Eric W. Biederman <ebied...@xmission.com> wrote: > Florian could you test and verify this patch fixes your issues?
Yes, this seems to work. Pablo, I'm fine with this patch going into -nf/stable but I do not think making the pointers per netns is a desireable option in the long term. > Unlike the other possibilities that have been discussed this also > addresses the nf_queue path as well as the nf_queue_hook_drop path. The nf_queue path should have been fine, no? Or putting it differently: can we start processing skbs before a netns is fully initialized?
