[v3,0/3] Namespaceify two sysctls related with route

Message ID	20220830091453.286285-1-xu.xin16@zte.com.cn (mailing list archive)
Headers	show Return-Path: <netdev-owner@kernel.org> From: cgel.zte@gmail.com To: davem@davemloft.net, kuba@kernel.org, yoshfuji@linux-ipv6.org, dsahern@kernel.org Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, xu.xin16@zte.com.cn Subject: [PATCH v3 0/3] Namespaceify two sysctls related with route Date: Tue, 30 Aug 2022 09:14:53 +0000 Message-Id: <20220830091453.286285-1-xu.xin16@zte.com.cn> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Namespaceify two sysctls related with route \| expand [v3,0/3] Namespaceify two sysctls related with route [v3,1/3] ipv4: Namespaceify route/error_cost knob [v3,2/3] ipv4: Namespaceify route/error_burst knob [v3,3/3] ipv4: add documentation of two sysctls about icmp

Message ID

20220830091453.286285-1-xu.xin16@zte.com.cn (mailing list archive)

Headers

From: cgel.zte@gmail.com
To: davem@davemloft.net, kuba@kernel.org, yoshfuji@linux-ipv6.org,
        dsahern@kernel.org
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        xu.xin16@zte.com.cn
Subject: [PATCH v3 0/3] Namespaceify two sysctls related with route
Date: Tue, 30 Aug 2022 09:14:53 +0000
Message-Id: <20220830091453.286285-1-xu.xin16@zte.com.cn>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Namespaceify two sysctls related with route | expand

Message

CGEL Aug. 30, 2022, 9:14 a.m. UTC

From: xu xin <xu.xin16@zte.com.cn>

With the rise of cloud native, more and more container applications are
deployed. The network namespace is one of the foundations of the container.
The sysctls of error_cost and error_burst are important knobs to control
the sending frequency of ICMP_DEST_UNREACH packet for ipv4. When different
containers has requirements on the tuning of error_cost and error_burst,
for host's security, the sysctls should exist per network namespace.

Different netns has different requirements on the setting of error_cost
and error_burst, which are related with limiting the frequency of sending
ICMP_DEST_UNREACH packets. Enable them to be configured per netns.

xu xin (3):
  ipv4: Namespaceify route/error_cost knob
  ipv4: Namespaceify route/error_burst knob
  ipv4: add documentation of two sysctls about icmp

 Documentation/networking/ip-sysctl.rst | 17 ++++++++++++
 include/net/netns/ipv4.h               |  2 ++
 net/ipv4/route.c                       | 36 ++++++++++++++------------
 3 files changed, 39 insertions(+), 16 deletions(-)

Comments

Jakub Kicinski Aug. 31, 2022, 7:58 p.m. UTC | #1

On Tue, 30 Aug 2022 09:14:53 +0000 cgel.zte@gmail.com wrote:
> With the rise of cloud native, more and more container applications are
> deployed. The network namespace is one of the foundations of the container.
> The sysctls of error_cost and error_burst are important knobs to control
> the sending frequency of ICMP_DEST_UNREACH packet for ipv4. When different
> containers has requirements on the tuning of error_cost and error_burst,
> for host's security, the sysctls should exist per network namespace.
> 
> Different netns has different requirements on the setting of error_cost
> and error_burst, which are related with limiting the frequency of sending
> ICMP_DEST_UNREACH packets. Enable them to be configured per netns.

One last time, if v6 doesn't need it, neither should v4.

Seems like you're just trying to check a box.

I'm dropping these patches from patchwork, please don't repost them
again, unless someone from the community voices support for merging
them.