diff mbox series

net: add config option for tunnel fallback devs

Message ID 20240913110234.166707-1-lorenz@monogon.tech (mailing list archive)
State Deferred
Delegated to: Netdev Maintainers
Headers show
Series net: add config option for tunnel fallback devs | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 16 this patch: 16
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 3 maintainers not CCed: soheil@google.com dsahern@kernel.org teknoraver@meta.com
netdev/build_clang success Errors and warnings before: 17 this patch: 17
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 22 this patch: 22
netdev/checkpatch warning WARNING: line length of 82 exceeds 80 columns WARNING: please write a help paragraph that fully describes the config symbol
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-09-13--15-00 (tests: 764)

Commit Message

Lorenz Brun Sept. 13, 2024, 11:02 a.m. UTC 
This adds a Kconfig option to set the default behavior regarding tunnel
fallback devices.
For setups where the initial namespace should also not have these, the
only preexisting option is to use a kernel command line option which
needs to be passed to every kernel invocation, which can be inconvenient
in certain setups.
If a kernel is built for a specific environment this knob allows
disabling the compatibility behavior outright, without requiring any
additional actions.

Signed-off-by: Lorenz Brun <lorenz@monogon.tech>
---
 net/Kconfig                | 33 +++++++++++++++++++++++++++++++++
 net/core/sysctl_net_core.c |  2 +-
 2 files changed, 34 insertions(+), 1 deletion(-)

Comments

Jakub Kicinski Sept. 14, 2024, 3:08 a.m. UTC | #1 
On Fri, 13 Sep 2024 13:02:33 +0200 Lorenz Brun wrote:
> This adds a Kconfig option to set the default behavior regarding tunnel
> fallback devices.
> For setups where the initial namespace should also not have these, the
> only preexisting option is to use a kernel command line option which
> needs to be passed to every kernel invocation, which can be inconvenient
> in certain setups.
> If a kernel is built for a specific environment this knob allows
> disabling the compatibility behavior outright, without requiring any
> additional actions.

We closed net-next for the rest of the development cycles:
https://lore.kernel.org/all/20240912181222.2dd75818@kernel.org/
please repost in a few weeks. Sorry about that.
diff mbox series

Patch

diff --git a/net/Kconfig b/net/Kconfig
index d27d0deac0bf..e4429a017e47 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -447,6 +447,39 @@  config LWTUNNEL_BPF
 	  Allows to run BPF programs as a nexthop action following a route
 	  lookup for incoming and outgoing packets.
 
+choice
+	prompt "Create fallback tunnel devices"
+	default FB_TUNNELS_DEFAULT_ALL
+	help
+	  Fallback tunnel devices predate the Netlink API for managing network
+	  devices in Linux and get created when the respective tunnel kernel module
+	  is loaded. With a modern userspace these are no longer used but for
+	  compatibility reasons the default is to keep them around as the kernel
+	  cannot know if a given userspace needs them.
+	  There is a sysctl (net.core.fb_tunnels_only_for_init_net) for changing
+	  this, but it cannot retroactively remove fallback tunnel devices created
+	  before it was changed.
+
+	  This knob provides the possibility to set this behavior in the kernel,
+	  making it work in all cases. Note that changing this value to anything
+	  other than the default will break compatibility with old userspace.
+
+	config FB_TUNNELS_DEFAULT_ALL
+		bool "In every namespace"
+
+	config FB_TUNNELS_DEFAULT_INITNS
+		bool "Only in the initial namespace"
+
+	config FB_TUNNELS_DEFAULT_NONE
+		bool "Never"
+endchoice
+
+config FB_TUNNELS_DEFAULT
+	int
+	default 0 if FB_TUNNELS_DEFAULT_ALL
+	default 1 if FB_TUNNELS_DEFAULT_INITNS
+	default 2 if FB_TUNNELS_DEFAULT_NONE
+
 config DST_CACHE
 	bool
 	default n
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 86a2476678c4..d9a0b13ceb4a 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -37,7 +37,7 @@  static int min_mem_pcpu_rsv = SK_MEMORY_PCPU_RESERVE;
 
 static int net_msg_warn;	/* Unused, but still a sysctl */
 
-int sysctl_fb_tunnels_only_for_init_net __read_mostly = 0;
+int sysctl_fb_tunnels_only_for_init_net __read_mostly = CONFIG_FB_TUNNELS_DEFAULT;
 EXPORT_SYMBOL(sysctl_fb_tunnels_only_for_init_net);
 
 /* 0 - Keep current behavior: