Re: [PATCH] ipv4: Namespaceify tcp_max_orphans knob

From: Cong Wang
Date: Fri Sep 08 2017 - 18:14:28 EST

Next message: gurugio: "[RFC] mm/memblock.c: using uninitialized value idx in memblock_add_range()"
Previous message: James Morris: "Re: [PATCH] usb,signal,security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill"
Next in thread: 严海双: "Re: [PATCH] ipv4: Namespaceify tcp_max_orphans knob"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 6, 2017 at 8:10 PM, Haishuang Yan
<yanhaishuang@xxxxxxxxxxxxxxxxxxxx> wrote:
> Different namespace application might require different maximal number
> of TCP sockets independently of the host.

So after your patch we could have N * net->ipv4.sysctl_tcp_max_orphans
in a whole system, right? This just makes OOM easier to trigger.

Next message: gurugio: "[RFC] mm/memblock.c: using uninitialized value idx in memblock_add_range()"
Previous message: James Morris: "Re: [PATCH] usb,signal,security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill"
Next in thread: 严海双: "Re: [PATCH] ipv4: Namespaceify tcp_max_orphans knob"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]