* netlink versus pid namespaces
@ 2010-10-15 14:23 Andi Kleen
2010-10-15 15:19 ` Alexey Kuznetsov
0 siblings, 1 reply; 3+ messages in thread
From: Andi Kleen @ 2010-10-15 14:23 UTC (permalink / raw)
To: netdev, xemul, kuznet, virtualization
Hi,
I have been trying to figure out how pid namespaces interact
with netlink.
netlink uses pids (or really tids I hope?) to address sockets
associated with processes.
The netlink code passes around pids without caring much about
the pid namespace. It does pass around some information about the
network namespace, but that doesn't help here because the pid
namespace is not necessarily related to the net namespace.
When the netlink consumer runs in kernel (like rtnetlink) and
happens to run in the same process context while receiving
and processing the data it should do the right thing because
it has the same pid namespace.
If it runs in some other process that is not guaranteed and
it may actually send the reply back to the wrong pid.
When a process receives netlink in user space and it isn't
in the same pid space as the sender it is unlikely that
the reply gets back.
Anything I'm missing here?
Does netlink need to be extended?
Or perhaps forbid passing netlink between name spaces?
Thanks,
-Andi
--
ak@linux.intel.com -- Speaking for myself only.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: netlink versus pid namespaces
2010-10-15 14:23 netlink versus pid namespaces Andi Kleen
@ 2010-10-15 15:19 ` Alexey Kuznetsov
2010-10-15 15:23 ` Andi Kleen
0 siblings, 1 reply; 3+ messages in thread
From: Alexey Kuznetsov @ 2010-10-15 15:19 UTC (permalink / raw)
To: Andi Kleen; +Cc: netdev, xemul, virtualization
Hello!
> netlink uses pids (or really tids I hope?) to address sockets
> associated with processes.
Not really. It uses port number which is called "pid" occasionally. Bad name.
Autobind function simply selects tgid of calling process as the first guess.
Actually sockets are addressed by pair (net namespace, port) and
communication is possible only inside net namespace. So, communication
between namespaces is already prohibited.
pid namespaces do not participate in the picture at all.
Alexey
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: netlink versus pid namespaces
2010-10-15 15:19 ` Alexey Kuznetsov
@ 2010-10-15 15:23 ` Andi Kleen
0 siblings, 0 replies; 3+ messages in thread
From: Andi Kleen @ 2010-10-15 15:23 UTC (permalink / raw)
To: Alexey Kuznetsov; +Cc: Andi Kleen, netdev, xemul, virtualization
On Fri, Oct 15, 2010 at 07:19:03PM +0400, Alexey Kuznetsov wrote:
> Hello!
>
> > netlink uses pids (or really tids I hope?) to address sockets
> > associated with processes.
>
> Not really. It uses port number which is called "pid" occasionally. Bad name.
> Autobind function simply selects tgid of calling process as the first guess.
Thanks for the clarification, Alexey. I guess I should have read more
code :/
-Andi
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-10-15 15:23 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-15 14:23 netlink versus pid namespaces Andi Kleen
2010-10-15 15:19 ` Alexey Kuznetsov
2010-10-15 15:23 ` Andi Kleen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).