[PATCH 04/31 DO NOT APPLY] enable netfilter in netns

[PATCH 04/31 DO NOT APPLY] enable netfilter in netns

[Alexey Dobriyan]

	Only for testing.

--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -165,14 +165,6 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
 	unsigned int verdict;
 	int ret = 0;
 
-#ifdef CONFIG_NET_NS
-	struct net *net;
-
-	net = indev == NULL ? dev_net(outdev) : dev_net(indev);
-	if (net != &init_net)
-		return 1;
-#endif
-
 	/* We may already have this, but read-locks nest anyway */
 	rcu_read_lock();
 
--- a/net/netfilter/nf_sockopt.c
+++ b/net/netfilter/nf_sockopt.c
@@ -65,9 +65,6 @@ static struct nf_sockopt_ops *nf_sockopt_find(struct sock *sk, int pf,
 {
 	struct nf_sockopt_ops *ops;
 
-	if (!net_eq(sock_net(sk), &init_net))
-		return ERR_PTR(-ENOPROTOOPT);
-
 	if (mutex_lock_interruptible(&nf_sockopt_mutex) != 0)
 		return ERR_PTR(-EINTR);
 
-- 
1.5.4.5

Re: [PATCH 04/31 DO NOT APPLY] enable netfilter in netns

[Patrick McHardy]

Alexey Dobriyan wrote:
> 	Only for testing.

Thanks for posting this, I'll try to get this reviewed and
merged before the merge window closes.

Just one question since this patch is marked DO NO APPLY -
are the remaining patches meant for applying? Is there
any further work left until netfilter is fully namespace
aware?

Re: [PATCH 04/31 DO NOT APPLY] enable netfilter in netns

[David Miller]

From: Patrick McHardy <kaber@trash.net>
Date: Mon, 21 Jul 2008 19:01:32 +0200

> Alexey Dobriyan wrote:
> > 	Only for testing.
> 
> Thanks for posting this, I'll try to get this reviewed and
> merged before the merge window closes.

For networking it closed yesterday:

--------------------
Subject: net-2.6 merged to Linus...
From: David Miller <davem@davemloft.net>
To: netdev@vger.kernel.org
Date: Sun, 20 Jul 2008 22:05:06 -0700 (PDT)
X-Mailer: Mew version 5.2 on Emacs 22.1 / Mule 5.0 (SAKAKI)


I would like to thank everyone for their work and I ask that folks
concentrate on bug fixing now.

Thanks a lot!
--------------------

Re: [PATCH 04/31 DO NOT APPLY] enable netfilter in netns

[Alexey Dobriyan]

On Mon, Jul 21, 2008 at 07:01:32PM +0200, Patrick McHardy wrote:
> Alexey Dobriyan wrote:
>> 	Only for testing.
>
> Thanks for posting this, I'll try to get this reviewed and
> merged before the merge window closes.
>
> Just one question since this patch is marked DO NO APPLY -
> are the remaining patches meant for applying?

Yes!

Let's ask Den about this particular patch, though. :-)

> Is there any further work left until netfilter is fully namespace aware?

We discussed this in "unlock iptables in netns" thread
http://marc.info/?l=linux-netdev&m=121311890005554&w=2

With this patchset conntracking and NAT are largely netns-ready (I hope),
the list shrinks.

	ebtable_filter
	ebtable_nat
	selinux
	decnet
	IPv6 REJECT
	+ several individual matches/etc 

As for other stuff,
	conntrack statistics (trivial)
	ctnetlink (stubbed to init_net, dunno what it is)
	NF_LOG, NF_QUEUE (deprecated? don't bother at all?)



grep init_net -w -n -r net/netfilter/ net/ipv4/netfilter/ net/ipv6/netfilter/
shows more or less what works, and what doesn't.

Re: [PATCH 04/31 DO NOT APPLY] enable netfilter in netns

[Alexey Dobriyan]

On Mon, Jul 21, 2008 at 10:07:22AM -0700, David Miller wrote:
> From: Patrick McHardy <kaber@trash.net>
> Date: Mon, 21 Jul 2008 19:01:32 +0200
> 
> > Alexey Dobriyan wrote:
> > > 	Only for testing.
> > 
> > Thanks for posting this, I'll try to get this reviewed and
> > merged before the merge window closes.
> 
> For networking it closed yesterday:

That's fine, if it waits for next one.
As they say in Russia, who understood life, doesn't hurry. :^)

> --------------------
> Subject: net-2.6 merged to Linus...
> From: David Miller <davem@davemloft.net>
> To: netdev@vger.kernel.org
> Date: Sun, 20 Jul 2008 22:05:06 -0700 (PDT)
> X-Mailer: Mew version 5.2 on Emacs 22.1 / Mule 5.0 (SAKAKI)
> 
> 
> I would like to thank everyone for their work and I ask that folks
> concentrate on bug fixing now.
> 
> Thanks a lot!
> --------------------