Commit 316cdaa1 authored by Mahesh Bandewar's avatar Mahesh Bandewar Committed by David S. Miller

net: add option to not create fall-back tunnels in root-ns as well

The sysctl that was added  earlier by commit 79134e6c ("net: do
not create fallback tunnels for non-default namespaces") to create
fall-back only in root-ns. This patch enhances that behavior to provide
option not to create fallback tunnels in root-ns as well. Since modules
that create fallback tunnels could be built-in and setting the sysctl
value after booting is pointless, so added a kernel cmdline options to
change this default. The default setting is preseved for backward
compatibility. The kernel command line option of fb_tunnels=initns will
set the sysctl value to 1 and will create fallback tunnels only in initns
while kernel cmdline fb_tunnels=none will set the sysctl value to 2 and
fallback tunnels are skipped in every netns.
Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Maciej Zenczykowski <maze@google.com>
Cc: Jian Yang <jianyang@google.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0baf0194
...@@ -1338,6 +1338,11 @@ ...@@ -1338,6 +1338,11 @@
Format: <interval>,<probability>,<space>,<times> Format: <interval>,<probability>,<space>,<times>
See also Documentation/fault-injection/. See also Documentation/fault-injection/.
fb_tunnels= [NET]
Format: { initns | none }
See Documentation/admin-guide/sysctl/net.rst for
fb_tunnels_only_for_init_ns
floppy= [HW] floppy= [HW]
See Documentation/admin-guide/blockdev/floppy.rst. See Documentation/admin-guide/blockdev/floppy.rst.
......
...@@ -300,7 +300,6 @@ Note: ...@@ -300,7 +300,6 @@ Note:
0: 0 1 2 3 4 5 6 7 0: 0 1 2 3 4 5 6 7
RSS hash key: RSS hash key:
84:50:f4:00:a8:15:d1:a7:e9:7f:1d:60:35:c7:47:25:42:97:74:ca:56:bb:b6:a1:d8:43:e3:c9:0c:fd:17:55:c2:3a:4d:69:ed:f1:42:89 84:50:f4:00:a8:15:d1:a7:e9:7f:1d:60:35:c7:47:25:42:97:74:ca:56:bb:b6:a1:d8:43:e3:c9:0c:fd:17:55:c2:3a:4d:69:ed:f1:42:89
netdev_tstamp_prequeue netdev_tstamp_prequeue
---------------------- ----------------------
...@@ -321,11 +320,20 @@ fb_tunnels_only_for_init_net ...@@ -321,11 +320,20 @@ fb_tunnels_only_for_init_net
---------------------------- ----------------------------
Controls if fallback tunnels (like tunl0, gre0, gretap0, erspan0, Controls if fallback tunnels (like tunl0, gre0, gretap0, erspan0,
sit0, ip6tnl0, ip6gre0) are automatically created when a new sit0, ip6tnl0, ip6gre0) are automatically created. There are 3 possibilities
network namespace is created, if corresponding tunnel is present (a) value = 0; respective fallback tunnels are created when module is
in initial network namespace. loaded in every net namespaces (backward compatible behavior).
If set to 1, these devices are not automatically created, and (b) value = 1; [kcmd value: initns] respective fallback tunnels are
user space is responsible for creating them if needed. created only in init net namespace and every other net namespace will
not have them.
(c) value = 2; [kcmd value: none] fallback tunnels are not created
when a module is loaded in any of the net namespace. Setting value to
"2" is pointless after boot if these modules are built-in, so there is
a kernel command-line option that can change this default. Please refer to
Documentation/admin-guide/kernel-parameters.txt for additional details.
Not creating fallback tunnels gives control to userspace to create
whatever is needed only and avoid creating devices which are redundant.
Default : 0 (for compatibility reasons) Default : 0 (for compatibility reasons)
......
...@@ -640,10 +640,14 @@ struct netdev_queue { ...@@ -640,10 +640,14 @@ struct netdev_queue {
extern int sysctl_fb_tunnels_only_for_init_net; extern int sysctl_fb_tunnels_only_for_init_net;
extern int sysctl_devconf_inherit_init_net; extern int sysctl_devconf_inherit_init_net;
/*
* sysctl_fb_tunnels_only_for_init_net == 0 : For all netns
* == 1 : For initns only
* == 2 : For none.
*/
static inline bool net_has_fallback_tunnels(const struct net *net) static inline bool net_has_fallback_tunnels(const struct net *net)
{ {
return net == &init_net || return (net == &init_net && sysctl_fb_tunnels_only_for_init_net == 1) ||
!IS_ENABLED(CONFIG_SYSCTL) ||
!sysctl_fb_tunnels_only_for_init_net; !sysctl_fb_tunnels_only_for_init_net;
} }
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
#include <net/busy_poll.h> #include <net/busy_poll.h>
#include <net/pkt_sched.h> #include <net/pkt_sched.h>
static int two __maybe_unused = 2; static int two = 2;
static int three = 3; static int three = 3;
static int min_sndbuf = SOCK_MIN_SNDBUF; static int min_sndbuf = SOCK_MIN_SNDBUF;
static int min_rcvbuf = SOCK_MIN_RCVBUF; static int min_rcvbuf = SOCK_MIN_RCVBUF;
...@@ -546,7 +546,7 @@ static struct ctl_table net_core_table[] = { ...@@ -546,7 +546,7 @@ static struct ctl_table net_core_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = proc_dointvec_minmax, .proc_handler = proc_dointvec_minmax,
.extra1 = SYSCTL_ZERO, .extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE, .extra2 = &two,
}, },
{ {
.procname = "devconf_inherit_init_net", .procname = "devconf_inherit_init_net",
...@@ -587,6 +587,19 @@ static struct ctl_table netns_core_table[] = { ...@@ -587,6 +587,19 @@ static struct ctl_table netns_core_table[] = {
{ } { }
}; };
static int __init fb_tunnels_only_for_init_net_sysctl_setup(char *str)
{
/* fallback tunnels for initns only */
if (!strncmp(str, "initns", 6))
sysctl_fb_tunnels_only_for_init_net = 1;
/* no fallback tunnels anywhere */
else if (!strncmp(str, "none", 4))
sysctl_fb_tunnels_only_for_init_net = 2;
return 1;
}
__setup("fb_tunnels=", fb_tunnels_only_for_init_net_sysctl_setup);
static __net_init int sysctl_core_net_init(struct net *net) static __net_init int sysctl_core_net_init(struct net *net)
{ {
struct ctl_table *tbl; struct ctl_table *tbl;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment