On Fri, 2010-02-05 at 11:03 +0100, Patrick McHardy wrote: > Jon Masters wrote: > > On Thu, 2010-02-04 at 18:04 +0100, Patrick McHardy wrote: > >>> How about alternatively moving nf_conntrack_hsize into the > >>> per-namespace struct? It doesn't look more complicated or > >>> intrusive and would allow to still change the init_net > >>> hashsize. Also seems less hackish :) > >> How about this (so far untested) patch? The htable_size is moved into > >> the per-namespace struct and initialized from the current (global) > >> value of nf_conntrack_htable_size. Changes through sysfs are still > >> permitted, but only affect the init namespace and newly created ones. > > > > I moved the random seed into the per-ns context aswell. I think that's > > better than having a global one, and you don't need to rehash all. > > That's another possibility. But we don't loose anything by not > reseeding during resize. It also shouldn't be possible to determine > the seed from userspace in a namespace, so there's no real need > to use seperate values. Right, the risk there is hypothetical at best. But there's little lost in putting it in per-ns and then you can rehash and truly make them independent, which I think is really what netns is all about. Jon. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
