From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jiri Pirko <jiri@resnulli.us>
Subject: Re: [patch net] net: forbid netdev used by mirred tc act from being
 moved to another netns
Date: Tue, 14 Nov 2017 07:35:51 +0100
Message-ID: <20171114063551.GB1890@nanopsycho>
References: <20171113140541.1128-1-jiri@resnulli.us>
 <CAM_iQpXVmPnvMNYmY1n1TknCHakOqj8Xt56CDtcaumLaOuT0Sw@mail.gmail.com>
 <20171114051752.GA1890@nanopsycho>
 <CAM_iQpXigUNHruJa+YwTyWMS24aTkpnQwUMcB1uNftwWgnjsYQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Linux Kernel Network Developers <netdev@vger.kernel.org>,
        David Miller <davem@davemloft.net>,
        Jamal Hadi Salim <jhs@mojatatu.com>, mlxsw@mellanox.com,
        Ido Schimmel <idosch@mellanox.com>,
        Eric Dumazet <edumazet@google.com>,
        Willem de Bruijn <willemb@google.com>,
        tcharding <me@tobin.cc>,
        John Fastabend <john.fastabend@gmail.com>,
        Jakub Kicinski <jakub.kicinski@netronome.com>,
        Daniel Borkmann <daniel@iogearbox.net>
To: Cong Wang <xiyou.wangcong@gmail.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-wm0-f44.google.com ([74.125.82.44]:51925 "EHLO
        mail-wm0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751736AbdKNGfy (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 14 Nov 2017 01:35:54 -0500
Received: by mail-wm0-f44.google.com with SMTP id b189so12718437wmd.0
        for <netdev@vger.kernel.org>; Mon, 13 Nov 2017 22:35:54 -0800 (PST)
Content-Disposition: inline
In-Reply-To: <CAM_iQpXigUNHruJa+YwTyWMS24aTkpnQwUMcB1uNftwWgnjsYQ@mail.gmail.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

Tue, Nov 14, 2017 at 06:51:42AM CET, xiyou.wangcong@gmail.com wrote:
>On Mon, Nov 13, 2017 at 9:17 PM, Jiri Pirko <jiri@resnulli.us> wrote:
>> Mon, Nov 13, 2017 at 08:53:57PM CET, xiyou.wangcong@gmail.com wrote:
>>>On Mon, Nov 13, 2017 at 6:05 AM, Jiri Pirko <jiri@resnulli.us> wrote:
>>>> From: Jiri Pirko <jiri@mellanox.com>
>>>>
>>>> Currently, user may choose to move device that is used by mirred action
>>>> to another network namespace. That is wrong as the action still remains
>>>> in the original namespace and references non-existing ifindex.
>>>
>>>It is a pure display issue, the action itself should function well
>>>because we only use ifindex to lookup netdevice once and
>>>we save the netdevice pointer in action.
>>>
>>>If you really want to fix it, just tell iprout2 to display netnsid together
>>>with ifindex.
>>
>> It is not only display issue. I think it is wrong to let a netdevice
>
>What's wrong with it? Is it mis-functioning?

Nope.

>
>> dissapear from underneath the mirred action. You certainly cannot add an
>
>
>It disappears only because we don't display it properly, nothing else.

Okay.

>
>
>> action mirred with device from another net namespace. So should we allow
>> that?
>
>On the other hand why linking a device to mirred action prevents it
>from moving to another netns? Also, device can be moved back too.
>
>I don't see anything wrong with it except displaying it.

Okay. What about my question? Should we allow adding an action mirred
pointing to a netdev in another netns? I think it would make sense in
case we consider movement of mirred device legit.