* [PATCH net-next] net: ipv4: allocate ipv4_devconf memory for init_net
@ 2018-12-16 16:15 xiangxia.m.yue
2018-12-16 19:06 ` Cong Wang
0 siblings, 1 reply; 5+ messages in thread
From: xiangxia.m.yue @ 2018-12-16 16:15 UTC (permalink / raw)
To: netdev; +Cc: Tonghao Zhang
From: Tonghao Zhang <xiangxia.m.yue@gmail.com>
The devconf setting on the init_net will affect other
namespace when them created. For example:
$ cat /proc/sys/net/ipv4/conf/all/rp_filter
0
$ echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
$ cat /proc/sys/net/ipv4/conf/all/rp_filter
2
$ ip netns add ns100
$ ip netns exec ns100 bash
$ cat /proc/sys/net/ipv4/conf/all/rp_filter
2
The value of rp_filter in the ns100, should be 0 as
default, but it is 2 same as _init_net_.
To fix it and init devconf to default value, we allocate
memory for every namespace(include init_net), this memory
will be used to store themself setting data and we also
allocate memory to register sys_ctl tables.
IPv6 does that in the same way.
Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
---
net/ipv4/devinet.c | 40 ++++++++++++++++------------------------
1 file changed, 16 insertions(+), 24 deletions(-)
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 5b9b6d4..2edf0f8 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -2555,33 +2555,28 @@ static __net_init int devinet_init_net(struct net *net)
int err;
struct ipv4_devconf *all, *dflt;
#ifdef CONFIG_SYSCTL
- struct ctl_table *tbl = ctl_forward_entry;
+ struct ctl_table *tbl;
struct ctl_table_header *forw_hdr;
#endif
err = -ENOMEM;
- all = &ipv4_devconf;
- dflt = &ipv4_devconf_dflt;
-
- if (!net_eq(net, &init_net)) {
- all = kmemdup(all, sizeof(ipv4_devconf), GFP_KERNEL);
- if (!all)
- goto err_alloc_all;
+ all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
+ if (!all)
+ goto err_alloc_all;
- dflt = kmemdup(dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
- if (!dflt)
- goto err_alloc_dflt;
+ dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
+ if (!dflt)
+ goto err_alloc_dflt;
#ifdef CONFIG_SYSCTL
- tbl = kmemdup(tbl, sizeof(ctl_forward_entry), GFP_KERNEL);
- if (!tbl)
- goto err_alloc_ctl;
+ tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
+ if (!tbl)
+ goto err_alloc_ctl;
- tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
- tbl[0].extra1 = all;
- tbl[0].extra2 = net;
+ tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
+ tbl[0].extra1 = all;
+ tbl[0].extra2 = net;
#endif
- }
#ifdef CONFIG_SYSCTL
err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
@@ -2610,15 +2605,12 @@ static __net_init int devinet_init_net(struct net *net)
err_reg_dflt:
__devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
err_reg_all:
- if (tbl != ctl_forward_entry)
- kfree(tbl);
+ kfree(tbl);
err_alloc_ctl:
#endif
- if (dflt != &ipv4_devconf_dflt)
- kfree(dflt);
+ kfree(dflt);
err_alloc_dflt:
- if (all != &ipv4_devconf)
- kfree(all);
+ kfree(all);
err_alloc_all:
return err;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net-next] net: ipv4: allocate ipv4_devconf memory for init_net
2018-12-16 16:15 [PATCH net-next] net: ipv4: allocate ipv4_devconf memory for init_net xiangxia.m.yue
@ 2018-12-16 19:06 ` Cong Wang
2018-12-17 9:55 ` Tonghao Zhang
2018-12-18 23:09 ` David Miller
0 siblings, 2 replies; 5+ messages in thread
From: Cong Wang @ 2018-12-16 19:06 UTC (permalink / raw)
To: Tonghao Zhang; +Cc: Linux Kernel Network Developers
On Sun, Dec 16, 2018 at 8:24 AM <xiangxia.m.yue@gmail.com> wrote:
>
> From: Tonghao Zhang <xiangxia.m.yue@gmail.com>
>
> The devconf setting on the init_net will affect other
> namespace when them created. For example:
>
> $ cat /proc/sys/net/ipv4/conf/all/rp_filter
> 0
> $ echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
> $ cat /proc/sys/net/ipv4/conf/all/rp_filter
> 2
>
> $ ip netns add ns100
> $ ip netns exec ns100 bash
> $ cat /proc/sys/net/ipv4/conf/all/rp_filter
> 2
>
> The value of rp_filter in the ns100, should be 0 as
> default, but it is 2 same as _init_net_.
This has been a known issue for a long time. There
were several attempts to fix this.
The concern here is whether it breaks existing applications'
expectation with the change like yours. There was a proposal
introduces a new /proc file to control this behavior, I forget
why it is not accepted either. Please check netdev archives.
Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net-next] net: ipv4: allocate ipv4_devconf memory for init_net
2018-12-16 19:06 ` Cong Wang
@ 2018-12-17 9:55 ` Tonghao Zhang
2018-12-18 23:09 ` David Miller
1 sibling, 0 replies; 5+ messages in thread
From: Tonghao Zhang @ 2018-12-17 9:55 UTC (permalink / raw)
To: Cong Wang, David Miller; +Cc: Linux Kernel Network Developers
On Mon, Dec 17, 2018 at 3:06 AM Cong Wang <xiyou.wangcong@gmail.com> wrote:
>
> On Sun, Dec 16, 2018 at 8:24 AM <xiangxia.m.yue@gmail.com> wrote:
> >
> > From: Tonghao Zhang <xiangxia.m.yue@gmail.com>
> >
> > The devconf setting on the init_net will affect other
> > namespace when them created. For example:
> >
> > $ cat /proc/sys/net/ipv4/conf/all/rp_filter
> > 0
> > $ echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
> > $ cat /proc/sys/net/ipv4/conf/all/rp_filter
> > 2
> >
> > $ ip netns add ns100
> > $ ip netns exec ns100 bash
> > $ cat /proc/sys/net/ipv4/conf/all/rp_filter
> > 2
> >
> > The value of rp_filter in the ns100, should be 0 as
> > default, but it is 2 same as _init_net_.
>
> This has been a known issue for a long time. There
> were several attempts to fix this.
>
> The concern here is whether it breaks existing applications'
> expectation with the change like yours. There was a proposal
> introduces a new /proc file to control this behavior, I forget
> why it is not accepted either. Please check netdev archives.
I check netdev archives and a patch to fix it, but I do not find why
not applied.
https://lore.kernel.org/patchwork/patch/493547/
> Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net-next] net: ipv4: allocate ipv4_devconf memory for init_net
2018-12-16 19:06 ` Cong Wang
2018-12-17 9:55 ` Tonghao Zhang
@ 2018-12-18 23:09 ` David Miller
2018-12-20 3:24 ` Tonghao Zhang
1 sibling, 1 reply; 5+ messages in thread
From: David Miller @ 2018-12-18 23:09 UTC (permalink / raw)
To: xiyou.wangcong; +Cc: xiangxia.m.yue, netdev
From: Cong Wang <xiyou.wangcong@gmail.com>
Date: Sun, 16 Dec 2018 11:06:39 -0800
> On Sun, Dec 16, 2018 at 8:24 AM <xiangxia.m.yue@gmail.com> wrote:
>>
>> From: Tonghao Zhang <xiangxia.m.yue@gmail.com>
>>
>> The devconf setting on the init_net will affect other
>> namespace when them created. For example:
...
> This has been a known issue for a long time. There
> were several attempts to fix this.
>
> The concern here is whether it breaks existing applications'
> expectation with the change like yours. There was a proposal
> introduces a new /proc file to control this behavior, I forget
> why it is not accepted either. Please check netdev archives.
Please see:
https://patchwork.ozlabs.org/patch/488675/
I know why you couldn't find this.
In order to speed up database queries, after some time we mark
patchwork entires older than a certain date as "archived". By
default searches do not consider archived entries.
So you have to click the "Yes" checkbox for Archived in the search
dialogue.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net-next] net: ipv4: allocate ipv4_devconf memory for init_net
2018-12-18 23:09 ` David Miller
@ 2018-12-20 3:24 ` Tonghao Zhang
0 siblings, 0 replies; 5+ messages in thread
From: Tonghao Zhang @ 2018-12-20 3:24 UTC (permalink / raw)
To: David Miller; +Cc: Cong Wang, Linux Kernel Network Developers
On Wed, Dec 19, 2018 at 7:09 AM David Miller <davem@davemloft.net> wrote:
>
> From: Cong Wang <xiyou.wangcong@gmail.com>
> Date: Sun, 16 Dec 2018 11:06:39 -0800
>
> > On Sun, Dec 16, 2018 at 8:24 AM <xiangxia.m.yue@gmail.com> wrote:
> >>
> >> From: Tonghao Zhang <xiangxia.m.yue@gmail.com>
> >>
> >> The devconf setting on the init_net will affect other
> >> namespace when them created. For example:
> ...
> > This has been a known issue for a long time. There
> > were several attempts to fix this.
> >
> > The concern here is whether it breaks existing applications'
> > expectation with the change like yours. There was a proposal
> > introduces a new /proc file to control this behavior, I forget
> > why it is not accepted either. Please check netdev archives.
>
> Please see:
>
> https://patchwork.ozlabs.org/patch/488675/
Thanks, Cong and David.
I review the patch [1]. The author didn't explain why we inherit the
old configuration.
In our case, there are many container which running the different
application. We don't
know what configuration the user will set. We don't want the new
container inherit our host configuration.
The reason is show as below:
* the host _init_net will be used as SDN network, such as vxlan, and
other complex overlay network.
* host network configuration should not affect container.
* the container and host network configuration are complete isolation.
So what's your advice?
1. https://patchwork.ozlabs.org/patch/488675/
> I know why you couldn't find this.
>
> In order to speed up database queries, after some time we mark
> patchwork entires older than a certain date as "archived". By
> default searches do not consider archived entries.
>
> So you have to click the "Yes" checkbox for Archived in the search
> dialogue.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-12-20 3:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-16 16:15 [PATCH net-next] net: ipv4: allocate ipv4_devconf memory for init_net xiangxia.m.yue
2018-12-16 19:06 ` Cong Wang
2018-12-17 9:55 ` Tonghao Zhang
2018-12-18 23:09 ` David Miller
2018-12-20 3:24 ` Tonghao Zhang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).