From: ebiederm@xmission.com (Eric W. Biederman)
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH] ipv4: Disallow non-namespace aware protocols to register.
Date: Fri, 15 Feb 2013 12:05:18 -0800 [thread overview]
Message-ID: <87a9r5tkap.fsf@xmission.com> (raw)
In-Reply-To: <20130215.134136.798843717749865061.davem@davemloft.net> (David Miller's message of "Fri, 15 Feb 2013 13:41:36 -0500 (EST)")
David Miller <davem@davemloft.net> writes:
> From: ebiederm@xmission.com (Eric W. Biederman)
> Date: Thu, 14 Feb 2013 22:25:26 -0800
>
>> David Miller <davem@davemloft.net> writes:
>>
>>> All in-tree ipv4 protocol implementations are now namespace
>>> aware. Therefore all the run-time checks are superfluous.
>>>
>>> Reject registry of any non-namespace aware ipv4 protocol.
>>> Eventually we'll remove prot->netns_ok and this registry
>>> time check as well.
>>
>> It has been a long time coming but this is very cool to see we have
>> finally made all of ipv4 network namespace aware.
>
> BTW, I took a look at ipv6 and unlike ipv4 there seems to be no sanity
> checks or per-protocol booleans indicating proper netns support.
>
> Is my interpretation right that ipv6 just assumes all registered
> protocols are netns aware at this point?
It looks like when the ipv6 network namespace work was done work that
check was not added to the ipv6 code :( I skimmed through the history
and I don't see any signs that anything was every done with struct
inet6_protocol. Nor when I looked at the addition of netns support to
the ipv6 udp code were there any switches flipped.
> If so that was definitely a bug, because things like l2tp have an
> ipv6 component and were not fully netns aware until very recently.
Agreed it was a bug.
I have just read through all of the handlers registered with
inet6_add_protocol in my 3.8 development tree and it appears that
everything except l2tp has network namespace support. And l2tp is fixed
in net-next so we appear to be good now.
Eric
next prev parent reply other threads:[~2013-02-15 20:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-05 19:43 [PATCH] ipv4: Disallow non-namespace aware protocols to register David Miller
2013-02-15 6:25 ` Eric W. Biederman
2013-02-15 18:41 ` David Miller
2013-02-15 20:05 ` Eric W. Biederman [this message]
2013-02-15 20:09 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a9r5tkap.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.