net/Kconfig | 33 +++++++++++++++++++++++++++++++++ net/core/sysctl_net_core.c | 2 +- 2 files changed, 34 insertions(+), 1 deletion(-)
This adds a Kconfig option to set the default behavior regarding tunnel
fallback devices.
For setups where the initial namespace should also not have these, the
only preexisting option is to use a kernel command line option which
needs to be passed to every kernel invocation, which can be inconvenient
in certain setups.
If a kernel is built for a specific environment this knob allows
disabling the compatibility behavior outright, without requiring any
additional actions.
Signed-off-by: Lorenz Brun <lorenz@monogon.tech>
---
net/Kconfig | 33 +++++++++++++++++++++++++++++++++
net/core/sysctl_net_core.c | 2 +-
2 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/net/Kconfig b/net/Kconfig
index d27d0deac0bf..e4429a017e47 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -447,6 +447,39 @@ config LWTUNNEL_BPF
Allows to run BPF programs as a nexthop action following a route
lookup for incoming and outgoing packets.
+choice
+ prompt "Create fallback tunnel devices"
+ default FB_TUNNELS_DEFAULT_ALL
+ help
+ Fallback tunnel devices predate the Netlink API for managing network
+ devices in Linux and get created when the respective tunnel kernel module
+ is loaded. With a modern userspace these are no longer used but for
+ compatibility reasons the default is to keep them around as the kernel
+ cannot know if a given userspace needs them.
+ There is a sysctl (net.core.fb_tunnels_only_for_init_net) for changing
+ this, but it cannot retroactively remove fallback tunnel devices created
+ before it was changed.
+
+ This knob provides the possibility to set this behavior in the kernel,
+ making it work in all cases. Note that changing this value to anything
+ other than the default will break compatibility with old userspace.
+
+ config FB_TUNNELS_DEFAULT_ALL
+ bool "In every namespace"
+
+ config FB_TUNNELS_DEFAULT_INITNS
+ bool "Only in the initial namespace"
+
+ config FB_TUNNELS_DEFAULT_NONE
+ bool "Never"
+endchoice
+
+config FB_TUNNELS_DEFAULT
+ int
+ default 0 if FB_TUNNELS_DEFAULT_ALL
+ default 1 if FB_TUNNELS_DEFAULT_INITNS
+ default 2 if FB_TUNNELS_DEFAULT_NONE
+
config DST_CACHE
bool
default n
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 86a2476678c4..d9a0b13ceb4a 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -37,7 +37,7 @@ static int min_mem_pcpu_rsv = SK_MEMORY_PCPU_RESERVE;
static int net_msg_warn; /* Unused, but still a sysctl */
-int sysctl_fb_tunnels_only_for_init_net __read_mostly = 0;
+int sysctl_fb_tunnels_only_for_init_net __read_mostly = CONFIG_FB_TUNNELS_DEFAULT;
EXPORT_SYMBOL(sysctl_fb_tunnels_only_for_init_net);
/* 0 - Keep current behavior:
--
2.44.1On Wed, 9 Oct 2024 13:04:19 +0200 Lorenz Brun wrote: > This adds a Kconfig option to set the default behavior regarding tunnel > fallback devices. > For setups where the initial namespace should also not have these, the > only preexisting option is to use a kernel command line option which > needs to be passed to every kernel invocation, which can be inconvenient > in certain setups. > If a kernel is built for a specific environment this knob allows > disabling the compatibility behavior outright, without requiring any > additional actions. I don't hate the idea, but could you comment a bit more on practical usability of such a change? Whatever software depends on the new behavior will likely not work with distro kernels, right? Did you consider kernel boot param?
© 2016 - 2024 Red Hat, Inc.