lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 9 Sep 2017 09:25:40 +0800
From:   严海双 <>
To:     Cong Wang <>
Cc:     "David S. Miller" <>,
        Alexey Kuznetsov <>,
        Hideaki YOSHIFUJI <>,
        Eric Dumazet <>,
        Linux Kernel Network Developers <>,
        LKML <>
Subject: Re: [PATCH] ipv4: Namespaceify tcp_max_orphans knob

> On 2017年9月9日, at 上午6:13, Cong Wang <> wrote:
> On Wed, Sep 6, 2017 at 8:10 PM, Haishuang Yan
> <> wrote:
>> Different namespace application might require different maximal number
>> of TCP sockets independently of the host.
> So after your patch we could have N * net->ipv4.sysctl_tcp_max_orphans
> in a whole system, right? This just makes OOM easier to trigger.

>From my understanding, before the patch, we had N * net->ipv4.sysctl_tcp_max_orphans,
and after the patch, we could have ns1.sysctl_tcp_max_orphans + ns2.sysctl_tcp_max_orphans
+ ns3.sysctl_tcp_max_orphans, is that right? Thanks for your reviewing.

Powered by blists - more mailing lists