Folks,
Can someone tell me why nf_conntrack_htable_size is both an exported
symbol, and available in sysfs to be changed? Doing so will surely cause
the system to fall over immediately since this is value is used within
the hashing code in conntrack. It is /supposed/ to only be changed under
a lock, or at init time when there is not a need to lock it.
Perhaps we can get this unexported asap and the value replaced with a
function that returns the current value instead? Same goes for the
module parameter that can freely be messed around with.
Thanks,
Jon.
On Fri, 2010-01-29 at 23:32 -0500, Jon Masters wrote:
> Can someone tell me why nf_conntrack_htable_size is both an exported
> symbol, and available in sysfs to be changed?
Ah, ignore me, it does go through a function, it's just that if it's
already zero we assume it's "init time", which isn't true if the value
has otherwise been fiddled with - I think that assumption probably is
worth looking at anyway, and it's worth the hashing functions looking to
see if the value is NULL, to catch that aswell.
Jon.