Daniel Lezcano <[EMAIL PROTECTED]> wrote on 01/03/2008 03:00:48 AM:
...
> With this solution, we can handle different values for the namespaces
> but these values are driven by the initial network namespace because
> their values are lesser or equal to the one from the initial network
> namespace.
>
> Is it acceptable ?
Daniel,
If you have the premise that there's a reason for them to be
different, then your original implementation is fine already. It
requires root privilege to change the value, so I don't mind the
ability to raise it to a higher value later.
I don't object, but I don't understand. I can't think of
any circumstances where I would want to modify it per namespace.
Making it small is not an effective restriction, since someone
*wanting* to use lots of sources can simply do them on different
sockets of the same group. The point is to catch accidental silly
use and it's protecting a global resource so differing values
just change the threshold at which you catch accidental silly
use in different namespaces.
Setting it to "0" might be a method of preventing its
use entirely in some namespaces, but it's part of the socket
interface-- disabling it isn't something you generally want to
do, either.
Are you intending to convert all variables to be
per-namespace? If not -- that is, if you will have global
sysctl variables, then I think this one should be one of
those. Actually, all of the IGMP & MLD variables are tied
naturally to the shared interfaces, so should be global,
I think.
+-DLS
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
