On Mon, 2010-02-01 at 10:17 -0500, Kyle McMartin wrote:
On Sun, Jan 31, 2010 at 04:12:07AM -0500, Jon Masters wrote:
The disabling of netfilter on bridges is not really "solving" this problem. The problem is that the hashing code needs fixing. Until that changes, whenever libvirtd plays with namespaces (as it does), we run the risk of falling over as we play with the size of the hashtables.
Thanks for the heads up, Jon. I'll watch this and the internal thread for a fix.
Yeah. It's going to turn into a lot of cleaning up of conntrack IMO - the more I look at that code, the more I see problems waiting in the wings. Just try writing to the hashtable size via sysfs while the system is running if you wanna see even more boom! opportunities ;)
Jon.