Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > The lockless workqueue garbage collector can race with packet path > garbage collector to delete list nodes. The original connlimit version > did not have a workqueue garbage collector. Let's go back to a more > simplistic approach. I would split it in two phases, one lockless to query the conntrack core, and one locked phase that erases empty nodes. This gets rid of the races as well. As far as other CPUs are concerned, the gc worker is not distinguishable from a cpu that processes another packet in the connlimit packet path.
