[Fwd: SUMMARY: KVM+nf_conntrack_htable_size]
Jon Masters
jonathan at jonmasters.org
Mon Feb 1 23:30:27 UTC 2010
On Mon, 2010-02-01 at 10:17 -0500, Kyle McMartin wrote:
> On Sun, Jan 31, 2010 at 04:12:07AM -0500, Jon Masters wrote:
> > The disabling of netfilter on bridges is not really "solving" this
> > problem. The problem is that the hashing code needs fixing. Until that
> > changes, whenever libvirtd plays with namespaces (as it does), we run
> > the risk of falling over as we play with the size of the hashtables.
> >
>
> Thanks for the heads up, Jon. I'll watch this and the internal thread
> for a fix.
Yeah. It's going to turn into a lot of cleaning up of conntrack IMO -
the more I look at that code, the more I see problems waiting in the
wings. Just try writing to the hashtable size via sysfs while the system
is running if you wanna see even more boom! opportunities ;)
Jon.
More information about the kernel
mailing list