Hi Florian & Pablo, 2017-06-05 0:07 GMT+08:00 Florian Westphal <f...@strlen.de>: > Liping Zhang <zlpnob...@163.com> wrote: >> This patch set aims to add net namespace support for the ct helper, >> it is a little large, but I try my best to split them to a relative >> smaller patches, which will help to review. Comments are welcome. > > Why? Could you explain what kind of functionality is added here, or > what problem is fixed? > > Why do we need per netns complexity for helpers?
I remembered Pablo told me that the ct helpers "is probably one of the remaining subsystems not having netns support", when I sent patches to fix other issues. So I try to accomplish the netns support for ct helpers. (see https://patchwork.ozlabs.org/patch/740692/). For these user ct helpers, after per netns support, we can config different policy to these ct helpers with the same name.(But indeed, this flexible seems less valuable, we can accomplish it in different ways). For these kernel built-in ct helpers, per netns support is indeed unnecessary. Especially after Florian's patch: "netns: add and use net_ns_barrier". Anyway, I have no objection to drop this patch set, as it increased too much complexity but earned a very little. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
