On Tue, Sep 18, 2012 at 12:29:39PM +0800, Cong Wang wrote:
> As pointed by Michal, it is necessary to add a new
> namespace for nf_conntrack_reasm code, this prepares
> for the second patch.
This looks good to me, but there are some comestical changes I have to
request.
> Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Cc: Michal Kubeček <mkubecek@xxxxxxx>
> Cc: David Miller <davem@xxxxxxxxxxxxx>
> Cc: Patrick McHardy <kaber@xxxxxxxxx>
> Cc: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> Cc: netfilter-devel@xxxxxxxxxxxxxxx
> Signed-off-by: Cong Wang <amwang@xxxxxxxxxx>
> ---
> include/net/net_namespace.h | 3 +
> include/net/netns/conntrack.h | 6 ++
> net/ipv6/netfilter/nf_conntrack_reasm.c | 135 +++++++++++++++++++++----------
> 3 files changed, 102 insertions(+), 42 deletions(-)
>
> diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
> index 5ae57f1..5c467bb 100644
> --- a/include/net/net_namespace.h
> +++ b/include/net/net_namespace.h
> @@ -93,6 +93,9 @@ struct net {
> #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
> struct netns_ct ct;
> #endif
> +#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
> + struct netns_nf_ct nf_ct;
> +#endif
There's above one "struct netns_ct" that already encapsulates
netfilter conntrack netns parameters.
However, I'd prefer if, while at it, you define some struct
netns_nf_frag instead.
In net/ipv6/netfilter/Makefile, it says:
# defrag
nf_defrag_ipv6-y := nf_defrag_ipv6_hooks.o nf_conntrack_reasm.o
Note that nf defragmentation is not glued to conntrack anymore. So I'd
go for one netns_nf_frag for this in include/net/net_namespace.h
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
