On 05/05/2016 06:36 PM, Florian Westphal wrote:
Brian Haley wrote:
I've seen cases where certain users are attacked, where the CT table is
filled such that we start seeing "nf_conntrack: table full, dropping packet"
messages (as expected). But other users continue to
Brian Haley wrote:
> >>I've seen cases where certain users are attacked, where the CT table is
> >>filled such that we start seeing "nf_conntrack: table full, dropping packet"
> >>messages (as expected). But other users continue to function normally,
> >>unaffected. Is this
On 05/05/2016 04:54 PM, Florian Westphal wrote:
Brian Haley wrote:
Openstack networking creates virtual routers using namespaces for isolation
between users. VETH pairs are used to connect the interfaces on these
routers to different networks, whether they are internal
Brian Haley wrote:
> Openstack networking creates virtual routers using namespaces for isolation
> between users. VETH pairs are used to connect the interfaces on these
> routers to different networks, whether they are internal (private) or
> external (public). In most
On 04/28/2016 01:13 PM, Florian Westphal wrote:
[ CCing netdev so netns folks can have a look too ]
This patch series removes the per-netns connection tracking tables.
All conntrack objects are then stored in one global global table.
This avoids the infamous 'vmalloc' when lots of namespaces
On Thu, Apr 28, 2016 at 07:13:39PM +0200, Florian Westphal wrote:
> [ CCing netdev so netns folks can have a look too ]
>
> This patch series removes the per-netns connection tracking tables.
> All conntrack objects are then stored in one global global table.
>
> This avoids the infamous
On Thu, Apr 28, 2016 at 07:13:39PM +0200, Florian Westphal wrote:
> [ CCing netdev so netns folks can have a look too ]
>
> This patch series removes the per-netns connection tracking tables.
> All conntrack objects are then stored in one global global table.
>
> This avoids the infamous
[ CCing netdev so netns folks can have a look too ]
This patch series removes the per-netns connection tracking tables.
All conntrack objects are then stored in one global global table.
This avoids the infamous 'vmalloc' when lots of namespaces are used:
We no longer allocate a new conntrack