Alexey Dobriyan wrote:
Hi, patchbomb below makes significant parts of connection tracking and NAT code usable in netns and independent from other netns. Status is that it is lightly tested but more or less works, I used it on a box which provides NAT for another with all netdevices moved to netns, routing and iptables rules set up and rules flushed in init_net.
OK, I assume "Do not apply" applies to all patches then.
So far so good. Weak points: a) races during netns destruction or conntrack modules unload (see more in patches) b) grabbing netns from skb->dev or skb->dst->dev these places should be checked with extreme scrunity :-\
Will do.
c) some stuff not converted (pptp, h323) -- it's like 10 minutes to make a patch and full day to setup and test it :^) d) IPv6 conntracking wasn't tested.
>
e) ordering probably should be redone (or it shouldn't since netfilter is banned in netns as is, so nobody will care)
I think its most important that its bisectable for the non-ns case. So thats OK. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
