On Mon, 2010-02-01 at 11:36 +0200, Alexey Dobriyan wrote:

On Mon, Feb 1, 2010 at 11:32 AM, Jon Masters [off-list ref] wrote:

quoted

I hacked up a per-namespace version of hashtables (this needs doing
anyway, since the global stuff is just waiting to break)

Which ones? Conntrack hashtables are per-netns.

They are, but the metadata is not. Sorry for not being clear, but my
previous mail was. i.e. there is a per-netns hashtable that is indexed
using a global that might change at any time underneath. The htable size
and max should be per-netns too.

An existing sysctl/module parameter affects these and should also
ultimately either iterate through namespaces, or only affect the global
init_net (as it almost does now, except it changes the data used by the
others and doesn't resize them).

Jon.