From: "Denis V. Lunev" <den@sw.ru>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: David Miller <davem@davemloft.net>,
Linux Containers <containers@lists.osdl.org>,
netdev@vger.kernel.org, devel@openvz.org,
Pavel Emelianov <xemul@sw.ru>, Kirill Korotaev <dev@sw.ru>
Subject: Re: [Devel] [PATCH 1/5] net: Modify all rtnetlink methods to only work in the initial namespace
Date: Wed, 10 Oct 2007 16:35:02 +0400 [thread overview]
Message-ID: <470CC6F6.60706@sw.ru> (raw)
In-Reply-To: <m1myv69tfu.fsf@ebiederm.dsl.xmission.com>
Eric W. Biederman wrote:
> Before I can enable rtnetlink to work in all network namespaces
> I need to be certain that something won't break. So this
> patch deliberately disables all of the rtnletlink methods in everything
> except the initial network namespace. After the methods have been
> audited this extra check can be disabled.
>
[...]
> static int br_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
> {
> + struct net *net = skb->sk->sk_net;
> struct net_device *dev;
> int idx;
>
I've read some code today greping 'init_net.loopback_dev' and found
interesting non-trivial for me issue.
Network namespace is extracted from the packet in two different ways in
TCP. This is a socket for outgoing path and a device for incoming.
Though, there are some places called uniformly both from incoming and
outgoing path.
Typical example is netfilters. They are called uniformly all around the
code. The prototype is the following:
static unsigned int reject6_target(struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo);
So, we are bound to the following options:
- perform additional non-uniform hacks around to place 'struct net' into
other and other structures like xt_target
- add 7th parameter here and over
- introduce an skb_net field in the 'struct sk_buff' making all code
uniform, at least when we have an skb
I think that this is not the last place with such a parameter list and
we should make a decision at this point when the code in not mainline yet.
As far as I understand, netfilters are not touched by the Eric and we
can face some non-trivial problems there.
So, if my point about uniformity is valid, this patchset looks wrong and
should be re-worked :(
Regards,
Den
next prev parent reply other threads:[~2007-10-10 12:35 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-29 1:00 [PATCH 1/5] net: Modify all rtnetlink methods to only work in the initial namespace Eric W. Biederman
2007-09-29 1:00 ` Eric W. Biederman
2007-09-29 1:02 ` [PATCH 2/5] net: Make rtnetlink infrastructure network namespace aware Eric W. Biederman
2007-09-29 1:02 ` Eric W. Biederman
[not found] ` <m1hcle9td8.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-09-29 1:04 ` [PATCH 3/5] net: Make the netlink methods in rtnetlink handle multiple network namespaces Eric W. Biederman
2007-09-29 1:07 ` [PATCH 4/5] net: Make AF_PACKET " Eric W. Biederman
2007-09-29 1:07 ` Eric W. Biederman
2007-09-29 1:08 ` [PATCH 5/5] net: Make AF_UNIX per network namespace safe Eric W. Biederman
2007-09-29 1:08 ` Eric W. Biederman
2007-09-29 15:47 ` Patrick McHardy
2007-09-29 17:03 ` Eric W. Biederman
2007-09-29 17:50 ` Patrick McHardy
2007-09-29 15:44 ` [PATCH 2/5] net: Make rtnetlink infrastructure network namespace aware Patrick McHardy
2007-09-29 16:51 ` Eric W. Biederman
2007-09-29 17:48 ` Patrick McHardy
2007-09-29 21:00 ` Eric W. Biederman
2007-09-30 13:13 ` [Devel] " Denis V. Lunev
2007-09-30 15:39 ` Patrick McHardy
2007-10-01 8:26 ` [Devel] " Denis V. Lunev
2007-10-01 8:45 ` Eric W. Biederman
2007-10-10 12:35 ` Denis V. Lunev [this message]
2007-10-10 14:05 ` [Devel] [PATCH 1/5] net: Modify all rtnetlink methods to only work in the initial namespace Daniel Lezcano
2007-10-10 14:29 ` Denis V. Lunev
2007-10-10 19:37 ` Eric W. Biederman
[not found] ` <m13awilq1r.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-11 6:36 ` Denis V. Lunev
[not found] ` <470DC48A.30603-3ImXcnM4P+0@public.gmane.org>
2007-10-11 7:57 ` Eric W. Biederman
[not found] ` <m1r6k2gk2w.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-11 12:18 ` Denis V. Lunev
[not found] ` <470E149A.3040803-3ImXcnM4P+0@public.gmane.org>
2007-10-11 17:08 ` Eric W. Biederman
[not found] ` <m1przlbmu4.fsf-T1Yj925okcoyDheHMi7gv2pdwda3JcWeAL8bYrjMMd8@public.gmane.org>
2007-10-11 17:28 ` Denis V. Lunev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=470CC6F6.60706@sw.ru \
--to=den@sw.ru \
--cc=containers@lists.osdl.org \
--cc=davem@davemloft.net \
--cc=dev@sw.ru \
--cc=devel@openvz.org \
--cc=ebiederm@xmission.com \
--cc=netdev@vger.kernel.org \
--cc=xemul@sw.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.