Alexey Dobriyan wrote:
> Make per-netns a) expectation hash and b) expectations count.
>
> Expectations always belongs to netns to which it's master conntrack belong.
> This is natural and doesn't bloat expectation.
>
> Proc files and leaf users are stubbed to init_net, this is temporary.
Looks fine, applied.
> @@ -406,7 +404,7 @@ int nf_ct_expect_related(struct nf_conntrack_expect *expect)
> }
> }
>
> - if (nf_ct_expect_count >= nf_ct_expect_max) {
> + if (net->ct.expect_count >= nf_ct_expect_max) {
> if (net_ratelimit())
> printk(KERN_WARNING
> "nf_conntrack: expectation table full\n");
I assume these message are globally visible even with namespaces?
Can we make this (and the corresponding ct hash message) refer to
the namespace? Otherwise it might be a bit confusing.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
