On Tue, Mar 21, 2017 at 11:19:11PM +0800, Liping Zhang wrote:
> Hi Pablo,
>
> 2017-03-21 22:48 GMT+08:00 Liping Zhang <zlpnobody@xxxxxxxxx>:
> > 2017-03-21 18:33 GMT+08:00 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>:
> >>> +struct nfnl_cthelper {
> >>> + struct list_head list;
> >>> + struct nf_conntrack_helper *helper;
> >>> +};
> >>> +
> >>> +static LIST_HEAD(nfnl_cthelper_list);
> >>
> >> We need a field possible_net_t so we can store what netns this helper
> >> belongs to, thus in case of flush command, we just remove the helpers
> >> that this netns owns.
>
> After I have a closer look, I find that we do not support netns for the
> nfct_helper currently. So this possible_net_t field is not necessary for
> the time being.
Oh, I see. This is probably one of the remaining subsystems not having
netns support.
> I have a quick glance look, supporting netns for helper need a lot works
> to do. We need to both change the nfnetlink_cthelper, nf_conntrack_help
> and so on.
>
> But if you think it's worth to support netns for cthelper, I can
> finish it in my spare time:)
Let's focus on fixing up the existing issues. It would be great if you
can add that later on, once changes in nf.git propagate to
nf-next.git.
BTW, let me also pushed out what I have here into nf.git. I'd
appreciate if you can rebase this 5/5 patch on top of it.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
