Re: [PATCH v2 00/17] netfilter: add namespace support for netfilter protos

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: ebiederm@xmission•com (Eric W. Biederman)
To: Gao feng <gaofeng@cn•fujitsu.com>
Cc: pablo@netfilter•org, netfilter-devel@vger•kernel.org,
	netdev@vger•kernel.org, serge.hallyn@canonical•com,
	dlezcano@fr•ibm.com
Subject: Re: [PATCH v2 00/17] netfilter: add namespace support for netfilter protos
Date: Tue, 01 May 2012 11:47:45 -0700	[thread overview]
Message-ID: <m1zk9rwxf2.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <1335519484-6089-1-git-send-email-gaofeng@cn.fujitsu.com> (Gao feng's message of "Fri, 27 Apr 2012 17:37:47 +0800")

Gao feng <gaofeng@cn•fujitsu.com> writes:

> Currently the sysctl of netfilter proto is not isolated, so when
> changing proto's sysctl in container will cause the host's sysctl
> be changed too. it's not expected.
>
> This patch set adds the namespace support for netfilter protos.
>
> impletement four pernet_operations to register sysctl and initial
> pernet data for proto.
>
> -ipv4_net_ops is used to register tcp4(compat),
>  udp4(compat),icmp(compat),ipv4(compat).
> -ipv6_net_ops is used to register tcp6,udp6 and icmpv6.
> -sctp_net_ops is used to register sctp4(compat) and sctp6.
> -udplite_net_ops is used to register udplite4 and udplite6
>
> extern l[3,4]proto (sysctl) register functions to make them support
> namespace.
>
> finailly add namespace support for cttimeout.

I am a bit out of it this week so I could not look at these patches
in the detail that I would like.  However skimming through it looks
like you addressed your review comments, and the changes look like
the kind of changes I would expect from something like this.

I assume you have tested to make certain your code actually works.

So on that basis for the patchset:
Acked-by: "Eric W. Biederman" <ebiederm@xmission•com>

Anyone else want to chime in or does everyone else figure
that this code is ready to be merged and no additional comments
are necessary?

Eric


> Gao feng (17):
>   netfilter: add struct nf_proto_net for register l4proto sysctl
>   netfilter: add namespace support for l4proto
>   netfilter: add namespace support for l3proto
>   netfilter: add namespace support for l4proto_generic
>   netfilter: add namespace support for l4proto_tcp
>   netfilter: add namespace support for l4proto_udp
>   netfilter: add namespace support for l4proto_icmp
>   netfilter: add namespace support for l4proto_icmpv6
>   netfilter: add namespace support for l3proto_ipv4
>   netfilter: add namespace support for l3proto_ipv6
>   netfilter: add namespace support for l4proto_sctp
>   netfilter: add namespace support for l4proto_udplite
>   netfilter: adjust l4proto_dccp to the nf_conntrack_l4proto_register
>   netfilter: adjust l4proto_gre4 to the nf_conntrack_l4proto_register
>   netfilter: cleanup sysctl for l4proto and l3proto
>   netfilter: add namespace support for cttimeout
>   netfilter: cttimeout use pernet data of l4proto
>
>  include/net/netfilter/nf_conntrack_l3proto.h   |   11 +-
>  include/net/netfilter/nf_conntrack_l4proto.h   |   32 ++-
>  include/net/netns/conntrack.h                  |   55 ++++
>  net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c |  127 ++++++---
>  net/ipv4/netfilter/nf_conntrack_proto_icmp.c   |   55 +++-
>  net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c |   88 ++++--
>  net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c |   38 ++-
>  net/netfilter/nf_conntrack_core.c              |    7 +-
>  net/netfilter/nf_conntrack_proto.c             |  390 ++++++++++++++----------
>  net/netfilter/nf_conntrack_proto_dccp.c        |  141 +++++----
>  net/netfilter/nf_conntrack_proto_generic.c     |   69 ++++-
>  net/netfilter/nf_conntrack_proto_gre.c         |   66 +++--
>  net/netfilter/nf_conntrack_proto_sctp.c        |  157 +++++++---
>  net/netfilter/nf_conntrack_proto_tcp.c         |  136 ++++++---
>  net/netfilter/nf_conntrack_proto_udp.c         |   90 ++++--
>  net/netfilter/nf_conntrack_proto_udplite.c     |  125 ++++++--
>  net/netfilter/nfnetlink_cttimeout.c            |   13 +-
>  17 files changed, 1068 insertions(+), 532 deletions(-)

next prev parent reply	other threads:[~2012-05-01 18:47 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-27  9:37 [PATCH v2 00/17] netfilter: add namespace support for netfilter protos Gao feng
2012-04-27  9:37 ` [PATCH 01/17] netfilter: add struct nf_proto_net for register l4proto sysctl Gao feng
2012-04-27  9:37 ` [PATCH 02/17] netfilter: add namespace support for l4proto Gao feng
2012-04-27  9:37 ` [PATCH 03/17] netfilter: add namespace support for l3proto Gao feng
2012-04-27  9:37 ` [PATCH 04/17] netfilter: add namespace support for l4proto_generic Gao feng
2012-04-27  9:37 ` [PATCH 05/17] netfilter: add namespace support for l4proto_tcp Gao feng
2012-04-27  9:37 ` [PATCH 06/17] netfilter: add namespace support for l4proto_udp Gao feng
2012-04-27  9:37 ` [PATCH 07/17] netfilter: add namespace support for l4proto_icmp Gao feng
2012-04-27  9:37 ` [PATCH 08/17] netfilter: add namespace support for l4proto_icmpv6 Gao feng
2012-04-27  9:37 ` [PATCH 09/17] netfilter: add namespace support for l3proto_ipv4 Gao feng
2012-04-27  9:37 ` [PATCH 10/17] netfilter: add namespace support for l3proto_ipv6 Gao feng
2012-04-27  9:37 ` [PATCH 11/17] netfilter: add namespace support for l4proto_sctp Gao feng
2012-04-27  9:37 ` [PATCH 12/17] netfilter: add namespace support for l4proto_udplite Gao feng
2012-04-27  9:38 ` [PATCH 13/17] netfilter: adjust l4proto_dccp to the nf_conntrack_l4proto_register Gao feng
2012-04-27  9:38 ` [PATCH 14/17] netfilter: adjust l4proto_gre4 " Gao feng
2012-04-27  9:38 ` [PATCH 15/17] netfilter: cleanup sysctl for l4proto and l3proto Gao feng
2012-04-27  9:38 ` [PATCH 16/17] netfilter: add namespace support for cttimeout Gao feng
2012-04-27  9:38 ` [PATCH 17/17] netfilter: cttimeout use pernet data of l4proto Gao feng
2012-05-01 18:47 ` Eric W. Biederman [this message]
2012-05-02  0:40   ` [PATCH v2 00/17] netfilter: add namespace support for netfilter protos Pablo Neira Ayuso
2012-05-07 23:19 ` Pablo Neira Ayuso
2012-05-08  0:53   ` Gao feng

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1zk9rwxf2.fsf@fess.ebiederm.org \
    --to=ebiederm@xmission$(echo .)com \
    --cc=dlezcano@fr$(echo .)ibm.com \
    --cc=gaofeng@cn$(echo .)fujitsu.com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=netfilter-devel@vger$(echo .)kernel.org \
    --cc=pablo@netfilter$(echo .)org \
    --cc=serge.hallyn@canonical$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox