Dear Bart, thank you for feedback, I've reworked patch set to fix your notes. This patch set enables per network namespace managemnt for br_netfiltes sysctls, it allows to enable processing br-nf-call hooks in one network namespace and keep it disabled in another ones. v2: removed extra overhead for CONFIG_SYSCTL=n Vasily Averin (11): 1 br_netfilter: brnf_net structure for sysctl setting 2 br_netfilter: default sysctl settings in init_brnf_net 3 br_netfilter: brnf_flag macro 4 br_netfilter: switch sysctl call_arptables to init_brnf_net 5 br_netfilter: switch sysctls call_iptables call_ip6tables to init_brnf_net 6 br_netfilter: switch sysctl filter_vlan_tagged to init_brnf_net 7 br_netfilter: switch sysctl filter_pppoe_tagged to init_brnf_net 8 br_netfilter: switch sysctl pass_vlan_indev to init_brnf_net 9 br_netfilter: pernet_operations brnf_net_opts without sysctl registration 10 br_netfilter: per-netns sysctl registration 11 br_netfilter: switch all sysctls to per-netns processing net/bridge/br_netfilter.c | 155 ++++++++++++++++++++++++++++++++++----------- net/bridge/br_private.h | 13 ++++ 2 files changed, 130 insertions(+), 38 deletions(-) -- 1.7.5.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
