git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 20 Apr 2017 16:08:15 +0000 (18:08 +0200)
committer	David S. Miller <davem@davemloft.net>
	Tue, 25 Apr 2017 14:43:22 +0000 (10:43 -0400)
commit	19a645ef2b17eb30b984b04628a1f69edb486718
tree	3834ea2bcc3a0520f80187cdcd094cff62fefab4	tree \| snapshot
parent	71a1c5e633bc8ed6af7be28698b64767d1bc2f7f	commit \| diff

ipvlan: use pernet operations and restrict l3s hooks to master netns

commit 38d1ddf0bfcb78641d ("ipvlan: Introduce l3s mode") added
registration of netfilter hooks via nf_register_hooks().

This API provides the illusion of 'global' netfilter hooks by placing the
hooks in all current and future network namespaces.

In case of ipvlan the hook appears to be only needed in the namespace
that contains the ipvlan master device (i.e., usually init_net), so
placing them in all namespaces is not needed.

This switches ipvlan driver to pernet operations, and then only registers
hooks in namespaces where a ipvlan master device is set to l3s mode.

Extra care has to be taken when the master device is moved to another
namespace, as we might have to 'move' the netfilter hooks too.

This is done by storing the namespace the ipvlan port was created in.
On REGISTER event, do (un)register operations in the old/new namespaces.

This will also allow removal of the nf_register_hooks() in a future patch.

Cc: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/ipvlan/ipvlan.h		diff \| blob \| history
drivers/net/ipvlan/ipvlan_main.c		diff \| blob \| history