On 12/28/12 11:52, canqun zhang wrote: > Hi all > As discussed above,if the host machine create several linux > containers, there will be several net namespaces.Resources with "nf > conntrack" are registered or unregistered on the first net > namespace(init_net),But init_net is not unregistered lastly,so > cleanuping other net namespaces will triger painic. > If net namespaces are created with the order of 1,2,...n,they should > be cleaned with the order of n,...2,1,so in this case init_net will be > unregistered lastly. > I fixed it up (see below). I have taken a lot of test! > I thinks this BUG is a netfilter BUG,not a netns BUG. Other subsystems implemented netns support don't use init_net to do some special works((un)register/(un)set). In fact,we can't use init_net to do this job well.such as function nf_conntrack_clean,we shoud set ip_ct_attach to NULL before any netns doing cleanup jobs, and set nf_ct_destroy to NULL after all of netns finish these cleanup jobs. So I think finally we still need this patchset,And this is a regular way to fix this problem. Can you help me to test if the panic bug is fixed by this patchset? and then give me your tested-by? thank you very much! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
