Thu, 10 Feb 2000 13:12:59 +0100 (CET)
I'm thinking on how to improve the locking in conntrack. First it seemed
to be easy: just add locks to the ip_conntrack_hash per entry and that's
'all'. However the generation count (ip_conntrack_gen) prevents to do it
easily: it would behave as a global lock in conntrack again.
So I suggest to eliminate the generation count. Put the logic into
the netfilter device by adding the connection expiration time
to nfdev_head. Then when a packet is returned from the userspace, one can
make sure in nf_write that the pointer to the conntrack hash is still
What is your opinion?
E-mail : firstname.lastname@example.org, email@example.com
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary