Re: [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD]

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Alexander Aring <alex.aring@gmail.com>
To: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: netdev@vger.kernel.org, davem@davemloft.net,
	arvid.brodin@alten.se, linux-wpan@vger.kernel.org
Subject: Re: [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD]
Date: Tue, 27 Jan 2015 15:06:36 +0100	[thread overview]
Message-ID: <20150127140620.GA8941@omega> (raw)
In-Reply-To: <54C7928F.9010002@6wind.com>

Hi,

On Tue, Jan 27, 2015 at 02:28:47PM +0100, Nicolas Dichtel wrote:
...
> >With the check of "!net_eq(src_net, &init_net)" we need to be sure
> >that the wpan interface is always in "init_net". This means we need
> >definitely a dev->features |= NETIF_F_NETNS_LOCAL; somewhere in [0].
> >
> >To adding "dev->features |= NETIF_F_NETNS_LOCAL;" for a 6LoWPAN interface,
> >I am not sure about this. I didn't test it yet and it will not break
> >anything, but we will lost the support for making net namespaces stuff
> >inside the IPv6/(netfilter) stack.
> Adding NETIF_F_NETNS_LOCAL does not mean that the netdevice can be used only
> in init_net, this flag means that the netdevice cannot be moved to another
> netns. You can still create a netdevice in another netns (if wpan0 is in netns
> foo):
> 
> $ ip netns exec foo ip link add link wpan0 name lowpan0 type lowpan
> 
> I don't know how wpan0 is created and if this interface can be created directly
> in another netns than init_net.
> 

no it can't. The wpan0 interface can be created via the 802.15.4
userspace tools and we don't have such option for namespaces. It
should be always to init_net while creation.

> >
> >
> >Summarize:
> >
> >I would add the dev->features |= NETIF_F_NETNS_LOCAL; while wpan
> >interface generation and add only the !net_eq(src_net, &init_net) check
> >above. I suppose that src_net is the net namespace from "underlaying"
> >interface wpan by calling:
> >
> >$ ip link add link wpan0 name lowpan0 type lowpan
> No. src_net is the netns where the ip command is launched. With this patch, my

ah, and when no "ip netns" is given it's default to init_net?


Okay, then I agree with that both interfaces should be set

dev->features |= NETIF_F_NETNS_LOCAL

because both interfaces should started with "init_net" as default
namespace. For wpan interface this should always be in "init_net",
because we don't set anything while creation.

For 6LoWPAN interface this should also always in the same namespace like
the wpan interface and not diffrent namespace between link (wpan) and
virtual (6LoWPAN) interface.

Do you agree with that?

- Alex

next prev parent reply	other threads:[~2015-01-27 14:06 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-26 21:28 [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD] Nicolas Dichtel
2015-01-26 21:28 ` [PATCH net 1/2] caif: remove wrong dev_net_set() call Nicolas Dichtel
2015-01-27 11:34   ` Nicolas Dichtel
2015-01-27 12:41     ` Bjørn Mork
2015-01-27 12:50       ` Nicolas Dichtel
2015-01-28 15:07   ` Nicolas Dichtel
2015-01-26 21:28 ` [PATCH net 2/2] vxlan: setup the right link netns in newlink hdlr Nicolas Dichtel
2015-01-27  9:34 ` [PATCH net 0/2] netns: audit netdevice creation with IFLA_NET_NS_[PID|FD] Alexander Aring
2015-01-27 10:32   ` Nicolas Dichtel
2015-01-27 12:23     ` Alexander Aring
2015-01-27 12:51       ` Alexander Aring
2015-01-27 13:28       ` Nicolas Dichtel
2015-01-27 14:06         ` Alexander Aring [this message]
2015-01-27 14:50           ` Nicolas Dichtel
2015-01-27 20:26             ` Alexander Aring
2015-01-28  9:37               ` Nicolas Dichtel
2015-01-29 22:20 ` David Miller
2015-01-30 20:00 ` Arvid Brodin
2015-02-02 15:58   ` Nicolas Dichtel
2015-02-04 20:33     ` Arvid Brodin
2015-02-05 14:34       ` Nicolas Dichtel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150127140620.GA8941@omega \
    --to=alex.aring@gmail.com \
    --cc=arvid.brodin@alten.se \
    --cc=davem@davemloft.net \
    --cc=linux-wpan@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=nicolas.dichtel@6wind.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).