Patrick McHardy wrote:
Alexey Dobriyan wrote:
On Tue, Sep 09, 2008 at 08:12:27AM +0200, Patrick McHardy wrote:
Alexey Dobriyan wrote:
Heh, last minute proof-reading of this patch made me think,
that this is actually unneeded, simply because "ct" pointers will be
different for different conntracks in different netns, just like they
are different in one netns.
Not so sure anymore.
Its necessary because the cache needs to be flushed on netns exit
and this is only allowed while its not in use anymore.
I don't see anything in this series actually making sure nothing
hits the cache on exit though. Am I missing something?
When netns refcount hits zero, netdevices in it will start dropping
packets.
And there is synchronize_net() call before cache flush.
I think this is enough.
Thanks for the explanation, I have a closer look at this.
Yes, that looks fine. Applied, thanks.
BTW, doesn't __vlan_hwaccel_rx() also needs a netns_alive() check
to avoid passing packets to AF_PACKET sockets in dead namespaces?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
