Rainer Weikusat <rw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:
> Patrick McHardy <kaber@xxxxxxxxx> writes:
[...]
>>> +#define INSTANCE_BUCKETS 16
>>> +
>>> +struct nfulnl_instances {
>>> + spinlock_t lock;
>>> + atomic_t global_seq;
>>> + struct hlist_head table[INSTANCE_BUCKETS];
>>> + unsigned hash_init;
>>> +#ifdef NET_NS
>>> + struct net *net;
>>> +#endif
>>> +};
>>> +
>>> struct nfulnl_instance {
>>> struct hlist_node hlist; /* global list of instances */
>>> spinlock_t lock;
>>> @@ -67,14 +85,92 @@ struct nfulnl_instance {
>>> u_int16_t flags;
>>> u_int8_t copy_mode;
>>> struct rcu_head rcu;
>>> +#ifdef NET_NS
>>> + struct nfulnl_instances *instances;
>>> +#endif
>>
>> This seems odd, the usual way is to add the global data to the
>> net-ns structure.
>
> Since a facility for having 'per subsystem' network namespace specific
> data exists, there seems to be little reason to not use it.
An additional remark: There is actually a reason for using it, namely,
'adding global data to the net-ns structure' implies that this
structure has to contain per-module data of modules which aren't
loaded, while using 'generic net pointers' enables this data to be
allocated/ deallocated on module load/ unload.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
