[PATCHv7 0/5 + 3] Interface group patches
Hello, This is the 7th version of our interface group patches. The interface group value can be used to manage different interfaces at the same time such as in netfilter/iptables. As earlier discussed, it can be used for advanced routing, tc command and so on [1]. An u_int32_t member was added to net devices indicating the interface group number of the device which can be get/set via netlink. The xt_ifgroup netfilter match is for checking this value with an optional mask. Changes: - The first patch of the previous version splitted into 2 separate patches. - The ip command now let values larger than 0xff be set, octal, decimal and hexadecimal values are valid and in the range of 0x00-0xff any name can be used (from /etc/iproute2/rt_ifgroup). - added sysfs support to read/write the ifgroup value Other patches are for userpace programs: * iptables * iproute2. Because kernel 2.6.24-rc1 introduced a new enum value, IFLA_NET_NS_PID, and it wasn't in the iproute2 code, the first patch simply adds this value. The second patch adds support of interface group. Usage: ip link set eth0 group 684# set ip link set eth0 group 0 # unset iptables -A INPUT -m ifgroup --ifgroup-in 4/0xf -j ACCEPT iptables -A FORWARD -m ifgroup --ifgroup-in 4 ! --ifgroup-out 5 -j DROP Patches: [1/5] Remove unnecessary locks from rtnetlink (in do_setlink) [2/5] rtnetlink: send a single notification on device state changes [3/5] Interface group: core (netlink) part [4/5] Ifgroup read/write support in sysfs [5/5] Netfilter Interface group match [iptables]Interface group match [iproute2 1/2] Added IFLA_NET_NS_PID as in kernel v2.6.24-rc1 [iproute2 2/2] Interface group as new ip link option Rererences: [1] http://marc.info/?l=linux-netdevm=119556459514598w=2 -- Laszlo Attila Toth - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCHv7 0/5 + 3] Interface group patches
Laszlo Attila Toth wrote: Hello, This is the 7th version of our interface group patches. Patches: [1/5] Remove unnecessary locks from rtnetlink (in do_setlink) [2/5] rtnetlink: send a single notification on device state changes [3/5] Interface group: core (netlink) part [4/5] Ifgroup read/write support in sysfs I vote for these to go in, they're ready and there's no use in reposting them again and again. [5/5] Netfilter Interface group match Then I'd queue this one and fix it up on top of my current tree [iptables]Interface group match This one I would queue until we have released the 1.4.0 version of iptables. I don't want to release things that are not in at least a -rc kernel yet. [iproute2 1/2] Added IFLA_NET_NS_PID as in kernel v2.6.24-rc1 [iproute2 2/2] Interface group as new ip link option And for these Stephen has to decide, but both look fine to me. - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCHv7 0/5 + 3] Interface group patches
Patrick McHardy írta: Laszlo Attila Toth wrote: Hello, This is the 7th version of our interface group patches. Patches: [1/5] Remove unnecessary locks from rtnetlink (in do_setlink) [2/5] rtnetlink: send a single notification on device state changes [3/5] Interface group: core (netlink) part [4/5] Ifgroup read/write support in sysfs I vote for these to go in, they're ready and there's no use in reposting them again and again. I see, sorry. In fact, I didn't missed it. But you said the removing of the locks in the rtnl needs a separate patch. This is why I resent _all_. [iptables]Interface group match This one I would queue until we have released the 1.4.0 version of iptables. I don't want to release things that are not in at least a -rc kernel yet. Later I'll resend it in two patches, one for extending iptables with hash tables and one for the ifgroup match. [iproute2 1/2] Added IFLA_NET_NS_PID as in kernel v2.6.24-rc1 [iproute2 2/2] Interface group as new ip link option And for these Stephen has to decide, but both look fine to me. -- Attila - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
