Alexey Dobriyan wrote:
On Mon, Jun 16, 2008 at 01:16:00PM +0200, Patrick McHardy wrote:
Alexey Dobriyan wrote:
On Mon, Jun 16, 2008 at 12:26:03PM +0200, Patrick McHardy wrote:
By the way, is there already work done for conntrack/NAT namespace
support? I have this patch that uses marks for something very similar
that should be easy to adjust.
Yes, right now I'm fighting something which looks like double free
of conntrack during clone(CLONE_NEWNET)/exit test despite none created
in netns. And unknown to me dimensions of input and output packet
codepaths.
:^)
Preliminaty details:
struct nf_conn::ct_net which pins netns
Ouch, now that I have converted conntracking code, "pins netns" part is
really stupid, just background traffic on network will prevent netns from
destroying.
Can't you do active cleanup instead of pinning the namespace?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
