Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2748097pxp; Tue, 22 Mar 2022 05:28:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyCsmpV6UDtnKLhOnpxDvhF4bDAAIWRTyZg5RkXJBM2u88kRZuBJCxlSS+aXZJMNVlLxde8 X-Received: by 2002:a17:906:4408:b0:6da:bec1:2808 with SMTP id x8-20020a170906440800b006dabec12808mr25242496ejo.543.1647952093629; Tue, 22 Mar 2022 05:28:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647952093; cv=none; d=google.com; s=arc-20160816; b=S7IVu4DytFUPEDLms/Fewp0QcfFnXgomkdy7B/9gggKQrFnhCe9JsuCTapuwtVEFzV YvKAYRRW9FJcS+RaLglTL+PUUjN4lijFbA1kywxdUO4PX8hlSySmjIP7h2FoOlvQSIOe HKhy4obe2pxcWzpm/RcGxzwbisNS5R11jPUB409Qiy8dgOfpSwqmSIVZ0RPfWu64bJD0 Cz0oOTU5oQDn9sozxvSYNl6VmF+WLuDLhJ42GfxTLO67lMCtUezckmdhVck8FkOZUMPL BhNxFYX1dm4l8yPgRdHMBg/kRawrnWptpDVnMoWGn847+AvWBwvWzDxwfB83+dAGfY3X 7rug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=R/6HGbTDDwziW8+OKWhdOp6qM5uA1EIf04YaBjTIsu4=; b=aabEHQuy03Qq6w3fMSU0aUUXLTPwEr8/ju5pOPxWv0KEAgXNHlp9xJXSFGZMxWYglp lVdzD2g6iewTSpHOcN5cOiSH1LPGBD2xBY+YiGFMJJOA9g68gGGieR4yt2I6fdEfNwdR o8KXminB0Qh2Vz/gYInP0PHNjHdDg/kNb7aAaTvfDH8OHR5aU1eY92Lf0PfX4SDY/Rq4 Dsem3LJedJ6srNQdApuP+jud2qG2axlxhlRNkuHOmNpRZntFvpZO1Gcgp48v1FKKClu2 etjP8T1S7vtvaOt1VJApfi144lOpnJut0Pl/pMCepGBw2xzwgoLVqIiAv76oxRkNiSjI J2sA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fv8-20020a170907508800b006dfa0822296si5637283ejc.849.2022.03.22.05.27.47; Tue, 22 Mar 2022 05:28:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233009AbiCVK1D (ORCPT + 99 others); Tue, 22 Mar 2022 06:27:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57166 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231539AbiCVK1B (ORCPT ); Tue, 22 Mar 2022 06:27:01 -0400 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2a0a:51c0:0:12e:520::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 978F920F50; Tue, 22 Mar 2022 03:25:34 -0700 (PDT) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1nWbhj-0002lV-KV; Tue, 22 Mar 2022 11:25:31 +0100 Date: Tue, 22 Mar 2022 11:25:31 +0100 From: Florian Westphal To: Vasily Averin Cc: Florian Westphal , Jozsef Kadlecsik , Pablo Neira Ayuso , linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org, kernel@openvz.org Subject: Re: [PATCH v2] memcg: enable accounting for nft objects Message-ID: <20220322102531.GC24574@breakpoint.cc> References: <20220228122429.GC26547@breakpoint.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Vasily Averin wrote: > nftables replaces iptables, but it lacks memcg accounting. > > This patch account most of the memory allocation associated with nft > and should protect the host from misusing nft inside a memcg restricted > container. LGTM. Acked-by: Florian Westphal