Andrey Konovalov wrote:
> On Fri, Apr 21, 2017 at 9:45 PM, Florian Westphal wrote:
> > Florian Westphal wrote:
> >> Indeed. Setting net.netfilter.nf_conntrack_default_on=0 cuts time
> >> cleanup time by 2/3 ...
> >>
> >> nf unregister is way too happy to issue synchronize_net(), I'll work on
>
On Fri, Apr 21, 2017 at 9:45 PM, Florian Westphal wrote:
> Florian Westphal wrote:
>> Indeed. Setting net.netfilter.nf_conntrack_default_on=0 cuts time
>> cleanup time by 2/3 ...
>>
>> nf unregister is way too happy to issue synchronize_net(), I'll work on
>> a fix.
>
> I'll test this patch as a
Florian Westphal wrote:
> Indeed. Setting net.netfilter.nf_conntrack_default_on=0 cuts time
> cleanup time by 2/3 ...
>
> nf unregister is way too happy to issue synchronize_net(), I'll work on
> a fix.
I'll test this patch as a start. Maybe we can also leverage exit_batch
more on netfilter si
On Fri, Apr 21, 2017 at 7:57 PM, Eric Dumazet wrote:
> On Fri, Apr 21, 2017 at 10:50 AM, Andrey Konovalov
> wrote:
>> Hi!
>>
>> We're investigating some approaches to improve isolation of syzkaller
>> programs. One of the ideas is run each program in it's own user/net
>> namespace. However, while
Eric Dumazet wrote:
> On Fri, Apr 21, 2017 at 10:50 AM, Andrey Konovalov
> wrote:
> > Hi!
> >
> > We're investigating some approaches to improve isolation of syzkaller
> > programs. One of the ideas is run each program in it's own user/net
> > namespace. However, while I was experimenting with th
On Fri, Apr 21, 2017 at 10:50 AM, Andrey Konovalov
wrote:
> Hi!
>
> We're investigating some approaches to improve isolation of syzkaller
> programs. One of the ideas is run each program in it's own user/net
> namespace. However, while I was experimenting with this, I stumbled
> upon a problem.
>
