Jon Masters wrote: > On Fri, 2010-02-05 at 11:03 +0100, Patrick McHardy wrote: >> Jon Masters wrote: >>> On Thu, 2010-02-04 at 18:04 +0100, Patrick McHardy wrote: >>>>> How about alternatively moving nf_conntrack_hsize into the >>>>> per-namespace struct? It doesn't look more complicated or >>>>> intrusive and would allow to still change the init_net >>>>> hashsize. Also seems less hackish :) >>>> How about this (so far untested) patch? The htable_size is moved into >>>> the per-namespace struct and initialized from the current (global) >>>> value of nf_conntrack_htable_size. Changes through sysfs are still >>>> permitted, but only affect the init namespace and newly created ones. >>> I moved the random seed into the per-ns context aswell. I think that's >>> better than having a global one, and you don't need to rehash all. >> That's another possibility. But we don't loose anything by not >> reseeding during resize. It also shouldn't be possible to determine >> the seed from userspace in a namespace, so there's no real need >> to use seperate values. > > Right, the risk there is hypothetical at best. But there's little lost > in putting it in per-ns and then you can rehash and truly make them > independent, which I think is really what netns is all about. I don't disagree, but currently I'm trying to go for a minimal version thats suitable for 2.6.33. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
