Re: [PATCH V2] netfilter: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_max sysctl

From: lvxiafei
Date: Wed Apr 09 2025 - 00:16:05 EST

Next message: Prashanth K: "Re: [PATCH v1 2/3] usb: gadget: Use get_status callback to set remote wakeup capability"
Previous message: Prashanth K: "Re: [PATCH v1 3/3] usb: dwc3: gadget: Make gadget_wakeup asynchronous"
In reply to: Florian Westphal: "Re: [PATCH V2] netfilter: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_max sysctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2025-04-08 13:28 Florian Westphal <fw@xxxxxxxxx> wrote:
> That was one of the suggestions that I see how one could have
> tunable pernet variable without allowing netns2 go haywire.

Yes, After net.netfilter.nf_conntrack_max is set in different
netns, it should be designed to not be allowed to be larger
than the global (ancestor) limit when working.

Next message: Prashanth K: "Re: [PATCH v1 2/3] usb: gadget: Use get_status callback to set remote wakeup capability"
Previous message: Prashanth K: "Re: [PATCH v1 3/3] usb: dwc3: gadget: Make gadget_wakeup asynchronous"
In reply to: Florian Westphal: "Re: [PATCH V2] netfilter: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_max sysctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]