Stephen Hemminger wrote: > Can this be made conditional on network namespaces being configured on? > That way the flow structure won't have to grow taking more space. > It matters in DoS attacks where flow cache becomes a critical resource. could you exactly point me out the flow cache your are talking about. Is this dst entry cache or struct flow_cache described in the net/core/flow.c For the latter case, there is completely no difference in the size on my x86_64 host with SLAB allocator, i.e. there are 30 objects per slab with/without fl_net (objsize = 128). Regards, Den _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
