[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B6BECF8.1010508@trash.net>
Date: Fri, 05 Feb 2010 11:03:36 +0100
From: Patrick McHardy <kaber@...sh.net>
To: Jon Masters <jonathan@...masters.org>
CC: Alexey Dobriyan <adobriyan@...il.com>, davem@...emloft.net,
eric.dumazet@...il.com, netdev@...r.kernel.org,
netfilter-devel@...r.kernel.org
Subject: Re: [PATCH for 2.6.33] conntrack: restrict runtime hashsize modifications
Jon Masters wrote:
> On Thu, 2010-02-04 at 18:04 +0100, Patrick McHardy wrote:
>>> How about alternatively moving nf_conntrack_hsize into the
>>> per-namespace struct? It doesn't look more complicated or
>>> intrusive and would allow to still change the init_net
>>> hashsize. Also seems less hackish :)
>> How about this (so far untested) patch? The htable_size is moved into
>> the per-namespace struct and initialized from the current (global)
>> value of nf_conntrack_htable_size. Changes through sysfs are still
>> permitted, but only affect the init namespace and newly created ones.
>
> I moved the random seed into the per-ns context aswell. I think that's
> better than having a global one, and you don't need to rehash all.
That's another possibility. But we don't loose anything by not
reseeding during resize. It also shouldn't be possible to determine
the seed from userspace in a namespace, so there's no real need
to use seperate values.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists