OpenVZ Forum: Devel » [PATCH] NETFILTER: per-netns FILTER/MANGLE/RAW tables for real

Home » Mailing lists » Devel » [PATCH] NETFILTER: per-netns FILTER/MANGLE/RAW tables for real

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [PATCH] NETFILTER: per-netns FILTER/MANGLE/RAW tables for real [message #28494 is a reply to message #27944]

Thu, 20 March 2008 15:29

Patrick McHardy
Messages: 107
Registered: March 2006

Senior Member

Alexey Dobriyan wrote:
> Commit 9335f047fe61587ec82ff12fbb1220bcfdd32006 aka
> "[NETFILTER]: ip_tables: per-netns FILTER, MANGLE, RAW"
> added per-netns _view_ of iptables rules. They were shown to user, but
> ignored by filtering code. Now that it's possible to at least ping loopback,
> per-netns tables can affect filtering decisions.
> 
> netns is taken in case of
> 	PRE_ROUTING, LOCAL_IN -- from in device,
> 	POST_ROUTING, LOCAL_OUT -- from out device,
> 	FORWARD -- from in device which should be equal to out device's netns.
> 		   This code is relatively new, so BUG_ON was plugged.
> 
> Wrappers were added to a) keep code the same from CONFIG_NET_NS=n users
> (overwhelming majority), b) consolidate code in one place -- similar
> changes will be done in ipv6 and arp netfilter code.

Applied, thanks.

Report message to a moderator

[Message index]

		[PATCH] NETFILTER: per-netns FILTER/MANGLE/RAW tables for real By: Alexey Dobriyan on Mon, 03 March 2008 16:06
		Re: [PATCH] NETFILTER: per-netns FILTER/MANGLE/RAW tables for real By: Patrick McHardy on Thu, 20 March 2008 15:29

Previous Topic:	[PATCH 1/1] cgroups: implement device whitelist (v6)
Next Topic:	[RFC] libcg: design and plans

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Dec 13 13:17:59 GMT 2025

Total time taken to generate the page: 0.13779 seconds