* [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net
2026-04-30 1:30 [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net nmreadelf
@ 2026-04-30 1:32 ` nmreadelf
2026-04-30 1:33 ` [RFC PATCH net-next 1/3] ipv4: netns: group copyable TCP sysctls in netns_ipv4 nmreadelf
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: nmreadelf @ 2026-04-30 1:32 UTC (permalink / raw)
To: davem, edumazet, kuba, pabeni, corbet, dsahern
Cc: horms, chia-yu.chang, idosch, ij, brauner, jack, kuniyu, jlayton,
netdev, linux-doc, linux-kernel, kong414, lance.yang, leon.hwang
a new network namespace starts with built-in TCP defaults.
In container-heavy setups, operators often tune TCP sysctls in init_net and then
need to re-apply the same values for each new netns.
This series adds an opt-in mechanism to initialize per-netns IPv4 TCP sysctl
settings from init_net at netns creation time.
Behavior:
Default is unchanged.
When net.ipv4.netns_inherit_tcp_sysctls=1, new netns inherit
TCP sysctl from old_net.
nmreadelf (3):
ipv4: netns: group copyable TCP sysctls in netns_ipv4
net: ipv4: add netns_inherit_tcp_sysctls sysctl
tcp: netns: optionally inherit IPv4 TCP sysctls from parent netns
.../net_cachelines/netns_ipv4_sysctl.rst | 25 +++----
include/net/netns/ipv4.h | 33 +++++----
net/core/net_namespace.c | 72 +++++++++++++++++++
net/ipv4/sysctl_net_ipv4.c | 9 +++
4 files changed, 114 insertions(+), 25 deletions(-)
--
2.47.3
^ permalink raw reply [flat|nested] 7+ messages in thread* [RFC PATCH net-next 1/3] ipv4: netns: group copyable TCP sysctls in netns_ipv4
2026-04-30 1:30 [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net nmreadelf
2026-04-30 1:32 ` nmreadelf
@ 2026-04-30 1:33 ` nmreadelf
2026-04-30 1:33 ` [RFC PATCH net-next 2/3] net: ipv4: add netns_inherit_tcp_sysctls sysctl nmreadelf
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: nmreadelf @ 2026-04-30 1:33 UTC (permalink / raw)
To: davem, edumazet, kuba, pabeni, corbet, dsahern
Cc: horms, chia-yu.chang, idosch, ij, brauner, jack, kuniyu, jlayton,
netdev, linux-doc, linux-kernel, kong414, lance.yang, leon.hwang
Group the TCP sysctl members into tcp_sysctl using struct_group().
This makes the memcpy and sizeof boundaries clear in follow-up
patches, avoids relying on writes across neighboring
members, and improves readability.
---
.../net_cachelines/netns_ipv4_sysctl.rst | 25 ++++++++-------
include/net/netns/ipv4.h | 32 +++++++++++--------
2 files changed, 32 insertions(+), 25 deletions(-)
diff --git a/Documentation/networking/net_cachelines/netns_ipv4_sysctl.rst b/Documentation/networking/net_cachelines/netns_ipv4_sysctl.rst
index beaf1880a19b..f6edf02618fa 100644
--- a/Documentation/networking/net_cachelines/netns_ipv4_sysctl.rst
+++ b/Documentation/networking/net_cachelines/netns_ipv4_sysctl.rst
@@ -43,23 +43,20 @@ u32 ip_rt_min_pmtu
int ip_rt_mtu_expires
int ip_rt_min_advmss
struct_local_ports ip_local_ports
-u8 sysctl_tcp_ecn
-u8 sysctl_tcp_ecn_fallback
u8 sysctl_ip_default_ttl ip4_dst_hoplimit/ip_select_ttl
u8 sysctl_ip_no_pmtu_disc
-u8 sysctl_ip_fwd_use_pmtu read_mostly ip_dst_mtu_maybe_forward/ip_skb_dst_mtu
u8 sysctl_ip_fwd_update_priority ip_forward
u8 sysctl_ip_nonlocal_bind
u8 sysctl_ip_autobind_reuse
u8 sysctl_ip_dynaddr
-u8 sysctl_ip_early_demux read_mostly ip(6)_rcv_finish_core
u8 sysctl_raw_l3mdev_accept
-u8 sysctl_tcp_early_demux read_mostly ip(6)_rcv_finish_core
u8 sysctl_udp_early_demux
u8 sysctl_nexthop_compat_mode
u8 sysctl_fwmark_reflect
+.. struct_group(tcp_sysctl) bulk-copied via memcpy() in tcp_sk_init()
+u8 sysctl_tcp_ecn
+u8 sysctl_tcp_ecn_fallback
u8 sysctl_tcp_fwmark_accept
-u8 sysctl_tcp_l3mdev_accept read_mostly __inet6_lookup_established/inet_request_bound_dev_if
u8 sysctl_tcp_mtu_probing
int sysctl_tcp_mtu_probe_floor
int sysctl_tcp_base_mss
@@ -85,6 +82,7 @@ unsigned_int sysctl_tcp_notsent_lowat rea
u8 sysctl_tcp_sack tcp_syn_options
u8 sysctl_tcp_window_scaling tcp_syn_options,tcp_parse_options
u8 sysctl_tcp_timestamps
+u8 sysctl_netns_inherit_tcp_sysctls read_mostly tcp_schedule_loss_probe(tcp_write_xmit)
u8 sysctl_tcp_early_retrans read_mostly tcp_schedule_loss_probe(tcp_write_xmit)
u32 sysctl_tcp_rto_max_ms
u8 sysctl_tcp_recovery tcp_fastretrans_alert
@@ -123,18 +121,21 @@ unsigned_long sysctl_tcp_comp_sack_delay_ns
unsigned_long sysctl_tcp_comp_sack_slack_ns __tcp_ack_snd_check
int sysctl_max_syn_backlog
int sysctl_tcp_fastopen
-struct_tcp_congestion_ops tcp_congestion_control init_cc
-struct_tcp_fastopen_context tcp_fastopen_ctx
unsigned_int sysctl_tcp_fastopen_blackhole_timeout
-atomic_t tfo_active_disable_times
-unsigned_long tfo_active_disable_stamp
-u32 tcp_challenge_timestamp
-u32 tcp_challenge_count
u8 sysctl_tcp_plb_enabled
u8 sysctl_tcp_plb_idle_rehash_rounds
u8 sysctl_tcp_plb_rehash_rounds
u8 sysctl_tcp_plb_suspend_rto_sec
int sysctl_tcp_plb_cong_thresh
+u8 sysctl_tcp_shrink_window
+u8 sysctl_tcp_syn_linear_timeouts
+.. end_of(tcp_sysctl)
+struct_tcp_congestion_ops tcp_congestion_control init_cc
+struct_tcp_fastopen_context tcp_fastopen_ctx
+atomic_t tfo_active_disable_times
+unsigned_long tfo_active_disable_stamp
+u32 tcp_challenge_timestamp
+u32 tcp_challenge_count
int sysctl_udp_wmem_min
int sysctl_udp_rmem_min
u8 sysctl_fib_notify_on_flag_change
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 2dbd46fc4734..53b180cc7a94 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -116,7 +116,6 @@ struct netns_ipv4 {
#endif
bool fib_has_custom_local_routes;
bool fib_offload_disabled;
- u8 sysctl_tcp_shrink_window;
#ifdef CONFIG_IP_ROUTE_CLASSID
atomic_t fib_num_tclassid_users;
#endif
@@ -149,11 +148,6 @@ struct netns_ipv4 {
struct local_ports ip_local_ports;
- u8 sysctl_tcp_ecn;
- u8 sysctl_tcp_ecn_option;
- u8 sysctl_tcp_ecn_option_beacon;
- u8 sysctl_tcp_ecn_fallback;
-
u8 sysctl_ip_default_ttl;
u8 sysctl_ip_no_pmtu_disc;
u8 sysctl_ip_fwd_update_priority;
@@ -169,6 +163,14 @@ struct netns_ipv4 {
u8 sysctl_nexthop_compat_mode;
u8 sysctl_fwmark_reflect;
+
+ /* TCP sysctl fields enclosed in tcp_sysctl group are copied
+ * using a single memcpy() in tcp_sk_init()
+ */
+ struct_group(tcp_sysctl, u8 sysctl_tcp_ecn;
+ u8 sysctl_tcp_ecn_option;
+ u8 sysctl_tcp_ecn_option_beacon;
+ u8 sysctl_tcp_ecn_fallback;
u8 sysctl_tcp_fwmark_accept;
u8 sysctl_tcp_mtu_probing;
int sysctl_tcp_mtu_probe_floor;
@@ -227,24 +229,28 @@ struct netns_ipv4 {
unsigned long sysctl_tcp_comp_sack_slack_ns;
int sysctl_max_syn_backlog;
int sysctl_tcp_fastopen;
- const struct tcp_congestion_ops __rcu *tcp_congestion_control;
- struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
unsigned int sysctl_tcp_fastopen_blackhole_timeout;
- atomic_t tfo_active_disable_times;
- unsigned long tfo_active_disable_stamp;
- u32 tcp_challenge_timestamp;
- u32 tcp_challenge_count;
u8 sysctl_tcp_plb_enabled;
u8 sysctl_tcp_plb_idle_rehash_rounds;
u8 sysctl_tcp_plb_rehash_rounds;
u8 sysctl_tcp_plb_suspend_rto_sec;
int sysctl_tcp_plb_cong_thresh;
+ u8 sysctl_tcp_shrink_window;
+ u8 sysctl_tcp_syn_linear_timeouts;
+
+ ); /* end tcp_sysctl group */
+
+ const struct tcp_congestion_ops __rcu *tcp_congestion_control;
+ struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
+ atomic_t tfo_active_disable_times;
+ unsigned long tfo_active_disable_stamp;
+ u32 tcp_challenge_timestamp;
+ u32 tcp_challenge_count;
int sysctl_udp_wmem_min;
int sysctl_udp_rmem_min;
u8 sysctl_fib_notify_on_flag_change;
- u8 sysctl_tcp_syn_linear_timeouts;
#ifdef CONFIG_NET_L3_MASTER_DEV
u8 sysctl_udp_l3mdev_accept;
--
2.47.3
^ permalink raw reply related [flat|nested] 7+ messages in thread* [RFC PATCH net-next 2/3] net: ipv4: add netns_inherit_tcp_sysctls sysctl
2026-04-30 1:30 [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net nmreadelf
2026-04-30 1:32 ` nmreadelf
2026-04-30 1:33 ` [RFC PATCH net-next 1/3] ipv4: netns: group copyable TCP sysctls in netns_ipv4 nmreadelf
@ 2026-04-30 1:33 ` nmreadelf
2026-04-30 1:33 ` [RFC PATCH net-next 3/3] tcp: netns: optionally inherit IPv4 TCP sysctls from parent netns nmreadelf
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: nmreadelf @ 2026-04-30 1:33 UTC (permalink / raw)
To: davem, edumazet, kuba, pabeni, corbet, dsahern
Cc: horms, chia-yu.chang, idosch, ij, brauner, jack, kuniyu, jlayton,
netdev, linux-doc, linux-kernel, kong414, lance.yang, leon.hwang
Add net.ipv4.netns_inherit_tcp_sysctls to control whether a newly created
netns inherits selected IPv4 TCP sysctl state from old_net.
Default is 0, preserving current behavior.
When set to 1 in old_net, child netns receives parent TCP sysctl policy
during netns creation.
---
include/net/netns/ipv4.h | 1 +
net/ipv4/sysctl_net_ipv4.c | 9 +++++++++
2 files changed, 10 insertions(+)
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 53b180cc7a94..184498d4d541 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -60,6 +60,7 @@ struct netns_ipv4 {
/* TX readonly hotpath cache lines */
__cacheline_group_begin(netns_ipv4_read_tx);
+ u8 sysctl_netns_inherit_tcp_sysctls;
u8 sysctl_tcp_early_retrans;
u8 sysctl_tcp_tso_win_divisor;
u8 sysctl_tcp_tso_rtt_log;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index a1a50a5c80dc..58a310c029d9 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -1641,6 +1641,15 @@ static struct ctl_table ipv4_net_table[] = {
.extra1 = SYSCTL_ONE_THOUSAND,
.extra2 = &tcp_rto_max_max,
},
+ {
+ .procname = "netns_inherit_tcp_sysctls",
+ .data = &init_net.ipv4.sysctl_netns_inherit_tcp_sysctls,
+ .maxlen = sizeof(u8),
+ .mode = 0644,
+ .proc_handler = proc_dou8vec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_ONE,
+ },
};
static __net_init int ipv4_sysctl_init_net(struct net *net)
--
2.47.3
^ permalink raw reply related [flat|nested] 7+ messages in thread* [RFC PATCH net-next 3/3] tcp: netns: optionally inherit IPv4 TCP sysctls from parent netns
2026-04-30 1:30 [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net nmreadelf
` (2 preceding siblings ...)
2026-04-30 1:33 ` [RFC PATCH net-next 2/3] net: ipv4: add netns_inherit_tcp_sysctls sysctl nmreadelf
@ 2026-04-30 1:33 ` nmreadelf
2026-04-30 2:46 ` [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net Eric Dumazet
2026-04-30 15:44 ` Nicolas Dichtel
5 siblings, 0 replies; 7+ messages in thread
From: nmreadelf @ 2026-04-30 1:33 UTC (permalink / raw)
To: davem, edumazet, kuba, pabeni, corbet, dsahern
Cc: horms, chia-yu.chang, idosch, ij, brauner, jack, kuniyu, jlayton,
netdev, linux-doc, linux-kernel, kong414, lance.yang, leon.hwang
During netns creation, setup_net() initializes IPv4 TCP sysctls. Add an
optional follow-up copy step in copy_net_ns() so selected IPv4 TCP sysctl
settings can be inherited from old_net when
net.ipv4.netns_inherit_tcp_sysctls=1.
The copy uses the tcp_sysctl struct_group plus selected related fields
outside that group, guarded by BUILD_BUG_ON checks for layout safety.
Default behavior is unchanged because inheritance is disabled unless
explicitly enabled in old_net.
---
net/core/net_namespace.c | 72 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 72 insertions(+)
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index a6e6a964a287..d6587362d450 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -548,6 +548,74 @@ void net_drop_ns(void *p)
net_passive_dec(net);
}
+static int __net_init copy_net_ns_tcp_sysctls(struct net *net, struct net *old_net)
+{
+ if (net == old_net)
+ return 0;
+
+ /* Make sure TCP sysctl fields are contained by tcp_sysctl group */
+#define CHECK_SYSCTL_TCP_FIELD(lhs, rhs) \
+ BUILD_BUG_ON(offsetof(struct netns_ipv4, lhs) != \
+ offsetof(struct netns_ipv4, tcp_sysctl.rhs))
+
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_ecn, sysctl_tcp_ecn);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_ecn_fallback, sysctl_tcp_ecn_fallback);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_base_mss, sysctl_tcp_base_mss);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_keepalive_time, sysctl_tcp_keepalive_time);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_syncookies, sysctl_tcp_syncookies);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_fin_timeout, sysctl_tcp_fin_timeout);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_sack, sysctl_tcp_sack);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_window_scaling, sysctl_tcp_window_scaling);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_timestamps, sysctl_tcp_timestamps);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_rto_min_us, sysctl_tcp_rto_min_us);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_rto_max_ms, sysctl_tcp_rto_max_ms);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_recovery, sysctl_tcp_recovery);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_max_reordering, sysctl_tcp_max_reordering);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_challenge_ack_limit, sysctl_tcp_challenge_ack_limit);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_pacing_ss_ratio, sysctl_tcp_pacing_ss_ratio);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_pacing_ca_ratio, sysctl_tcp_pacing_ca_ratio);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_comp_sack_delay_ns, sysctl_tcp_comp_sack_delay_ns);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_comp_sack_slack_ns, sysctl_tcp_comp_sack_slack_ns);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_fastopen, sysctl_tcp_fastopen);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_fastopen_blackhole_timeout,
+ sysctl_tcp_fastopen_blackhole_timeout);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_plb_enabled, sysctl_tcp_plb_enabled);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_plb_cong_thresh, sysctl_tcp_plb_cong_thresh);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_shrink_window, sysctl_tcp_shrink_window);
+ CHECK_SYSCTL_TCP_FIELD(sysctl_tcp_syn_linear_timeouts, sysctl_tcp_syn_linear_timeouts);
+
+ memcpy(&net->ipv4.tcp_sysctl,
+ &old_net->ipv4.tcp_sysctl, sizeof(net->ipv4.tcp_sysctl));
+ net->ipv4.sysctl_netns_inherit_tcp_sysctls =
+ old_net->ipv4.sysctl_netns_inherit_tcp_sysctls;
+ net->ipv4.sysctl_tcp_min_snd_mss =
+ old_net->ipv4.sysctl_tcp_min_snd_mss;
+ net->ipv4.sysctl_tcp_reordering =
+ old_net->ipv4.sysctl_tcp_reordering;
+ net->ipv4.sysctl_tcp_notsent_lowat =
+ old_net->ipv4.sysctl_tcp_notsent_lowat;
+
+ net->ipv4.sysctl_tcp_early_retrans =
+ old_net->ipv4.sysctl_tcp_early_retrans;
+ net->ipv4.sysctl_tcp_tso_win_divisor =
+ old_net->ipv4.sysctl_tcp_tso_win_divisor;
+ net->ipv4.sysctl_tcp_tso_rtt_log =
+ old_net->ipv4.sysctl_tcp_tso_rtt_log;
+ net->ipv4.sysctl_tcp_autocorking =
+ old_net->ipv4.sysctl_tcp_autocorking;
+ net->ipv4.sysctl_tcp_limit_output_bytes =
+ old_net->ipv4.sysctl_tcp_limit_output_bytes;
+ net->ipv4.sysctl_tcp_min_rtt_wlen =
+ old_net->ipv4.sysctl_tcp_min_rtt_wlen;
+ net->ipv4.sysctl_tcp_moderate_rcvbuf =
+ old_net->ipv4.sysctl_tcp_moderate_rcvbuf;
+ net->ipv4.sysctl_tcp_rcvbuf_low_rtt =
+ old_net->ipv4.sysctl_tcp_rcvbuf_low_rtt;
+ atomic_set(&net->ipv4.tfo_active_disable_times,
+ atomic_read(&old_net->ipv4.tfo_active_disable_times));
+ return 0;
+}
+
struct net *copy_net_ns(u64 flags,
struct user_namespace *user_ns, struct net *old_net)
{
@@ -594,6 +662,10 @@ struct net *copy_net_ns(u64 flags,
dec_net_namespaces(ucounts);
return ERR_PTR(rv);
}
+
+ if (READ_ONCE(old_net->ipv4.sysctl_netns_inherit_tcp_sysctls))
+ copy_net_ns_tcp_sysctls(net, old_net);
+
return net;
}
--
2.47.3
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net
2026-04-30 1:30 [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net nmreadelf
` (3 preceding siblings ...)
2026-04-30 1:33 ` [RFC PATCH net-next 3/3] tcp: netns: optionally inherit IPv4 TCP sysctls from parent netns nmreadelf
@ 2026-04-30 2:46 ` Eric Dumazet
2026-04-30 15:44 ` Nicolas Dichtel
5 siblings, 0 replies; 7+ messages in thread
From: Eric Dumazet @ 2026-04-30 2:46 UTC (permalink / raw)
To: nmreadelf
Cc: davem, kuba, pabeni, corbet, dsahern, horms, chia-yu.chang,
idosch, ij, brauner, jack, kuniyu, jlayton, netdev, linux-doc,
linux-kernel, lance.yang, leon.hwang
On Wed, Apr 29, 2026 at 6:30 PM nmreadelf <kong414@outlook.com> wrote:
>
> a new network namespace starts with built-in TCP defaults.
> In container-heavy setups, operators often tune TCP sysctls in init_net and then
> need to re-apply the same values for each new netns.
>
There is a mistake here. init_net is not the same as parent_net (or
old_net in your patches)
unshare -n # Parent netns might be init_net
unshare -n # Parent netns is not init_net
...
> This series adds an opt-in mechanism to initialize per-netns IPv4 TCP sysctl
> settings from init_net at netns creation time.
>
> Behavior:
>
> Default is unchanged.
> When net.ipv4.netns_inherit_tcp_sysctls=1, new netns inherit
> TCP sysctl from old_net.
>
> nmreadelf (3):
> ipv4: netns: group copyable TCP sysctls in netns_ipv4
> net: ipv4: add netns_inherit_tcp_sysctls sysctl
> tcp: netns: optionally inherit IPv4 TCP sysctls from parent netns
>
> .../net_cachelines/netns_ipv4_sysctl.rst | 25 +++----
> include/net/netns/ipv4.h | 33 +++++----
> net/core/net_namespace.c | 72 +++++++++++++++++++
> net/ipv4/sysctl_net_ipv4.c | 9 +++
> 4 files changed, 114 insertions(+), 25 deletions(-)
>
> --
> 2.47.3
>
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net
2026-04-30 1:30 [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net nmreadelf
` (4 preceding siblings ...)
2026-04-30 2:46 ` [RFC PATCH net-next 0/3] netns: optionally inherit IPv4 TCP sysctls from old net Eric Dumazet
@ 2026-04-30 15:44 ` Nicolas Dichtel
5 siblings, 0 replies; 7+ messages in thread
From: Nicolas Dichtel @ 2026-04-30 15:44 UTC (permalink / raw)
To: nmreadelf, davem, edumazet, kuba, pabeni, corbet, dsahern
Cc: horms, chia-yu.chang, idosch, ij, brauner, jack, kuniyu, jlayton,
netdev, linux-doc, linux-kernel, lance.yang, leon.hwang
Le 30/04/2026 à 03:30, nmreadelf a écrit :
> a new network namespace starts with built-in TCP defaults.
> In container-heavy setups, operators often tune TCP sysctls in init_net and then
> need to re-apply the same values for each new netns.
>
> This series adds an opt-in mechanism to initialize per-netns IPv4 TCP sysctl
> settings from init_net at netns creation time.
>
> Behavior:
>
> Default is unchanged.
> When net.ipv4.netns_inherit_tcp_sysctls=1, new netns inherit
> TCP sysctl from old_net.
There is the same kind of sysctl for net.{ipv4,ipv6}.conf.{all,default}.*:
net.core.devconf_inherit_init_net.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/admin-guide/sysctl/net.rst#n401
I'm not sure if it's acceptable to use this existing entry to control the TCP
sysctl.
At least, putting the new one in the same place + using the same template for
the name + the same values would be nice. Something like
net.core.tcp_inherit_init_net.
Regards,
Nicolas
^ permalink raw reply [flat|nested] 7+ messages in thread