lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 13 Sep 2008 14:45:15 +0400
From:	Alexey Dobriyan <>
To:	Patrick McHardy <>
Subject: Re: [PATCH 17/33] netns ct: final init_net tweaks

On Tue, Sep 09, 2008 at 09:51:56AM +0200, Patrick McHardy wrote:
> Alexey Dobriyan wrote:
>> On Tue, Sep 09, 2008 at 09:20:42AM +0200, Patrick McHardy wrote:
>>> Having multiple of these net_eq checks per function (14 total) is
>>> not a very nice way to do this.
>> Yep, I was just afraid of some subtle ordering rules and to keep
>> potential init_net breakage to minimum.
> Me too, but I still prefer to do it properly once.
>>> How about splitting the code into a netns and a global part instead?
>> Prebably they aren't strict at all.
> Not particulary. For cleanup a three stage approach with
> 1. init_net deactivation (ip_ct_attach = NULL)
> 2. generic netns cleanup
> 3. init_net specific final cleanup (slab cache, nf_conntrack_cachep,
>    accounting, helpers, protocols, ...)
> should work fine.
> The initialization should be OK with just a init_net part
> and a generic netns part.

Ugh, I'm still finding the least ugly way to put init_net checks, and
it's better to do it at the very end.

So, slight reordering.

See per-netns statistics, nf_conntrack_count, nf_conntrack_checksum,
nf_conntrack_log_invalid and accounting.

The rest (SIP, H323, GRE, PPTP, per-netns NAT) remains the same and can
be applied independently of init_net checks.
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists