This patch set implements per-netns sysctl for br_netfilter.
I would be very grateful for any feedback and improvement recommendations.
I'm not sure is it safe to use dev_net(skb->dev) to get reference to net namespace
(see patches 11-15 for details), however I expect that skb inside bridge
should have correct reference to device.
Vasily Averin (15):
1 br_netfilter: brnf_net structure definition
2 br_netfilter: default settings in init_brnf_net
3 br_netfilter: switch sysctl nf_call_arptables to init_brnf_net
4 br_netfilter: switch sysctl nf_call_iptables to init_brnf_net
5 br_netfilter: switch sysctl nf_call_ip6tables to init_brnf_net
6 br_netfilter: switch sysctl filter_vlan_tagged to init_brnf_net
7 br_netfilter: switch sysctl filter_pppoe_tagged to init_brnf_net
8 br_netfilter: switch sysctl pass_vlan_indev to init_brnf_net
9 br_netfilter: pernet_operations brnf_net_ops without per-netns sysctl
registration
10 br_netfilter: added per-netns sysctl registration
11 br_netfilter: switch sysctl nf_call_arptables to per-netns processing
12 br_netfilter: switch sysctls nf_call_iptables and nf_call_ip6tables
to per-netns processing
13 br_netfilter: switch sysctl filter_vlan_tagged to per-netns
processing
14 br_netfilter: switch sysctl filter_pppoe_tagged to per-netns
processing
15 br_netfilter: switch sysctl pass_vlan_indev to per-netns processing
net/bridge/br_netfilter.c | 168 ++++++++++++++++++++++++++++++++-------------
net/bridge/br_private.h | 15 ++++
2 files changed, 136 insertions(+), 47 deletions(-)
--
1.7.5.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
