Re: [PATCH nf-next] ipvs: add conn_max sysctl to limit connections

To:	Simon Horman <horms@xxxxxxxxxxxx>
Subject:	Re: [PATCH nf-next] ipvs: add conn_max sysctl to limit connections
Cc:	Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>, Florian Westphal <fw@xxxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxx
From:	Julian Anastasov <ja@xxxxxx>
Date:	Fri, 22 May 2026 17:42:46 +0300 (EEST)

        Hello,

On Fri, 22 May 2026, Julian Anastasov wrote:

> Currently, we are using atomic_t to track the number of
> connections. On 64-bit setups with large memory there is
> a risk this counter to overflow. Also, setups with many
> containers may need to tune the limit for connections.
> 
> Add sysctl control to limit the number of connections to
> 1,073,741,824 (64-bit) and 16,777,216 (32-bit).
> Depending on the admin's privilege, the value is
> used to change a soft or hard limit allowing
> unprivileged admins to change the soft limit in
> range determined by privileged admins.
> 
> Signed-off-by: Julian Anastasov <ja@xxxxxx>

        Will send v2 to address the feedback by Sashiko.

https://sashiko.dev/#/patchset/20260522105546.13732-1-ja%40ssi.bg

pw-bot: changes-requested

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH nf-next] ipvs: add conn_max sysctl to limit connections, Julian Anastasov Re: [PATCH nf-next] ipvs: add conn_max sysctl to limit connections, Julian Anastasov <=

Previous by Date:	[PATCH nf-next] ipvs: add conn_max sysctl to limit connections, Julian Anastasov
Next by Date:	Re: [PATCH] ipvs: Use flexible array for MH lookup table, Julian Anastasov
Previous by Thread:	[PATCH nf-next] ipvs: add conn_max sysctl to limit connections, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]