linux/net/ipv6
Eric Dumazet 79134e6ce2 net: do not create fallback tunnels for non-default namespaces
fallback tunnels (like tunl0, gre0, gretap0, erspan0, sit0,
ip6tnl0, ip6gre0) are automatically created when the corresponding
module is loaded.

These tunnels are also automatically created when a new network
namespace is created, at a great cost.

In many cases, netns are used for isolation purposes, and these
extra network devices are a waste of resources. We are using
thousands of netns per host, and hit the netns creation/delete
bottleneck a lot. (Many thanks to Kirill for recent work on this)

Add a new sysctl so that we can opt-out from this automatic creation.

Note that these tunnels are still created for the initial namespace,
to be the least intrusive for typical setups.

Tested:
lpk43:~# cat add_del_unshare.sh
for i in `seq 1 40`
do
 (for j in `seq 1 100` ; do  unshare -n /bin/true >/dev/null ; done) &
done
wait

lpk43:~# echo 0 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh

real	0m37.521s
user	0m0.886s
sys	7m7.084s
lpk43:~# echo 1 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh

real	0m4.761s
user	0m0.851s
sys	1m8.343s
lpk43:~#

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-09 11:23:11 -05:00
..
ila net: Convert ila_net_ops 2018-02-27 11:01:39 -05:00
netfilter net: Convet ipv6_net_ops 2018-03-08 12:36:45 -05:00
addrconf_core.c net: ipv6: Make inet6addr_validator a blocking notifier 2017-10-20 13:15:07 +01:00
addrconf.c ipv6: allow userspace to add IFA_F_OPTIMISTIC addresses 2018-03-01 13:43:06 -05:00
addrlabel.c net: Convert fib6_net_ops, ipv6_addr_label_ops and ip6_segments_ops 2018-02-19 14:19:11 -05:00
af_inet6.c net: Convert inet6_net_ops 2018-02-19 14:19:09 -05:00
ah6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
anycast.c net/ipv6: Pass skb to route lookup 2018-03-04 13:04:22 -05:00
calipso.c net, calipso: convert calipso_doi.refcount from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
datagram.c net: ipv6: Allow connect to linklocal address from socket bound to vrf 2018-01-08 14:11:18 -05:00
esp6_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-23 13:51:56 -05:00
esp6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
exthdrs_core.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
exthdrs_offload.c
exthdrs.c ipv6: sr: fix TLVs not being copied using setsockopt 2018-01-10 16:03:55 -05:00
fib6_notifier.c net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib6_rules.c net/ipv6: Pass skb to route lookup 2018-03-04 13:04:22 -05:00
fou6.c
icmp.c net/ipv6: Add support for path selection using hash of 5-tuple 2018-03-04 13:04:23 -05:00
inet6_connection_sock.c
inet6_hashtables.c inet: Add a 2nd listener hashtable (port+addr) 2017-12-03 10:18:28 -05:00
ip6_checksum.c udplite: fix partial checksum initialization 2018-02-16 15:57:42 -05:00
ip6_fib.c net/ipv6: Pass skb to route lookup 2018-03-04 13:04:22 -05:00
ip6_flowlabel.c net: Convert ip6_flowlabel_net_ops 2018-02-19 14:19:11 -05:00
ip6_gre.c net: do not create fallback tunnels for non-default namespaces 2018-03-09 11:23:11 -05:00
ip6_icmp.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip6_input.c
ip6_offload.c gso: fix payload length when gso_size is zero 2017-10-08 10:12:15 -07:00
ip6_offload.h
ip6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-06 01:20:46 -05:00
ip6_tunnel.c net: do not create fallback tunnels for non-default namespaces 2018-03-09 11:23:11 -05:00
ip6_udp_tunnel.c
ip6_vti.c net/ipv6: Pass skb to route lookup 2018-03-04 13:04:22 -05:00
ip6mr.c ip6mr: remove synchronize_rcu() in favor of SOCK_RCU_FREE 2018-03-07 18:13:41 -05:00
ipcomp6.c
ipv6_sockglue.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
Kconfig ipmr,ipmr6: Define a uniform vif_device 2018-03-01 13:13:23 -05:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mcast_snoop.c
mcast.c net/ipv6: Pass skb to route lookup 2018-03-04 13:04:22 -05:00
mip6.c
ndisc.c ipv6: ndisc: use true and false for boolean values 2018-03-07 12:19:47 -05:00
netfilter.c netfilter: use skb_to_full_sk in ip6_route_me_harder 2018-02-25 20:51:13 +01:00
output_core.c net: accept UFO datagrams from tuntap and packet 2017-11-24 01:37:35 +09:00
ping.c net: Convert ping_v6_net_ops 2018-02-19 14:19:11 -05:00
proc.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
protocol.c
raw.c net: Convert raw6_net_ops, udplite6_net_ops, ipv6_proc_ops, if6_proc_net_ops and ip6_route_net_late_ops 2018-02-19 14:19:10 -05:00
reassembly.c net: Convert ip6_frags_ops 2018-02-19 14:19:11 -05:00
route.c net/ipv6: Add support for path selection using hash of 5-tuple 2018-03-04 13:04:23 -05:00
seg6_hmac.c ipv6: sr: Use ARRAY_SIZE macro 2017-09-01 18:35:23 -07:00
seg6_iptunnel.c ipv6: sr: add support for encapsulation of L2 frames 2017-08-25 17:10:23 -07:00
seg6_local.c net/ipv6: Pass skb to route lookup 2018-03-04 13:04:22 -05:00
seg6.c net: Convert fib6_net_ops, ipv6_addr_label_ops and ip6_segments_ops 2018-02-19 14:19:11 -05:00
sit.c net: do not create fallback tunnels for non-default namespaces 2018-03-09 11:23:11 -05:00
syncookies.c tcp: Namespace-ify sysctl_tcp_workaround_signed_windows 2017-10-28 19:24:38 +09:00
sysctl_net_ipv6.c net/ipv6: Add support for path selection using hash of 5-tuple 2018-03-04 13:04:23 -05:00
tcp_ipv6.c net: Convert tcpv6_net_ops 2018-02-19 14:19:10 -05:00
tcpv6_offload.c gso: validate gso_type in GSO handlers 2018-01-22 16:01:30 -05:00
tunnel6.c
udp_impl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
udp_offload.c gso: validate gso_type in GSO handlers 2018-01-22 16:01:30 -05:00
udp.c net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
udplite.c net: Convert ip_tables_net_ops, udplite6_net_ops and xt_net_ops 2018-02-19 14:19:12 -05:00
xfrm6_input.c xfrm: Reinject transport-mode packets through tasklet 2017-12-19 08:23:21 +01:00
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-24 23:44:15 -05:00
xfrm6_output.c net: xfrm: use skb_gso_validate_network_len() to check gso sizes 2018-03-04 17:49:17 -05:00
xfrm6_policy.c net: Convert xfrm6_net_ops 2018-02-19 14:19:11 -05:00
xfrm6_protocol.c
xfrm6_state.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
xfrm6_tunnel.c net: Convert simple pernet_operations 2018-02-27 11:01:35 -05:00