Jon Masters wrote: > On Thu, 2010-02-04 at 18:04 +0100, Patrick McHardy wrote: >>> How about alternatively moving nf_conntrack_hsize into the >>> per-namespace struct? It doesn't look more complicated or >>> intrusive and would allow to still change the init_net >>> hashsize. Also seems less hackish :) >> How about this (so far untested) patch? The htable_size is moved into >> the per-namespace struct and initialized from the current (global) >> value of nf_conntrack_htable_size. Changes through sysfs are still >> permitted, but only affect the init namespace and newly created ones. > > I moved the random seed into the per-ns context aswell. I think that's > better than having a global one, and you don't need to rehash all. That's another possibility. But we don't loose anything by not reseeding during resize. It also shouldn't be possible to determine the seed from userspace in a namespace, so there's no real need to use seperate values. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
