On Wed, 2017-09-13 at 19:19 +0800, Haishuang Yan wrote:
> Different namespace application might require enable TCP Fast Open
> feature independently of the host.
>
Poor changelog, no actual description / list of sysctls that are moved
to per netns.
And looking at the patch, it seems your conversion is not complete.
So I will ask you to provide more evidence that you tested your patch
next time you submit it.
> Reported-by: Luca BRUNO <lu...@debian.org>
> Signed-off-by: Haishuang Yan <yanhaishu...@cmss.chinamobile.com>
>
> ---
> Change since v2:
> * Remove unrelated change by mistake
> ---
> include/net/netns/ipv4.h | 2 ++
> include/net/tcp.h | 1 -
> net/ipv4/af_inet.c | 7 ++++---
> net/ipv4/sysctl_net_ipv4.c | 42 +++++++++++++++++++++---------------------
> net/ipv4/tcp.c | 4 ++--
> net/ipv4/tcp_fastopen.c | 13 ++++++-------
> net/ipv4/tcp_ipv4.c | 2 ++
> 7 files changed, 37 insertions(+), 34 deletions(-)
>
> diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
> index 305e031..ea0953b 100644
> --- a/include/net/netns/ipv4.h
> +++ b/include/net/netns/ipv4.h
> @@ -128,6 +128,8 @@ struct netns_ipv4 {
> struct inet_timewait_death_row tcp_death_row;
> int sysctl_max_syn_backlog;
> int sysctl_tcp_max_orphans;
> + int sysctl_tcp_fastopen;
> + unsigned int sysctl_tcp_fastopen_blackhole_timeout;
>
> #ifdef CONFIG_NET_L3_MASTER_DEV
> int sysctl_udp_l3mdev_accept;
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index ac2d998..e4cc0dd 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -240,7 +240,6 @@
>
>
> /* sysctl variables for tcp */
> -extern int sysctl_tcp_fastopen;
> extern int sysctl_tcp_retrans_collapse;
> extern int sysctl_tcp_stdurg;
> extern int sysctl_tcp_rfc1337;
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index e31108e..309b849 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -195,7 +195,7 @@ int inet_listen(struct socket *sock, int backlog)
> {
> struct sock *sk = sock->sk;
> unsigned char old_state;
> - int err;
> + int err, tcp_fastopen;
>
> lock_sock(sk);
>
> @@ -217,8 +217,9 @@ int inet_listen(struct socket *sock, int backlog)
> * because the socket was in TCP_LISTEN state previously but
> * was shutdown() rather than close().
> */
> - if ((sysctl_tcp_fastopen & TFO_SERVER_WO_SOCKOPT1) &&
> - (sysctl_tcp_fastopen & TFO_SERVER_ENABLE) &&
> + tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;
> + if ((tcp_fastopen & TFO_SERVER_WO_SOCKOPT1) &&
> + (tcp_fastopen & TFO_SERVER_ENABLE) &&
> !inet_csk(sk)->icsk_accept_queue.fastopenq.max_qlen) {
> fastopen_queue_tune(sk, backlog);
> tcp_fastopen_init_key_once(true);
> diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
> index 4f26c8d3..30ebeb9 100644
> --- a/net/ipv4/sysctl_net_ipv4.c
> +++ b/net/ipv4/sysctl_net_ipv4.c
> @@ -394,27 +394,6 @@ static int proc_tcp_available_ulp(struct ctl_table *ctl,
> .proc_handler = proc_dointvec
> },
> {
> - .procname = "tcp_fastopen",
> - .data = &sysctl_tcp_fastopen,
> - .maxlen = sizeof(int),
> - .mode = 0644,
> - .proc_handler = proc_dointvec,
> - },
> - {
> - .procname = "tcp_fastopen_key",
> - .mode = 0600,
> - .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10),
> - .proc_handler = proc_tcp_fastopen_key,
> - },
> - {
> - .procname = "tcp_fastopen_blackhole_timeout_sec",
> - .data = &sysctl_tcp_fastopen_blackhole_timeout,
> - .maxlen = sizeof(int),
> - .mode = 0644,
> - .proc_handler = proc_tfo_blackhole_detect_timeout,
> - .extra1 = &zero,
> - },
> - {
> .procname = "tcp_abort_on_overflow",
> .data = &sysctl_tcp_abort_on_overflow,
> .maxlen = sizeof(int),
> @@ -1085,6 +1064,27 @@ static int proc_tcp_available_ulp(struct ctl_table
> *ctl,
> .mode = 0644,
> .proc_handler = proc_dointvec
> },
> + {
> + .procname = "tcp_fastopen",
> + .data = &init_net.ipv4.sysctl_tcp_fastopen,
> + .maxlen = sizeof(int),
> + .mode = 0644,
> + .proc_handler = proc_dointvec,
> + },
> + {
> + .procname = "tcp_fastopen_key",
But proc_tcp_fastopen_key() is not per netns yet.
> + .mode = 0600,
> + .maxlen = ((TCP_FASTOPEN_KEY_LENGTH * 2) + 10),
> + .proc_handler = proc_tcp_fastopen_key,
> + },
As a reminder, net-next is closed.
Thanks.
