From: Liping Zhang <zlpnobody@gmail.com>
To: Florian Westphal <fw@strlen.de>
Cc: Liping Zhang <zlpnobody@163.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nf-next RFC 0/5] netfilter: add net namespace support for cthelper
Date: Mon, 5 Jun 2017 13:11:19 +0800 [thread overview]
Message-ID: <CAML_gOf3dW1kVpyObPZoHWSb44DX3w6vhsWXq11xwFU2pFnvFA@mail.gmail.com> (raw)
In-Reply-To: <20170604160753.GA843@breakpoint.cc>
Hi Florian & Pablo,
2017-06-05 0:07 GMT+08:00 Florian Westphal <fw@strlen.de>:
> Liping Zhang <zlpnobody@163.com> wrote:
>> This patch set aims to add net namespace support for the ct helper,
>> it is a little large, but I try my best to split them to a relative
>> smaller patches, which will help to review. Comments are welcome.
>
> Why? Could you explain what kind of functionality is added here, or
> what problem is fixed?
>
> Why do we need per netns complexity for helpers?
I remembered Pablo told me that the ct helpers "is probably one of
the remaining subsystems not having netns support", when I sent
patches to fix other issues.
So I try to accomplish the netns support for ct helpers.
(see https://patchwork.ozlabs.org/patch/740692/).
For these user ct helpers, after per netns support, we can config
different policy to these ct helpers with the same name.(But indeed,
this flexible seems less valuable, we can accomplish it in different
ways).
For these kernel built-in ct helpers, per netns support is indeed
unnecessary. Especially after Florian's patch: "netns: add and
use net_ns_barrier".
Anyway, I have no objection to drop this patch set, as it increased
too much complexity but earned a very little.
next prev parent reply other threads:[~2017-06-05 5:11 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-04 15:25 [PATCH nf-next RFC 0/5] netfilter: add net namespace support for cthelper Liping Zhang
2017-06-04 15:25 ` [PATCH nf-next RFC 1/5] netfilter: use nf_conntrack_helpers_register when possible Liping Zhang
2017-06-05 9:26 ` Florian Westphal
2017-06-19 17:13 ` Pablo Neira Ayuso
2017-06-04 15:25 ` [PATCH nf-next RFC 2/5] netfilter: make nf_conntrack_helper_register become per-net Liping Zhang
2017-06-04 15:25 ` [PATCH nf-next RFC 3/5] netfilter: make each ct helper belong to a specific netns Liping Zhang
2017-06-04 15:25 ` [PATCH nf-next RFC 4/5] netfilter: complete the netns support for the user cthelpers Liping Zhang
2017-06-04 15:25 ` [PATCH nf-next RFC 5/5] netfilter: complete the netns support for the kernel built-in cthelpers Liping Zhang
2017-06-04 16:07 ` [PATCH nf-next RFC 0/5] netfilter: add net namespace support for cthelper Florian Westphal
2017-06-04 19:45 ` Pablo Neira Ayuso
2017-06-05 5:11 ` Liping Zhang [this message]
2017-06-06 0:04 ` Pablo Neira Ayuso
2017-06-06 4:15 ` Liping Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAML_gOf3dW1kVpyObPZoHWSb44DX3w6vhsWXq11xwFU2pFnvFA@mail.gmail.com \
--to=zlpnobody@gmail.com \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=zlpnobody@163.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).