctl.c | 368 +++++++++++---------------------
net/netfilter/ipvs/ip_vs_est.c | 18 +-
net/netfilter/ipvs/ip_vs_xmit.c | 12 +-
6 files changed, 212 insertions(+), 291 deletions(-)
--
2.53.0
|
