From: Patrick McHardy <kaber@trash.net>
To: Shan Wei <shanwei@cn.fujitsu.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>, netdev@vger.kernel.org
Subject: Re: [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace
Date: Thu, 25 Feb 2010 18:34:23 +0100 [thread overview]
Message-ID: <4B86B49F.1010806@trash.net> (raw)
In-Reply-To: <4B8660AD.7030308@cn.fujitsu.com>
Shan Wei wrote:
> Patrick McHardy wrote, at 02/24/2010 10:05 PM:
>> Shan Wei wrote:
>>> Alexey Dobriyan wrote, at 02/24/2010 03:48 PM:
>>>>> - .procname = "nf_conntrack_frag6_timeout",
>>>>> - .data = &nf_init_frags.timeout,
>>>>> - .maxlen = sizeof(unsigned int),
>>>>> - .mode = 0644,
>>>>> - .proc_handler = proc_dointvec_jiffies,
>>>> Why are you removing sysctls?
>>> Because, after introduced net namespace, we can use net->ipv6.frags to
>>> manage IPv6 conntrack fragment queue instead of nf_init_frags.
>>> And sysctls of ip6frag_low_thresh, ip6frag_time and ip6frag_high_thresh
>>> also can control IPv6 conntrack fragment queue.
>>>
>>> So, private member of nf_init_frags becomes redundant, and remove these sysctls.
>> You can't simply remove them without a warning, people might be
>> using them.
>
> How to provide a warning to user?
> How about handle these sysctl ABIs like this:
>
> s1) Retain these sysctls and refer .data to appropriate member of frags of init_net.
> Take nf_conntrack_frag6_timeout for example, .data = &init_net.ipv6.frags.timeout.
I'd suggest to refer to the proper namespace, check out
net/netfilter/nf_conntrack_standalone.c for an example.
> s2) When register sysctls of conntrack ipv6 protocol in nf_ct_l3proto_register_sysctl(),
> print a waring like this.
> "nf_conntrack_frag6_timeout and ip6frag_time, nf_conntrack_frag6_low_thresh and ip6frag_low_thresh,
> nf_conntrack_frag6_high_thresh and ip6frag_high_thresh, the three sets are equivalent.
> nf_conntrack_frag6_timeout is just an alias for ip6frag_time. The former Parameters of IPv6 conntrack
> will be removed in the future, please use the latter ones of IPv6."
>
> s3) Describe these removable sysctl ABIs in Documentation/feature-removal-schedule.txt
This sounds fine.
prev parent reply other threads:[~2010-02-25 17:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-24 7:48 [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace Alexey Dobriyan
2010-02-24 8:26 ` Shan Wei
2010-02-24 14:05 ` Patrick McHardy
2010-02-25 11:36 ` Shan Wei
2010-02-25 17:34 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B86B49F.1010806@trash.net \
--to=kaber@trash.net \
--cc=adobriyan@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=shanwei@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.