On Wed, 2010-02-03 at 21:09 +0200, Alexey Dobriyan wrote: > On Wed, Feb 03, 2010 at 01:38:09PM -0500, Jon Masters wrote: > > *). Per namespace cacheing allocation (the cachep bits). We know it's > > still possible for weirdness to happen in the SLAB cache here. > > Tiny race, needs reproducer. Maybe. I think it's worth fixing anyway. > > *). Per namespace hashsize tracking. Existing code corrupts hashtables > > if the global size is changed when there is more than one netns > > I think, no. > Changing hash size will change hashsize for all netns, current and future. Nope. Look at the logic in nf_conntrack_set_hashsize where you iterate over init_net.ct.hash but don't touch other namespaces. So then you go setting nf_conntrack_htable_size and will deference that in accessing other per-namespace hashtables using the wrong size information. > > *). Per namespace expectations. This is for similar reasons to the need > > for multiple hashtables, though I haven't poked at that. > > Expectation cache is not SLAB_DESTROY_BY_RCU, so the logic doesn't > apply, I hope. I'm not sure, I didn't poke at that much yet. But hashtables certainly need fixing unless you can point out where I'm wrong. > > I also think it is necessary to expose net namespace layout > > Not necessary. Why? How am I as a sysadmin supposed to figure out which net namespaces exist on my system, and as a developer, supposed to debug these situations? Jon. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
