On Tue, Jun 26, 2018 at 03:47:31PM -0700, Cong Wang wrote: > On Tue, Jun 26, 2018 at 3:03 PM Flavio Leitner <[email protected]> wrote: > > > > On Tue, Jun 26, 2018 at 02:48:47PM -0700, Cong Wang wrote: > > > On Mon, Jun 25, 2018 at 11:41 PM Eric Dumazet <[email protected]> > > > wrote: > > > > When a packet is attached to a socket, we should keep the association > > > > as much as possible. > > > > > > As much as possible within one stack, I agree. I still don't understand > > > why we should keep it across the stack boundary. > > > > > > > Only when a new association needs to be done, skb_orphan() needs to be > > > > called. > > > > > > > > Doing this skb_orphan() too soon breaks back pressure in general, this > > > > is bad, since a socket > > > > can evades SO_SNDBUF limits. > > > > > > Right before leaving the stack is not too soon, it is the latest > > > actually, for veth case. > > > > Depends on how you view things - it's the same host/stack sharing the > > same resources, so why should we not keep it? > > Because stacks are supposed to be independent, netdevices are > isolated, iptables and route tables too. This is how netns is designed > from the beginning. The trend today is actually more isolation instead > of more sharing, given the popularity of containers.
It is still isolated, the sk carries the netns info and it is orphaned when it re-enters the stack. -- Flavio -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
