Re: [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD]

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Alexander Aring <alex.aring@gmail.com>
To: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: netdev@vger.kernel.org, davem@davemloft.net,
	arvid.brodin@alten.se, linux-wpan@vger.kernel.org
Subject: Re: [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD]
Date: Tue, 27 Jan 2015 13:51:31 +0100	[thread overview]
Message-ID: <20150127125130.GB4338@omega> (raw)
In-Reply-To: <20150127122340.GA4338@omega>

On Tue, Jan 27, 2015 at 01:23:40PM +0100, Alexander Aring wrote:
...
> Summarize:
> 
> I would add the dev->features |= NETIF_F_NETNS_LOCAL; while wpan
> interface generation and add only the !net_eq(src_net, &init_net) check
> above. I suppose that src_net is the net namespace from "underlaying"
> interface wpan by calling:
> 
> $ ip link add link wpan0 name lowpan0 type lowpan
> 

should look something like:

diff --git a/net/ieee802154/6lowpan/core.c b/net/ieee802154/6lowpan/core.c
index 055fbb7..a44963c 100644
--- a/net/ieee802154/6lowpan/core.c
+++ b/net/ieee802154/6lowpan/core.c
@@ -148,10 +148,11 @@ static int lowpan_newlink(struct net *src_net, struct net_device *dev,
 
        pr_debug("adding new link\n");
 
-       if (!tb[IFLA_LINK])
+       if (!tb[IFLA_LINK] |
+           !net_eq(src_net, &init_net))
                return -EINVAL;
        /* find and hold real wpan device */
-       real_dev = dev_get_by_index(src_net, nla_get_u32(tb[IFLA_LINK]));
+       real_dev = dev_get_by_index(&init_net, nla_get_u32(tb[IFLA_LINK]));
        if (!real_dev)
                return -ENODEV;
        if (real_dev->type != ARPHRD_IEEE802154) {
diff --git a/net/ieee802154/core.c b/net/ieee802154/core.c
index 18bc7e7..161f0e5 100644
--- a/net/ieee802154/core.c
+++ b/net/ieee802154/core.c
@@ -229,6 +229,8 @@ static int cfg802154_netdev_notifier_call(struct notifier_block *nb,
                list_add_rcu(&wpan_dev->list, &rdev->wpan_dev_list);
                rdev->devlist_generation++;
 
+               /* can only change netns with wpan_phy */
+               dev->features |= NETIF_F_NETNS_LOCAL;
                wpan_dev->netdev = dev;
                break;
        case NETDEV_DOWN:
--


In ieee802154/core.c we set (like wireless it also does) the
dev->features |= NETIF_F_NETNS_LOCAL; for wpan interface.


In net/ieee802154/6lowpan/core.c, we only check if the wpan interface
belongs to !net_eq(src_net, &init_net).


On 6LoWPAN 802.15.4 interfaces it should be still possible to change
the net namespace.

- Alex

next prev parent reply	other threads:[~2015-01-27 12:51 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-26 21:28 [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD] Nicolas Dichtel
2015-01-26 21:28 ` [PATCH net 1/2] caif: remove wrong dev_net_set() call Nicolas Dichtel
2015-01-27 11:34   ` Nicolas Dichtel
2015-01-27 12:41     ` Bjørn Mork
2015-01-27 12:50       ` Nicolas Dichtel
2015-01-28 15:07   ` Nicolas Dichtel
2015-01-26 21:28 ` [PATCH net 2/2] vxlan: setup the right link netns in newlink hdlr Nicolas Dichtel
2015-01-27  9:34 ` [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD] Alexander Aring
2015-01-27 10:32   ` Nicolas Dichtel
2015-01-27 12:23     ` Alexander Aring
2015-01-27 12:51       ` Alexander Aring [this message]
2015-01-27 13:28       ` Nicolas Dichtel
2015-01-27 14:06         ` Alexander Aring
2015-01-27 14:50           ` Nicolas Dichtel
2015-01-27 20:26             ` Alexander Aring
2015-01-28  9:37               ` Nicolas Dichtel
2015-01-29 22:20 ` David Miller
2015-01-30 20:00 ` Arvid Brodin
2015-02-02 15:58   ` Nicolas Dichtel
2015-02-04 20:33     ` Arvid Brodin
2015-02-05 14:34       ` Nicolas Dichtel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:055fbb7 dfblob:a44963c dfblob:18bc7e7 dfblob:161f0e5 )
 OR (
bs:"Re: [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD]" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150127125130.GB4338@omega \
    --to=alex.aring@gmail.com \
    --cc=arvid.brodin@alten.se \
    --cc=davem@davemloft.net \
    --cc=linux-wpan@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=nicolas.dichtel@6wind.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).