Florian Westphal <fw@xxxxxxxxx> wrote:
> We already include netns address in the hash and compare the netns pointers
> during lookup, so even if namespaces have overlapping addresses entries
> will be spread across the table.
>
> Assuming 64k bucket size, this change saves 0.5 mbyte per namespace on a
> 64bit system.
>
> NAT bysrc and expectation hash is still per namespace, those will
> changed too soon.
>
> Future patch will also make conntrack object slab cache global again.
>
> @@ -1527,7 +1528,6 @@ i_see_dead_people:
> }
>
> list_for_each_entry(net, net_exit_list, exit_list) {
> - nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size);
Removing this is ok, but nf_ct_free_hashtable() must now be called in
nf_conntrack_cleanup_end().
I'll wait with v2 for a couple of days.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
