Re: [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD]

[Nicolas Dichtel <nicolas.dichtel@6wind.com>]

Le 04/02/2015 21:33, Arvid Brodin a écrit :
> On 2015-02-02 16:58, Nicolas Dichtel wrote:
>> Le 30/01/2015 21:00, Arvid Brodin a écrit :
>>> On 2015-01-26 22:28, Nicolas Dichtel wrote:
[snip]
> Ok, so x-netns simply means cross-netns?
Yes
>
[snip]
>> Now, the question is: does HSR really work across netns? Why is the flag
>> NETIF_F_NETNS_LOCAL set?
>> dev_forward_skb() may be used to forward an skbuff to another netns.
>
> Here is the code snippet that sets NETIF_F_NETNS_LOCAL:
> 	/* Not sure about this. Taken from bridge code. netdev_features.h says
> 	 * it means "Does not change network namespaces".
> 	 */
> 	dev->features |= NETIF_F_NETNS_LOCAL;
>
> HSR is a bit like a bridge since it forwards packets between interfaces on the
> same Ethernet network, and the bridge code sets NETIF_F_NETNS_LOCAL. And that's
> really all the reason for the inclusion of the flag - i.e. it should be removed
> if it doesn't make sense.
>
> So, does it make sense? I'm not sure exactly, but I don't think it makes sense
> to have slaves that are in different namespaces - they are supposed to be part
> of the same ethernet network after all. But maybe having the HSR interface in a
> different namespace than the two slaves could make sense - this way you could
> force an application to only communicate using the HSR protocol, and not use any
> of the slave interfaces directly.
>
> If you agree with the above, then I guess that means NETIF_F_NETNS_LOCAL should
> not be set?
It's ok for me. But I think some tests should be done. Usually,
dev_forward_skb() or skb_scrub_packet() are called to clean structures when a
skb crosses netns.