Re: [RFC 0/4] netfilter conntrack sysctls pernet support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



First off, *please* CC netfilter-devel on patches relating to netfilter.
I've said this a hundred times in direction of the container guys
(not sure whether you specifically) and it keeps getting ignored.

Cyrill Gorcunov wrote:
Hi here are a few patches to bring in per-net functionality
for several conntrack protocols: DCCP, SCTP, UDPlite.

Since these protos could be built as modules I've put
per-net operations to module init/exit routines. The change
I would like you point the attention is that module static
variables being marked as __read_mostly become now as dynamically
allocated -- is it acceptable trade off?

Well, there's no other choice I guess.

For protocols being built in (like TCP, UDP, ICMP) for which I made
patches too but they are in a bit 'rought' state: in original
code there some kind of reference counter to sysctl tables being
registered (and they don't have any kind of mb, didn't check if it
could be a problem for SMP since they are mostly __init functions)
so I need some kind of same functionality to count per-net calls.

The tables are shared between IPv4 and IPv6, this keeps track of the
number of current users to avoid unregistering it while the AF-specific
module for either one is loaded. This would still be a global counter
with containers I think since module loading is global and they should
be visible in all containers if IPv4 or IPv6 conntrack is loaded.

Will send RFC for these protocols soon.

So eventually I would like to hear some kind of feedback on this.
Ideas and any kind of comments are highly appreciated.

+	sn->sysctl_table[0].data = &sn->sctp_timeouts[SCTP_CONNTRACK_CLOSED];
+	sn->sysctl_table[1].data = &sn->sctp_timeouts[SCTP_CONNTRACK_COOKIE_WAIT];
+	sn->sysctl_table[2].data = &sn->sctp_timeouts[SCTP_CONNTRACK_COOKIE_ECHOED];
+	sn->sysctl_table[3].data = &sn->sctp_timeouts[SCTP_CONNTRACK_ESTABLISHED];
+	sn->sysctl_table[4].data = &sn->sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_SENT];
+	sn->sysctl_table[5].data = &sn->sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_RECD];
+	sn->sysctl_table[6].data = &sn->sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT];

Please use an iteration to avoid these repetitve overly long lines.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux