From: Patrick McHardy <kaber@trash.net>
To: Cyrill Gorcunov <gorcunov@gmail.com>
Cc: davem@davemloft.net, netdev@vger.kernel.org,
linux-next@vger.kernel.org, xemul@openvz.org,
adobriyan@gmail.com,
Netfilter Development Mailinglist
<netfilter-devel@vger.kernel.org>
Subject: Re: [RFC 0/4] netfilter conntrack sysctls pernet support
Date: Mon, 09 Mar 2009 19:47:28 +0100 [thread overview]
Message-ID: <49B56440.2010404@trash.net> (raw)
In-Reply-To: <20090309181628.109019157@gmail.com>
First off, *please* CC netfilter-devel on patches relating to netfilter.
I've said this a hundred times in direction of the container guys
(not sure whether you specifically) and it keeps getting ignored.
Cyrill Gorcunov wrote:
> Hi here are a few patches to bring in per-net functionality
> for several conntrack protocols: DCCP, SCTP, UDPlite.
>
> Since these protos could be built as modules I've put
> per-net operations to module init/exit routines. The change
> I would like you point the attention is that module static
> variables being marked as __read_mostly become now as dynamically
> allocated -- is it acceptable trade off?
Well, there's no other choice I guess.
> For protocols being built in (like TCP, UDP, ICMP) for which I made
> patches too but they are in a bit 'rought' state: in original
> code there some kind of reference counter to sysctl tables being
> registered (and they don't have any kind of mb, didn't check if it
> could be a problem for SMP since they are mostly __init functions)
> so I need some kind of same functionality to count per-net calls.
The tables are shared between IPv4 and IPv6, this keeps track of the
number of current users to avoid unregistering it while the AF-specific
module for either one is loaded. This would still be a global counter
with containers I think since module loading is global and they should
be visible in all containers if IPv4 or IPv6 conntrack is loaded.
> Will send RFC for these protocols soon.
>
> So eventually I would like to hear some kind of feedback on this.
> Ideas and any kind of comments are highly appreciated.
> + sn->sysctl_table[0].data = &sn->sctp_timeouts[SCTP_CONNTRACK_CLOSED];
> + sn->sysctl_table[1].data = &sn->sctp_timeouts[SCTP_CONNTRACK_COOKIE_WAIT];
> + sn->sysctl_table[2].data = &sn->sctp_timeouts[SCTP_CONNTRACK_COOKIE_ECHOED];
> + sn->sysctl_table[3].data = &sn->sctp_timeouts[SCTP_CONNTRACK_ESTABLISHED];
> + sn->sysctl_table[4].data = &sn->sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_SENT];
> + sn->sysctl_table[5].data = &sn->sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_RECD];
> + sn->sysctl_table[6].data = &sn->sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT];
Please use an iteration to avoid these repetitve overly long lines.
next prev parent reply other threads:[~2009-03-09 18:47 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-09 18:16 [RFC 0/4] netfilter conntrack sysctls pernet support Cyrill Gorcunov
2009-03-09 18:16 ` [RFC 1/4] net: sysctl_net - use net_eq to compare nets Cyrill Gorcunov
2009-03-09 18:16 ` [RFC 2/4] net: netfilter conntrack - add per-net functionality for DCCP protocol Cyrill Gorcunov
[not found] ` <49B63EA6.2060802@free.fr>
2009-03-10 10:33 ` Daniel Lezcano
2009-03-10 10:59 ` Cyrill Gorcunov
2009-03-10 11:35 ` Pavel Emelyanov
2009-03-10 11:51 ` Cyrill Gorcunov
2009-03-10 11:56 ` Pavel Emelyanov
2009-03-10 12:43 ` Daniel Lezcano
2009-03-10 11:25 ` David Miller
2009-03-10 13:02 ` Daniel Lezcano
2009-03-09 18:16 ` [RFC 3/4] net: netfilter conntrack - add per-net functionality for SCTP protocol Cyrill Gorcunov
2009-03-10 10:21 ` Daniel Lezcano
2009-03-09 18:16 ` [RFC 4/4] net: netfilter conntrack - add per-net functionality for UDPLITE protocol Cyrill Gorcunov
2009-03-09 18:47 ` Patrick McHardy [this message]
2009-03-09 19:07 ` [RFC 0/4] netfilter conntrack sysctls pernet support Cyrill Gorcunov
2009-03-09 21:08 ` Cyrill Gorcunov
2009-03-09 21:08 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49B56440.2010404@trash.net \
--to=kaber@trash.net \
--cc=adobriyan@gmail.com \
--cc=davem@davemloft.net \
--cc=gorcunov@gmail.com \
--cc=linux-next@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.