[PATCH 00/15 RFC] per-netns sysctl for br_netfilter

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vasily Averin <vvs@parallels.com>
To: Bart De Schuymer <bdschuym@pandora.be>
Cc: Florian Westphal <fw@strlen.de>,
	netfilter-devel@vger.kernel.org,
	Stephen Hemminger <stephen@networkplumber.org>,
	Patrick McHardy <kaber@trash.net>,
	Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 00/15 RFC] per-netns sysctl for br_netfilter
Date: Sat, 10 May 2014 01:26:28 +0400	[thread overview]
Message-ID: <536D4804.2060801@parallels.com> (raw)
In-Reply-To: <536A8054.90201@pandora.de>

This patch set implements per-netns sysctl for br_netfilter.

I would be very grateful for any feedback and improvement recommendations.

I'm not sure is it safe to use dev_net(skb->dev) to get reference to net namespace
(see patches 11-15 for details), however I expect that skb inside bridge
should have correct reference to device.

Vasily Averin (15):
 1 br_netfilter: brnf_net structure definition
 2 br_netfilter: default settings in init_brnf_net
 3 br_netfilter: switch sysctl nf_call_arptables to init_brnf_net
 4 br_netfilter: switch sysctl nf_call_iptables to init_brnf_net
 5 br_netfilter: switch sysctl nf_call_ip6tables to init_brnf_net
 6 br_netfilter: switch sysctl filter_vlan_tagged to init_brnf_net
 7 br_netfilter: switch sysctl filter_pppoe_tagged to init_brnf_net
 8 br_netfilter: switch sysctl pass_vlan_indev to init_brnf_net
 9 br_netfilter: pernet_operations brnf_net_ops without per-netns sysctl
    registration
10 br_netfilter: added per-netns sysctl registration
11 br_netfilter: switch sysctl nf_call_arptables to per-netns processing
12 br_netfilter: switch sysctls nf_call_iptables and nf_call_ip6tables
    to per-netns processing
13 br_netfilter: switch sysctl filter_vlan_tagged to per-netns
    processing
14 br_netfilter: switch sysctl filter_pppoe_tagged to per-netns
    processing
15 br_netfilter: switch sysctl pass_vlan_indev to per-netns processing

 net/bridge/br_netfilter.c |  168 ++++++++++++++++++++++++++++++++-------------
 net/bridge/br_private.h   |   15 ++++
 2 files changed, 136 insertions(+), 47 deletions(-)

-- 
1.7.5.4

next      parent reply	other threads:[~2014-05-09 21:28 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <536A8054.90201@pandora.de>
2014-05-09 21:26 ` Vasily Averin [this message]
     [not found] ` <cover.1399660706.git.vvs@openvz.org>
2014-05-09 21:26   ` [PATCH 01/15] br_netfilter: brnf_net structure Vasily Averin
2014-05-11 19:26     ` Bart De Schuymer
2014-05-09 21:27   ` [PATCH 02/15] br_netfilter: default settings in init_brnf_net Vasily Averin
2014-05-09 21:27   ` [PATCH 03/15] br_netfilter: switch sysctl nf_call_arptables to init_brnf_net Vasily Averin
2014-05-09 21:27   ` [PATCH 04/15] br_netfilter: switch sysctl nf_call_iptables " Vasily Averin
2014-05-11 19:35     ` Bart De Schuymer
2014-05-09 21:27   ` [PATCH 05/15] br_netfilter: switch sysctl nf_call_ip6tables " Vasily Averin
2014-05-09 21:27   ` [PATCH 06/15] br_netfilter: switch sysctl filter_vlan_tagged " Vasily Averin
2014-05-09 21:27   ` [PATCH 07/15] br_netfilter: switch sysctl filter_pppoe_tagged " Vasily Averin
2014-05-09 21:28   ` [PATCH 08/15] br_netfilter: switch sysctl pass_vlan_indev " Vasily Averin
2014-05-09 21:28   ` [PATCH 09/15] br_netfilter: pernet_operations brnf_net_ops without per-netns sysctl registration Vasily Averin
2014-05-11 19:26     ` Bart De Schuymer
2014-05-09 21:28   ` [PATCH 10/15] br_netfilter: added " Vasily Averin
2014-05-09 21:28   ` [PATCH 11/15] br_netfilter: switch sysctl nf_call_arptables to per-netns processing Vasily Averin
2014-05-09 21:28   ` [PATCH 12/15] br_netfilter: switch sysctls nf_call_iptables and nf_call_ip6tables " Vasily Averin
2014-05-09 21:28   ` [PATCH 13/15] br_netfilter: switch sysctl filter_vlan_tagged " Vasily Averin
2014-05-09 21:28   ` [PATCH 14/15] br_netfilter: switch sysctl filter_pppoe_tagged " Vasily Averin
2014-05-09 21:29   ` [PATCH 15/15] br_netfilter: switch sysctl pass_vlan_indev " Vasily Averin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=536D4804.2060801@parallels.com \
    --to=vvs@parallels.com \
    --cc=bdschuym@pandora.be \
    --cc=fw@strlen.de \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=stephen@networkplumber.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.