Patrick McHardy wrote: > Alexey Dobriyan wrote: >> On Tue, Sep 09, 2008 at 08:12:27AM +0200, Patrick McHardy wrote: >>> Alexey Dobriyan wrote: >>>> Heh, last minute proof-reading of this patch made me think, >>>> that this is actually unneeded, simply because "ct" pointers will be >>>> different for different conntracks in different netns, just like they >>>> are different in one netns. >>>> >>>> Not so sure anymore. >>> Its necessary because the cache needs to be flushed on netns exit >>> and this is only allowed while its not in use anymore. >>> >>> I don't see anything in this series actually making sure nothing >>> hits the cache on exit though. Am I missing something? >> >> When netns refcount hits zero, netdevices in it will start dropping >> packets. >> And there is synchronize_net() call before cache flush. >> >> I think this is enough. > > Thanks for the explanation, I have a closer look at this.
Yes, that looks fine. Applied, thanks. BTW, doesn't __vlan_hwaccel_rx() also needs a netns_alive() check to avoid passing packets to AF_PACKET sockets in dead namespaces? _______________________________________________ Containers mailing list [EMAIL PROTECTED] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel