Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757317AbdIIBZr convert rfc822-to-8bit (ORCPT ); Fri, 8 Sep 2017 21:25:47 -0400 Received: from cmccmta3.chinamobile.com ([221.176.66.81]:19292 "EHLO cmccmta3.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757173AbdIIBZp (ORCPT ); Fri, 8 Sep 2017 21:25:45 -0400 X-RM-TRANSID: 2eea59b343155e2-ca593 X-RM-SPAM-FLAG: 00000000 X-RM-TRANSID: 2ee359b34313c59-8afda Content-Type: text/plain; charset=gb2312 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [PATCH] ipv4: Namespaceify tcp_max_orphans knob From: =?gb2312?B?0c+6o8ur?= In-Reply-To: Date: Sat, 9 Sep 2017 09:25:40 +0800 Cc: "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI , Eric Dumazet , Linux Kernel Network Developers , LKML Content-Transfer-Encoding: 8BIT Message-Id: <798CA25A-CA09-4D06-A9B6-7C5791A6EEC1@cmss.chinamobile.com> References: <1504753808-13266-1-git-send-email-yanhaishuang@cmss.chinamobile.com> To: Cong Wang X-Mailer: Apple Mail (2.3273) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 690 Lines: 16 > On 2017??9??9??, at ????6:13, Cong Wang wrote: > > On Wed, Sep 6, 2017 at 8:10 PM, Haishuang Yan > wrote: >> Different namespace application might require different maximal number >> of TCP sockets independently of the host. > > So after your patch we could have N * net->ipv4.sysctl_tcp_max_orphans > in a whole system, right? This just makes OOM easier to trigger. > >From my understanding, before the patch, we had N * net->ipv4.sysctl_tcp_max_orphans, and after the patch, we could have ns1.sysctl_tcp_max_orphans + ns2.sysctl_tcp_max_orphans + ns3.sysctl_tcp_max_orphans, is that right? Thanks for your reviewing.