Re: [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace
@ 2010-02-24  7:48 Alexey Dobriyan
  2010-02-24  8:26 ` Shan Wei
  0 siblings, 1 reply; 5+ messages in thread
From: Alexey Dobriyan @ 2010-02-24  7:48 UTC (permalink / raw)
  To: shanwei; +Cc: netdev

> -		.procname	= "nf_conntrack_frag6_timeout",
> -		.data		= &nf_init_frags.timeout,
> -		.maxlen		= sizeof(unsigned int),
> -		.mode		= 0644,
> -		.proc_handler	= proc_dointvec_jiffies,

Why are you removing sysctls?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace
  2010-02-24  7:48 [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace Alexey Dobriyan
@ 2010-02-24  8:26 ` Shan Wei
  2010-02-24 14:05   ` Patrick McHardy
  0 siblings, 1 reply; 5+ messages in thread
From: Shan Wei @ 2010-02-24  8:26 UTC (permalink / raw)
  To: Alexey Dobriyan; +Cc: netdev

Alexey Dobriyan wrote, at 02/24/2010 03:48 PM:
>> -		.procname	= "nf_conntrack_frag6_timeout",
>> -		.data		= &nf_init_frags.timeout,
>> -		.maxlen		= sizeof(unsigned int),
>> -		.mode		= 0644,
>> -		.proc_handler	= proc_dointvec_jiffies,
> 
> Why are you removing sysctls?

Because, after introduced net namespace, we can use net->ipv6.frags to 
manage IPv6 conntrack fragment queue instead of nf_init_frags. 
And sysctls of ip6frag_low_thresh, ip6frag_time and ip6frag_high_thresh 
also can control IPv6 conntrack fragment queue.

So, private member of nf_init_frags becomes redundant, and remove these sysctls. 

-- 
Best Regards
-----
Shan Wei

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace
  2010-02-24  8:26 ` Shan Wei
@ 2010-02-24 14:05   ` Patrick McHardy
  2010-02-25 11:36     ` Shan Wei
  0 siblings, 1 reply; 5+ messages in thread
From: Patrick McHardy @ 2010-02-24 14:05 UTC (permalink / raw)
  To: Shan Wei; +Cc: Alexey Dobriyan, netdev

Shan Wei wrote:
> Alexey Dobriyan wrote, at 02/24/2010 03:48 PM:
>>> -		.procname	= "nf_conntrack_frag6_timeout",
>>> -		.data		= &nf_init_frags.timeout,
>>> -		.maxlen		= sizeof(unsigned int),
>>> -		.mode		= 0644,
>>> -		.proc_handler	= proc_dointvec_jiffies,
>> Why are you removing sysctls?
> 
> Because, after introduced net namespace, we can use net->ipv6.frags to 
> manage IPv6 conntrack fragment queue instead of nf_init_frags. 
> And sysctls of ip6frag_low_thresh, ip6frag_time and ip6frag_high_thresh 
> also can control IPv6 conntrack fragment queue.
> 
> So, private member of nf_init_frags becomes redundant, and remove these sysctls. 

You can't simply remove them without a warning, people might be
using them.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace
  2010-02-24 14:05   ` Patrick McHardy
@ 2010-02-25 11:36     ` Shan Wei
  2010-02-25 17:34       ` Patrick McHardy
  0 siblings, 1 reply; 5+ messages in thread
From: Shan Wei @ 2010-02-25 11:36 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: Alexey Dobriyan, netdev

Patrick McHardy wrote, at 02/24/2010 10:05 PM:
> Shan Wei wrote:
>> Alexey Dobriyan wrote, at 02/24/2010 03:48 PM:
>>>> -		.procname	= "nf_conntrack_frag6_timeout",
>>>> -		.data		= &nf_init_frags.timeout,
>>>> -		.maxlen		= sizeof(unsigned int),
>>>> -		.mode		= 0644,
>>>> -		.proc_handler	= proc_dointvec_jiffies,
>>> Why are you removing sysctls?
>> Because, after introduced net namespace, we can use net->ipv6.frags to 
>> manage IPv6 conntrack fragment queue instead of nf_init_frags. 
>> And sysctls of ip6frag_low_thresh, ip6frag_time and ip6frag_high_thresh 
>> also can control IPv6 conntrack fragment queue.
>>
>> So, private member of nf_init_frags becomes redundant, and remove these sysctls. 
> 
> You can't simply remove them without a warning, people might be
> using them.

How to provide a warning to user?
How about handle these sysctl ABIs like this:

s1) Retain these sysctls and refer .data to appropriate member of frags of init_net.
    Take nf_conntrack_frag6_timeout for example, .data = &init_net.ipv6.frags.timeout.

s2) When register sysctls of conntrack ipv6 protocol in nf_ct_l3proto_register_sysctl(),
    print a waring like this.
    "nf_conntrack_frag6_timeout and ip6frag_time, nf_conntrack_frag6_low_thresh and ip6frag_low_thresh,
     nf_conntrack_frag6_high_thresh and ip6frag_high_thresh, the three sets are equivalent. 
     nf_conntrack_frag6_timeout is just an alias for ip6frag_time. The former Parameters of IPv6 conntrack
     will be removed in the future, please use the latter ones of IPv6."

s3) Describe these removable sysctl ABIs in Documentation/feature-removal-schedule.txt


-- 
Best Regards
-----
Shan Wei

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace
  2010-02-25 11:36     ` Shan Wei
@ 2010-02-25 17:34       ` Patrick McHardy
  0 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2010-02-25 17:34 UTC (permalink / raw)
  To: Shan Wei; +Cc: Alexey Dobriyan, netdev

Shan Wei wrote:
> Patrick McHardy wrote, at 02/24/2010 10:05 PM:
>> Shan Wei wrote:
>>> Alexey Dobriyan wrote, at 02/24/2010 03:48 PM:
>>>>> -		.procname	= "nf_conntrack_frag6_timeout",
>>>>> -		.data		= &nf_init_frags.timeout,
>>>>> -		.maxlen		= sizeof(unsigned int),
>>>>> -		.mode		= 0644,
>>>>> -		.proc_handler	= proc_dointvec_jiffies,
>>>> Why are you removing sysctls?
>>> Because, after introduced net namespace, we can use net->ipv6.frags to 
>>> manage IPv6 conntrack fragment queue instead of nf_init_frags. 
>>> And sysctls of ip6frag_low_thresh, ip6frag_time and ip6frag_high_thresh 
>>> also can control IPv6 conntrack fragment queue.
>>>
>>> So, private member of nf_init_frags becomes redundant, and remove these sysctls. 
>> You can't simply remove them without a warning, people might be
>> using them.
> 
> How to provide a warning to user?
> How about handle these sysctl ABIs like this:
> 
> s1) Retain these sysctls and refer .data to appropriate member of frags of init_net.
>     Take nf_conntrack_frag6_timeout for example, .data = &init_net.ipv6.frags.timeout.

I'd suggest to refer to the proper namespace, check out
net/netfilter/nf_conntrack_standalone.c for an example.

> s2) When register sysctls of conntrack ipv6 protocol in nf_ct_l3proto_register_sysctl(),
>     print a waring like this.
>     "nf_conntrack_frag6_timeout and ip6frag_time, nf_conntrack_frag6_low_thresh and ip6frag_low_thresh,
>      nf_conntrack_frag6_high_thresh and ip6frag_high_thresh, the three sets are equivalent. 
>      nf_conntrack_frag6_timeout is just an alias for ip6frag_time. The former Parameters of IPv6 conntrack
>      will be removed in the future, please use the latter ones of IPv6."
> 
> s3) Describe these removable sysctl ABIs in Documentation/feature-removal-schedule.txt

This sounds fine.



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-02-25 17:34 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-24  7:48 [RFC PATCH net-next 1/5]IPv6:netfilter: defrag:Introduce net namespace Alexey Dobriyan
2010-02-24  8:26 ` Shan Wei
2010-02-24 14:05   ` Patrick McHardy
2010-02-25 11:36     ` Shan Wei
2010-02-25 17:34       ` Patrick McHardy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).