Alexey Dobriyan wrote:
On Tue, Sep 09, 2008 at 08:12:27AM +0200, Patrick McHardy wrote:
Alexey Dobriyan wrote:
Heh, last minute proof-reading of this patch made me think,
that this is actually unneeded, simply because "ct" pointers will be
different for different conntracks in different netns, just like they
are different in one netns.
Not so sure anymore.
Its necessary because the cache needs to be flushed on netns exit
and this is only allowed while its not in use anymore.
I don't see anything in this series actually making sure nothing
hits the cache on exit though. Am I missing something?
When netns refcount hits zero, netdevices in it will start dropping packets.
And there is synchronize_net() call before cache flush.
I think this is enough.
Thanks for the explanation, I have a closer look at this.
Additionally (I might have missed a following patch moving it
out though) this doesn't belong in the netns exit path:
void nf_conntrack_cleanup(struct net *net)
{
rcu_assign_pointer(ip_ct_attach, NULL);
...
rcu_assign_pointer(nf_ct_destroy, NULL);
This is dealt with in 17/33
Have you got 18/33, archives show it's missing?
There are two patches labeled 17/33, I assume the second one is
actually 18/33.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html