canqun zhang <canqunzhang@xxxxxxxxx> writes: > Hi all > As discussed above,if the host machine create several linux > containers, there will be several net namespaces.Resources with "nf > conntrack" are registered or unregistered on the first net > namespace(init_net),But init_net is not unregistered lastly,so > cleanuping other net namespaces will triger painic. > If net namespaces are created with the order of 1,2,...n,they should > be cleaned with the order of n,...2,1,so in this case init_net will be > unregistered lastly. No. Network namespaces in general can be cleaned up in any order. In particular you should never ever expect to see the order n,n-1,n-2,...,2,1. It may make sense to special case init_net in the cleanup order but I would really rather not. Now init_net is special and really should never be cleaned up for non-modular code. So it almost makes sense to special case init_net. Does anyone know why Alexy decided to do this only for init_net? My inclination is that Gao Feng is on the rigt path by just removing the strange init_net special case and performing the work once per module load, and once per module unload. > I fixed it up (see below). I have taken a lot of test! Thank you. It is nice to see that we have exposed this mis-assumption. I am inclined to leave the order of this list as is so that other assumptions of network namespace unregistration order are exposed. Unless there is a truly good reason to perform magic on init_net. Eric > diff -r 6a1a258923f5 -r 2667e89e6f50 net/core/net_namespace.c > --- a/net/core/net_namespace.c Fri Dec 28 11:01:17 2012 +0800 > +++ b/net/core/net_namespace.c Fri Dec 28 11:05:12 2012 +0800 > @@ -450,7 +450,7 @@ > > list_del(&ops->list); > for_each_net(net) > - list_add_tail(&net->exit_list, &net_exit_list); > + list_add(&net->exit_list, &net_exit_list); > ops_exit_list(ops, &net_exit_list); > ops_free_list(ops, &net_exit_lis > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
