Hello, On Mon, 21 Sep 2015, Eric W. Biederman wrote: > I am gradually working my way through the netfilter stack passing struct > down into the netfilter hooks and from the netfilter hooks and from > there down into the functions that actually care. This removes the need > for netfilter functions to guess how to figure out how to compute which > network namespace they are in and instead provides a simple and reliable > method to do so. > > The cleanups stand on their own but this is part of a larger effort to > have routes with an output device that is not in the current network > namespace. > > The IPVS code has been a bit more of a challenge than most. Just > passing struct net through to where it is needed did not feel clean to > me. The practical issue is that the ipvs code in most places actually > wants struct netns_ipvs and not struct net. > > So as part of this process I have turned the relationship between struct > net and the structs netns_ipvs, ip_vs_conn_param, ip_vs_conn, and > ip_vs_service inside out. I have modified the ipvs functions to take a > struct netns_ipvs not a struct net. The net is code with fewer > conversions from one type of structure to another. I did wind up adding > a struct netns_ipvs parameter to quite a few functions that did not have > it before so I could pass the structure down from the netfilter hooks to > where it is actually needed to avoid guessing. > > I have broken up the work in a bunch of small patches so there is at > least a chance and reviewing that each step I took is correct. The > series compiles at each step so bisecting it should not be a problem > if something weird comes up. > > The first two changes in this series are actually bug fixes. The first > is a compile fix for a bug in sctp that came in, in the last round of > ipvs changes merged into nf-next. The second fixes an older bug where > in pathological circumstances the wrong network namespace could be used > when a proc file is written to. > > The rest of the patchset is a bunch of boring changes getting pushing > struct netns_ipvs (and by extension ipvs->net) where it needs to be. > Either by replacing struct net pointers or adding new struct netns_ipvs > pointers. With a handful of other minor cleanups (like removing > skb_net). > > I have incorporated Julian Anastasov's feedback, which critically > involves fixing a wrong piece of code. > > The changes are also available against nf-next at: > git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/net-next.git master > > My entire pending set of changes for those who want to look ahead is at: > git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/net-next.git for-testing > > Eric v2 looks good to me, Acked-by: Julian Anastasov <ja@xxxxxx> Regards -- Julian Anastasov <ja@xxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
