| From: |
| cgel.zte-AT-gmail.com |
| To: |
| davem-AT-davemloft.net, kuba-AT-kernel.org, yoshfuji-AT-linux-ipv6.org, dsahern-AT-kernel.org |
| Subject: |
| [PATCH v2 0/3] Namespaceify two sysctls related with route |
| Date: |
| Wed, 24 Aug 2022 02:00:51 +0000 |
| Message-ID: |
| <20220824020051.213658-1-xu.xin16@zte.com.cn> |
| Cc: |
| netdev-AT-vger.kernel.org, linl-AT-vger.kernel.org, xu.xin16-AT-zte.com.cn |
| Archive-link: |
| Article |
From: xu xin <xu.xin16@zte.com.cn>
With the rise of cloud native, more and more container applications are
deployed. The network namespace is one of the foundations of the container.
The sysctls of error_cost and error_burst are important knobs to control
the sending frequency of ICMP_DEST_UNREACH packet for ipv4. When different
containers has requirements on the tuning of error_cost and error_burst,
for host's security, the sysctls should exist per network namespace.
Different netns has different requirements on the setting of error_cost
and error_burst, which are related with limiting the frequency of sending
ICMP_DEST_UNREACH packets. Enable them to be configured per netns.
v1->v2:
Change the format of Signed-off-by, remove team's signoff.
*** BLURB HERE ***
xu xin (3):
ipv4: Namespaceify route/error_cost knob
ipv4: Namespaceify route/error_burst knob
ipv4: add documentation of two sysctls about icmp
Documentation/networking/ip-sysctl.rst | 17 ++++++++++
include/net/netns/ipv4.h | 2 ++
net/ipv4/route.c | 45 ++++++++++++++------------
3 files changed, 44 insertions(+), 20 deletions(-)
--
2.25.1
