On Tue, Jun 26, 2018 at 03:47:31PM -0700, Cong Wang wrote: > On Tue, Jun 26, 2018 at 3:03 PM Flavio Leitner <fbl@xxxxxxxxxx> wrote: > > > > On Tue, Jun 26, 2018 at 02:48:47PM -0700, Cong Wang wrote: > > > On Mon, Jun 25, 2018 at 11:41 PM Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > > > > When a packet is attached to a socket, we should keep the association as much as possible. > > > > > > As much as possible within one stack, I agree. I still don't understand > > > why we should keep it across the stack boundary. > > > > > > > Only when a new association needs to be done, skb_orphan() needs to be called. > > > > > > > > Doing this skb_orphan() too soon breaks back pressure in general, this is bad, since a socket > > > > can evades SO_SNDBUF limits. > > > > > > Right before leaving the stack is not too soon, it is the latest > > > actually, for veth case. > > > > Depends on how you view things - it's the same host/stack sharing the > > same resources, so why should we not keep it? > > Because stacks are supposed to be independent, netdevices are > isolated, iptables and route tables too. This is how netns is designed > from the beginning. The trend today is actually more isolation instead > of more sharing, given the popularity of containers. It is still isolated, the sk carries the netns info and it is orphaned when it re-enters the stack. -- Flavio -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
