Alexey Dobriyan wrote: > Heh, last minute proof-reading of this patch made me think, > that this is actually unneeded, simply because "ct" pointers will be > different for different conntracks in different netns, just like they > are different in one netns. > > Not so sure anymore. Its necessary because the cache needs to be flushed on netns exit and this is only allowed while its not in use anymore. I don't see anything in this series actually making sure nothing hits the cache on exit though. Am I missing something? Additionally (I might have missed a following patch moving it out though) this doesn't belong in the netns exit path: void nf_conntrack_cleanup(struct net *net) { rcu_assign_pointer(ip_ct_attach, NULL); ... rcu_assign_pointer(nf_ct_destroy, NULL); _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers