Re: netfilter: nf_tables: complete net namespace support

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: netfilter: nf_tables: complete net namespace support
Date: Wed, 20 Feb 2013 01:56:38 +0100	[thread overview]
Message-ID: <20130220005638.GB4061@localhost> (raw)
In-Reply-To: <20130219230228.GA2345@macbook.localnet>

On Wed, Feb 20, 2013 at 12:02:28AM +0100, Patrick McHardy wrote:
> Hi Pablo,
> 
> just going through the commits to the nftables tree of the past two months,
> this one caught my eye:

Great, please let me know if you find more stuff to discuss.

> Commit a85bea2a (netfilter: nf_tables: complete net namespace support) adds
> per-NS af_info lists and registers the IPv4/IPv6/Bridge AFs in every NS.
> I don't get the point of this at all, when the module is loaded, the AFs
> will be registered in every namespace anyways, there's no way to have it
> registered in just a subset of the namespaces, so why do this at all?
> 
> From what I can tell, this patch can simply be reverted again.

We need an empty table list for each family in each namespace.
Otherwise registered tables will be globally visible in every existing
namespace.

     prev parent reply	other threads:[~2013-02-20  0:56 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-02-19 23:02 netfilter: nf_tables: complete net namespace support Patrick McHardy
2013-02-20  0:56 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130220005638.GB4061@localhost \
    --to=pablo@netfilter.org \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).