linux/net/ipv4
Eric Dumazet 79134e6ce2 net: do not create fallback tunnels for non-default namespaces
fallback tunnels (like tunl0, gre0, gretap0, erspan0, sit0,
ip6tnl0, ip6gre0) are automatically created when the corresponding
module is loaded.

These tunnels are also automatically created when a new network
namespace is created, at a great cost.

In many cases, netns are used for isolation purposes, and these
extra network devices are a waste of resources. We are using
thousands of netns per host, and hit the netns creation/delete
bottleneck a lot. (Many thanks to Kirill for recent work on this)

Add a new sysctl so that we can opt-out from this automatic creation.

Note that these tunnels are still created for the initial namespace,
to be the least intrusive for typical setups.

Tested:
lpk43:~# cat add_del_unshare.sh
for i in `seq 1 40`
do
 (for j in `seq 1 100` ; do  unshare -n /bin/true >/dev/null ; done) &
done
wait

lpk43:~# echo 0 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh

real	0m37.521s
user	0m0.886s
sys	7m7.084s
lpk43:~# echo 1 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh

real	0m4.761s
user	0m0.851s
sys	1m8.343s
lpk43:~#

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-09 11:23:11 -05:00
..
netfilter net: Convert ipv4_net_ops 2018-03-08 12:36:45 -05:00
af_inet.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
ah4.c net: use -ENOSPC for transient busy indication 2017-11-03 22:11:17 +08:00
arp.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
cipso_ipv4.c
datagram.c
devinet.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
esp4_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-23 13:51:56 -05:00
esp4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-17 00:10:42 -05:00
fib_frontend.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
fib_lookup.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fib_notifier.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fib_rules.c ipv6: route: dissect flow in input path if fib rules need it 2018-02-28 22:44:44 -05:00
fib_semantics.c net/ipv4: Pass net to fib_multipath_hash instead of fib_info 2018-03-04 13:04:21 -05:00
fib_trie.c net: make kmem caches as __ro_after_init 2018-02-26 15:11:48 -05:00
fou.c net: Convert fou_net_ops 2018-03-05 10:48:28 -05:00
gre_demux.c
gre_offload.c
icmp.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
igmp.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
inet_connection_sock.c Revert "defer call to mem_cgroup_sk_alloc()" 2018-02-02 19:49:31 -05:00
inet_diag.c inet_diag: Add equal-operator for ports 2018-01-02 13:54:04 -05:00
inet_fragment.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
inet_hashtables.c inet: Avoid unitialized variable warning in inet_unhash() 2018-02-01 09:48:42 -05:00
inet_timewait_sock.c net: Convert atomic_t net::count to refcount_t 2018-01-15 14:23:42 -05:00
inetpeer.c net: make kmem caches as __ro_after_init 2018-02-26 15:11:48 -05:00
ip_forward.c net: rename skb_gso_validate_mtu -> skb_gso_validate_network_len 2018-03-04 17:49:17 -05:00
ip_fragment.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
ip_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-06 01:20:46 -05:00
ip_input.c
ip_options.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip_output.c net: rename skb_gso_validate_mtu -> skb_gso_validate_network_len 2018-03-04 17:49:17 -05:00
ip_sockglue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-02-24 00:04:20 -05:00
ip_tunnel_core.c
ip_tunnel.c net: do not create fallback tunnels for non-default namespaces 2018-03-09 11:23:11 -05:00
ip_vti.c net: Convert ipgre_net_ops, ipgre_tap_net_ops, erspan_net_ops, vti_net_ops and ipip_net_ops 2018-02-27 11:01:37 -05:00
ipcomp.c
ipconfig.c ipconfig: use dev_set_mtu() 2018-01-24 19:13:45 -05:00
ipip.c net: Convert ipgre_net_ops, ipgre_tap_net_ops, erspan_net_ops, vti_net_ops and ipip_net_ops 2018-02-27 11:01:37 -05:00
ipmr_base.c ipmr, ip6mr: Unite dumproute flows 2018-03-01 13:13:23 -05:00
ipmr.c ipmr, ip6mr: Unite dumproute flows 2018-03-01 13:13:23 -05:00
Kconfig ipmr,ipmr6: Define a uniform vif_device 2018-03-01 13:13:23 -05:00
Makefile ipmr,ipmr6: Define a uniform vif_device 2018-03-01 13:13:23 -05:00
netfilter.c netfilter: remove struct nf_afinfo and its helper functions 2018-01-08 18:11:02 +01:00
ping.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
proc.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
protocol.c
raw_diag.c
raw.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
route.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-06 01:20:46 -05:00
syncookies.c
sysctl_net_ipv4.c net: Rename NETEVENT_MULTIPATH_HASH_UPDATE 2018-03-04 13:04:22 -05:00
tcp_bbr.c tcp_bbr: remove bbr->tso_segs_goal 2018-03-01 21:44:28 -05:00
tcp_bic.c
tcp_cdg.c
tcp_cong.c tcp: Namespace-ify sysctl_tcp_default_congestion_control 2017-11-15 14:09:52 +09:00
tcp_cubic.c
tcp_dctcp.c
tcp_diag.c net: sock: replace sk_state_load with inet_sk_state_load and remove sk_state_store 2017-12-20 14:00:25 -05:00
tcp_fastopen.c tcp: pause Fast Open globally after third consecutive timeout 2017-12-13 15:51:12 -05:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c net/tcp/illinois: replace broken algorithm reference link 2018-02-28 12:03:47 -05:00
tcp_input.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-06 01:20:46 -05:00
tcp_ipv4.c tcp: remove dead code after CHECKSUM_PARTIAL adoption 2018-02-21 14:24:14 -05:00
tcp_lp.c
tcp_metrics.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
tcp_minisocks.c tcp: try to keep packet if SYN_RCV race is lost 2018-02-14 14:21:45 -05:00
tcp_nv.c tcp_nv: fix potential integer overflow in tcpnv_acked 2018-01-31 10:26:30 -05:00
tcp_offload.c gso: validate gso_type in GSO handlers 2018-01-22 16:01:30 -05:00
tcp_output.c tcp_bbr: better deal with suboptimal GSO (II) 2018-03-01 21:44:28 -05:00
tcp_rate.c tcp: invalidate rate samples during SACK reneging 2017-12-08 10:07:02 -05:00
tcp_recovery.c tcp: evaluate packet losses upon RTT change 2017-12-08 14:14:11 -05:00
tcp_scalable.c
tcp_timer.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-29 10:15:51 -05:00
tcp_ulp.c net: add a UID to use for ULP socket assignment 2018-02-06 11:39:31 +01:00
tcp_vegas.c
tcp_vegas.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c tcp: add ca_state stat in SCM_TIMESTAMPING_OPT_STATS 2018-03-05 10:40:48 -05:00
tunnel4.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
udp_diag.c
udp_impl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
udp_offload.c gso: validate gso_type in GSO handlers 2018-01-22 16:01:30 -05:00
udp_tunnel.c
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-02-19 18:46:11 -05:00
udplite.c net: Convert pernet_subsys, registered from inet_init() 2018-02-13 10:36:08 -05:00
xfrm4_input.c xfrm: Reinject transport-mode packets through tasklet 2017-12-19 08:23:21 +01:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-24 23:44:15 -05:00
xfrm4_output.c net: xfrm: use skb_gso_validate_network_len() to check gso sizes 2018-03-04 17:49:17 -05:00
xfrm4_policy.c inet: whitespace cleanup 2018-02-28 11:43:28 -05:00
xfrm4_protocol.c
xfrm4_state.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm4_tunnel.c