?t=2415032
https://medium.com/@thomaszimmerman93/hi-im-unable-to-get-kubeadm-init-to-run-due-to-br-netfilter-not-being-loaded-within-the-5642a4ccfece
[3]: https://lkml.org/lkml/2019/3/7/365
[4]: https://lore.kernel.org/lkml/20190610174136.p3fbcbn33en5bb7f@salvia/
Christian Brauner (2
This ports the sysctls to use struct brnf_net.
With this patch we make it possible to namespace the br_netfilter module in
the following patch.
Signed-off-by: Christian Brauner
---
include/net/netfilter/br_netfilter.h | 3 +-
net/bridge/br_netfilter_hooks.c | 162
iptables et al. or not. Also, this can
already be done per-bridge by setting an option for each individual bridge
via Netlink. It should also be possible to do this for all bridges in a
network namespace via sysctls.
Cc: Tyler Hicks
Signed-off-by: Christian Brauner
---
net/bridge
On Mon, Jun 10, 2019 at 07:41:36PM +0200, Pablo Neira Ayuso wrote:
> Thanks for updating this patch to use struct brnf_net.
>
> A few comments below.
>
> On Sun, Jun 09, 2019 at 06:23:04PM +0200, Christian Brauner wrote:
> [...]
> > diff --git a/include/net/netfilt
-not-being-loaded-within-the-5642a4ccfece
[3]: https://lkml.org/lkml/2019/3/7/365
*** BLURB HERE ***
Christian Brauner (1):
br_netfilter: namespace bridge netfilter sysctls
include/net/netfilter/br_netfilter.h | 3 +-
net/bridge/br_netfilter_hooks.c | 291 ++-
net
iptables et al. or not. Also, this can
already be done per-bridge by setting an option for each individual bridge
via Netlink. It should also be possible to do this for all bridges in a
network namespace via sysctls.
Cc: Tyler Hicks
Signed-off-by: Christian Brauner
---
v1:
- Pablo Neira Ayuso
On Fri, Jun 07, 2019 at 04:43:43PM +0200, Pablo Neira Ayuso wrote:
> On Fri, Jun 07, 2019 at 04:28:58PM +0200, Pablo Neira Ayuso wrote:
> > On Fri, Jun 07, 2019 at 03:25:16PM +0200, Christian Brauner wrote:
> > > On Thu, Jun 06, 2019 at 06:30:35PM +0200, Pablo Neira Ayuso wro
On Thu, Jun 06, 2019 at 06:30:35PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Jun 06, 2019 at 05:19:39PM +0200, Christian Brauner wrote:
> > On Thu, Jun 06, 2019 at 08:14:40AM -0700, Stephen Hemminger wrote:
> > > On Thu, 6 Jun 2019 13:41:41 +0200
> > &g
On Thu, Jun 06, 2019 at 08:14:40AM -0700, Stephen Hemminger wrote:
> On Thu, 6 Jun 2019 13:41:41 +0200
> Christian Brauner wrote:
>
> > +struct netns_brnf {
> > +#ifdef CONFIG_SYSCTL
> > + struct ctl_table_header *ctl_hdr;
> > +#endif
> > +
>
-by: Christian Brauner
Reviewed-by: Tyler Hicks
---
include/net/net_namespace.h | 3 ++
include/net/netns/netfilter.h | 16
net/bridge/br_netfilter_hooks.c | 68 -
3 files changed, 52 insertions(+), 35 deletions(-)
diff --git a/include/net
://ubuntuforums.org/showthread.php?t=2415032
https://medium.com/@thomaszimmerman93/hi-im-unable-to-get-kubeadm-init-to-run-due-to-br-netfilter-not-being-loaded-within-the-5642a4ccfece
[3]: https://lkml.org/lkml/2019/3/7/365
Christian Brauner (2):
br_netfilter: add struct netns_brnf
br_netfilter
iptables et al. or not. Also, this can
already be done per-bridge by setting an option for each individual bridge
via Netlink. It should also be possible to do this for all bridges in a
network namespace via sysctls.
Signed-off-by: Christian Brauner
Reviewed-by: Tyler Hicks
---
include/net/netfilter
On Tue, Nov 27, 2018 at 09:23:49AM +0100, Pablo Neira Ayuso wrote:
> On Tue, Nov 27, 2018 at 03:20:45AM +0100, Christian Brauner wrote:
> > On Tue, Nov 27, 2018 at 01:20:47AM +0100, Pablo Neira Ayuso wrote:
> > > Hi,
> > >
> > > On Wed, Nov 07, 2018 at 02:48
On Tue, Nov 27, 2018 at 09:23:49AM +0100, Pablo Neira Ayuso wrote:
> On Tue, Nov 27, 2018 at 03:20:45AM +0100, Christian Brauner wrote:
> > On Tue, Nov 27, 2018 at 01:20:47AM +0100, Pablo Neira Ayuso wrote:
> > > Hi,
> > >
> > > On Wed, Nov 07, 2018 at 02:48
On Tue, Nov 27, 2018 at 01:20:47AM +0100, Pablo Neira Ayuso wrote:
> Hi,
>
> On Wed, Nov 07, 2018 at 02:48:58PM +0100, Christian Brauner wrote:
> [...]
> > diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h
> > index ca043342c0eb..eedbd1ac940e 1006
iptables et al. or not. Also, this can
already be done per-bridge by setting an option for each individual bridge
via Netlink. It should also be possible to do this for all bridges in a
network namespace via sysctls.
Signed-off-by: Christian Brauner
Reviewed-by: Tyler Hicks
---
include/net/netfilter
-by: Christian Brauner
Reviewed-by: Tyler Hicks
---
include/net/net_namespace.h | 3 ++
include/net/netns/netfilter.h | 16
net/bridge/br_netfilter_hooks.c | 68 -
3 files changed, 52 insertions(+), 35 deletions(-)
diff --git a/include/net
/issues/5193
[3]:
https://discuss.linuxcontainers.org/t/bridge-nf-call-iptables-and-swap-error-on-lxd-with-kubeadm/2204
[4]: https://github.com/lxc/lxd/issues/3306
[5]: https://gitlab.com/gitlab-org/gitlab-runner/issues/3705
Christian Brauner (2):
br_netfilter: add struct netns_brnf
br_netfilter
On Fri, Jul 13, 2018 at 04:05:48PM +, Tyler Hicks wrote:
> Make net_ns_get_ownership() reusable by networking code outside of core.
> This is useful, for example, to allow bridge related sysfs files to be
> owned by container root.
>
> Add a function comment since this is a potentially
19 matches
Mail list logo
