bianbu-repo-mirror/bianbu-linux-6.6
1
0
Fork 0
mirror of https://gitee.com/bianbu-linux/linux-6.6 synced 2025-07-04 00:03:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

net: add option to not create fall-back tunnels in root-ns as well

Browse source 
The sysctl that was added  earlier by commit 79134e6ce2 ("net: do
not create fallback tunnels for non-default namespaces") to create
fall-back only in root-ns. This patch enhances that behavior to provide
option not to create fallback tunnels in root-ns as well. Since modules
that create fallback tunnels could be built-in and setting the sysctl
value after booting is pointless, so added a kernel cmdline options to
change this default. The default setting is preseved for backward
compatibility. The kernel command line option of fb_tunnels=initns will
set the sysctl value to 1 and will create fallback tunnels only in initns
while kernel cmdline fb_tunnels=none will set the sysctl value to 2 and
fallback tunnels are skipped in every netns.

Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Maciej Zenczykowski <maze@google.com>
Cc: Jian Yang <jianyang@google.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Mahesh Bandewar 2020-08-26 09:05:35 -07:00 committed by David S. Miller
parent 0baf01942d
commit 316cdaa115
4 changed files with 40 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Documentation/admin-guide/kernel-parameters.txt
View file

@ -1338,6 +1338,11 @@
Format: <interval>,<probability>,<space>,<times> Format: <interval>,<probability>,<space>,<times>
See also Documentation/fault-injection/. See also Documentation/fault-injection/.
fb_tunnels= [NET]
Format: { initns | none }
See Documentation/admin-guide/sysctl/net.rst for
fb_tunnels_only_for_init_ns
floppy= [HW] floppy= [HW]
See Documentation/admin-guide/blockdev/floppy.rst. See Documentation/admin-guide/blockdev/floppy.rst.

20
Documentation/admin-guide/sysctl/net.rst
View file

@ -300,7 +300,6 @@ Note:
0: 0 1 2 3 4 5 6 7 0: 0 1 2 3 4 5 6 7
RSS hash key: RSS hash key:
84:50:f4:00:a8:15:d1:a7:e9:7f:1d:60:35:c7:47:25:42:97:74:ca:56:bb:b6:a1:d8:43:e3:c9:0c:fd:17:55:c2:3a:4d:69:ed:f1:42:89 84:50:f4:00:a8:15:d1:a7:e9:7f:1d:60:35:c7:47:25:42:97:74:ca:56:bb:b6:a1:d8:43:e3:c9:0c:fd:17:55:c2:3a:4d:69:ed:f1:42:89
netdev_tstamp_prequeue netdev_tstamp_prequeue
---------------------- ----------------------
@ -321,11 +320,20 @@ fb_tunnels_only_for_init_net
---------------------------- ----------------------------
Controls if fallback tunnels (like tunl0, gre0, gretap0, erspan0, Controls if fallback tunnels (like tunl0, gre0, gretap0, erspan0,
sit0, ip6tnl0, ip6gre0) are automatically created when a new sit0, ip6tnl0, ip6gre0) are automatically created. There are 3 possibilities
network namespace is created, if corresponding tunnel is present (a) value = 0; respective fallback tunnels are created when module is
in initial network namespace. loaded in every net namespaces (backward compatible behavior).
If set to 1, these devices are not automatically created, and (b) value = 1; [kcmd value: initns] respective fallback tunnels are
user space is responsible for creating them if needed. created only in init net namespace and every other net namespace will
not have them.
(c) value = 2; [kcmd value: none] fallback tunnels are not created
when a module is loaded in any of the net namespace. Setting value to
"2" is pointless after boot if these modules are built-in, so there is
a kernel command-line option that can change this default. Please refer to
Documentation/admin-guide/kernel-parameters.txt for additional details.
Not creating fallback tunnels gives control to userspace to create
whatever is needed only and avoid creating devices which are redundant.
Default : 0 (for compatibility reasons) Default : 0 (for compatibility reasons)

8
include/linux/netdevice.h
View file

@ -640,10 +640,14 @@ struct netdev_queue {
extern int sysctl_fb_tunnels_only_for_init_net; extern int sysctl_fb_tunnels_only_for_init_net;
extern int sysctl_devconf_inherit_init_net; extern int sysctl_devconf_inherit_init_net;
/*
* sysctl_fb_tunnels_only_for_init_net == 0 : For all netns
* == 1 : For initns only
* == 2 : For none.
*/
static inline bool net_has_fallback_tunnels(const struct net *net) static inline bool net_has_fallback_tunnels(const struct net *net)
{ {
return net == &init_net || return (net == &init_net && sysctl_fb_tunnels_only_for_init_net == 1) ||
!IS_ENABLED(CONFIG_SYSCTL) ||
!sysctl_fb_tunnels_only_for_init_net; !sysctl_fb_tunnels_only_for_init_net;
} }

17
net/core/sysctl_net_core.c
View file

@ -22,7 +22,7 @@
#include <net/busy_poll.h> #include <net/busy_poll.h>
#include <net/pkt_sched.h> #include <net/pkt_sched.h>
static int two __maybe_unused = 2; static int two = 2;
static int three = 3; static int three = 3;
static int min_sndbuf = SOCK_MIN_SNDBUF; static int min_sndbuf = SOCK_MIN_SNDBUF;
static int min_rcvbuf = SOCK_MIN_RCVBUF; static int min_rcvbuf = SOCK_MIN_RCVBUF;
@ -546,7 +546,7 @@ static struct ctl_table net_core_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = proc_dointvec_minmax, .proc_handler = proc_dointvec_minmax,
.extra1 = SYSCTL_ZERO, .extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE, .extra2 = &two,
}, },
{ {
.procname = "devconf_inherit_init_net", .procname = "devconf_inherit_init_net",
@ -587,6 +587,19 @@ static struct ctl_table netns_core_table[] = {
{ } { }
}; };
static int __init fb_tunnels_only_for_init_net_sysctl_setup(char *str)
{
/* fallback tunnels for initns only */
if (!strncmp(str, "initns", 6))
sysctl_fb_tunnels_only_for_init_net = 1;
/* no fallback tunnels anywhere */
else if (!strncmp(str, "none", 4))
sysctl_fb_tunnels_only_for_init_net = 2;
return 1;
}
__setup("fb_tunnels=", fb_tunnels_only_for_init_net_sysctl_setup);
static __net_init int sysctl_core_net_init(struct net *net) static __net_init int sysctl_core_net_init(struct net *net)
{ {
struct ctl_table *tbl; struct ctl_table *tbl;