From: Patrick McHardy <kaber@trash.net>
To: Jon Masters <jonathan@jonmasters.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>,
davem@davemloft.net, eric.dumazet@gmail.com,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH for 2.6.33] conntrack: restrict runtime hashsize modifications
Date: Fri, 05 Feb 2010 11:21:05 +0100 [thread overview]
Message-ID: <4B6BF111.60205@trash.net> (raw)
In-Reply-To: <1265364761.2861.757.camel@tonnant>
Jon Masters wrote:
> On Fri, 2010-02-05 at 11:03 +0100, Patrick McHardy wrote:
>> Jon Masters wrote:
>>> On Thu, 2010-02-04 at 18:04 +0100, Patrick McHardy wrote:
>>>>> How about alternatively moving nf_conntrack_hsize into the
>>>>> per-namespace struct? It doesn't look more complicated or
>>>>> intrusive and would allow to still change the init_net
>>>>> hashsize. Also seems less hackish :)
>>>> How about this (so far untested) patch? The htable_size is moved into
>>>> the per-namespace struct and initialized from the current (global)
>>>> value of nf_conntrack_htable_size. Changes through sysfs are still
>>>> permitted, but only affect the init namespace and newly created ones.
>>> I moved the random seed into the per-ns context aswell. I think that's
>>> better than having a global one, and you don't need to rehash all.
>> That's another possibility. But we don't loose anything by not
>> reseeding during resize. It also shouldn't be possible to determine
>> the seed from userspace in a namespace, so there's no real need
>> to use seperate values.
>
> Right, the risk there is hypothetical at best. But there's little lost
> in putting it in per-ns and then you can rehash and truly make them
> independent, which I think is really what netns is all about.
I don't disagree, but currently I'm trying to go for a minimal
version thats suitable for 2.6.33.
next prev parent reply other threads:[~2010-02-05 10:21 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-03 20:39 [PATCH for 2.6.33] conntrack: restrict runtime hashsize modifications Alexey Dobriyan
2010-02-03 20:50 ` Jon Masters
2010-02-04 16:18 ` Patrick McHardy
2010-02-04 16:27 ` Patrick McHardy
2010-02-04 20:18 ` Jon Masters
2010-02-05 10:00 ` Patrick McHardy
2010-02-05 10:14 ` Jon Masters
2010-02-05 10:21 ` Patrick McHardy
2010-02-04 17:04 ` Patrick McHardy
2010-02-04 19:47 ` Alexey Dobriyan
2010-02-04 20:23 ` Jon Masters
2010-02-05 10:00 ` Patrick McHardy
2010-02-05 10:11 ` Jon Masters
2010-02-05 10:19 ` Patrick McHardy
2010-02-05 11:16 ` Patrick McHardy
2010-02-05 11:19 ` Alexey Dobriyan
2010-02-05 11:22 ` Patrick McHardy
2010-02-05 11:25 ` Patrick McHardy
2010-02-05 11:51 ` Jon Masters
2010-02-05 11:23 ` Alexey Dobriyan
2010-02-05 22:04 ` Alexey Dobriyan
2010-02-08 13:34 ` Patrick McHardy
2010-02-08 14:35 ` Patrick McHardy
2010-02-04 20:20 ` Jon Masters
2010-02-05 10:03 ` Patrick McHardy
2010-02-05 10:12 ` Jon Masters
2010-02-05 10:21 ` Patrick McHardy [this message]
2010-02-04 17:26 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B6BF111.60205@trash.net \
--to=kaber@trash.net \
--cc=adobriyan@gmail.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jonathan@jonmasters.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.