Hi Pablo, 2017-06-06 8:04 GMT+08:00 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>: [...] >> I remembered Pablo told me that the ct helpers "is probably one of >> the remaining subsystems not having netns support", when I sent >> patches to fix other issues. >> >> So I try to accomplish the netns support for ct helpers. >> (see https://patchwork.ozlabs.org/patch/740692/). > > I was referring to cthelper infrastructure, right? So you add > possible_net to struct nfnl_cthelper? Do you mean that we only need to support netns for these user ct helpers? For these kernel built-in ct helpers, we should keep them unchanged. So for __nf_conntrack_helper_find, only when the NF_CT_HELPER_F_USERSPACE is set, we should check the netns is equal or not, like this: static bool nf_ct_helper_net_eq(struct nf_conntrack_helper *helper, struct net *net) { struct nfnl_cthelper *nlhelper; if (!(helper->flags & NF_CT_HELPER_F_USERSPACE)) return true; nlhelper = container_of(helper, struct nfnl_cthelper, helper); return net_eq(net, read_pnet(&nlhelper->net)); } -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
