ok, I can help you take a test, please send a big patch container this patchset to my email. 2012/12/28 Gao feng <gaofeng@xxxxxxxxxxxxxx>: > On 12/28/12 11:52, canqun zhang wrote: >> Hi all >> As discussed above,if the host machine create several linux >> containers, there will be several net namespaces.Resources with "nf >> conntrack" are registered or unregistered on the first net >> namespace(init_net),But init_net is not unregistered lastly,so >> cleanuping other net namespaces will triger painic. >> If net namespaces are created with the order of 1,2,...n,they should >> be cleaned with the order of n,...2,1,so in this case init_net will be >> unregistered lastly. >> I fixed it up (see below). I have taken a lot of test! >> > > I thinks this BUG is a netfilter BUG,not a netns BUG. > Other subsystems implemented netns support don't use init_net to > do some special works((un)register/(un)set). > > In fact,we can't use init_net to do this job well.such as function > nf_conntrack_clean,we shoud set ip_ct_attach to NULL before any > netns doing cleanup jobs, and set nf_ct_destroy to NULL after all of > netns finish these cleanup jobs. > > So I think finally we still need this patchset,And this is a regular > way to fix this problem. > > Can you help me to test if the panic bug is fixed by this patchset? > and then give me your tested-by? > > thank you very much! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
