On Tue, Sep 09, 2008 at 09:51:56AM +0200, Patrick McHardy wrote: > Alexey Dobriyan wrote: >> On Tue, Sep 09, 2008 at 09:20:42AM +0200, Patrick McHardy wrote: >>> Having multiple of these net_eq checks per function (14 total) is >>> not a very nice way to do this. >> >> Yep, I was just afraid of some subtle ordering rules and to keep >> potential init_net breakage to minimum. > > Me too, but I still prefer to do it properly once. > >>> How about splitting the code into a netns and a global part instead? >> >> Prebably they aren't strict at all. > > Not particulary. For cleanup a three stage approach with > > 1. init_net deactivation (ip_ct_attach = NULL) > 2. generic netns cleanup > 3. init_net specific final cleanup (slab cache, nf_conntrack_cachep, > accounting, helpers, protocols, ...) > > should work fine. > > The initialization should be OK with just a init_net part > and a generic netns part. Ugh, I'm still finding the least ugly way to put init_net checks, and it's better to do it at the very end. So, slight reordering. See per-netns statistics, nf_conntrack_count, nf_conntrack_checksum, nf_conntrack_log_invalid and accounting. The rest (SIP, H323, GRE, PPTP, per-netns NAT) remains the same and can be applied independently of init_net checks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
