On Tue, 4 Dec 2007 12:53:33 +0300
"Denis V. Lunev" <den@openvz.org> wrote:
> As well as marking flows this indirectly marks the ipv4 routing cache
> as every routing entry contains a flow.
>
> It is useful to add the network namespace into flows as frequently
> the routing information for ingoing and outgoing network packets is
> collected into a flow structure which is then used for several functions
> as it sorts out what is going on.
>
> Changes from v1:
> - remove flow.h dependency from net_namespace.h
>
> Signed-off-by: Denis V. Lunev <den@openvz.org>
> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
> ---
> include/net/flow.h | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/include/net/flow.h b/include/net/flow.h
> index af59fa5..9590bbe 100644
> --- a/include/net/flow.h
> +++ b/include/net/flow.h
> @@ -10,7 +10,9 @@
> #include <linux/in6.h>
> #include <asm/atomic.h>
>
> +struct net;
> struct flowi {
> + struct net *fl_net;
> int oif;
> int iif;
> __u32 mark;
> --
Can this be made conditional on network namespaces being configured on?
That way the flow structure won't have to grow taking more space.
It matters in DoS attacks where flow cache becomes a critical resource.
OpenVZ Forum
Members
Search
Help
Register
Login
Home
