From mboxrd@z Thu Jan 1 00:00:00 1970 From: Liran Alon Subject: Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns Date: Tue, 20 Mar 2018 23:12:51 +0200 Message-ID: <5AB17953.5000609@ORACLE.COM> References: <5AB12A0E.2060704@ORACLE.COM> <20180320.120036.1999626754164343704.davem@davemloft.net> <5AB132C5.5010806@ORACLE.COM> <20180320.123401.2138083793709750726.davem@davemloft.net> <5AB13953.3000606@ORACLE.COM> <55538.1521571867@turing-police.cc.vt.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: David Miller , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, idan.brown@ORACLE.COM, yuval.shaia@ORACLE.COM To: valdis.kletnieks@vt.edu Return-path: In-Reply-To: <55538.1521571867@turing-police.cc.vt.edu> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On 20/03/18 20:51, valdis.kletnieks@vt.edu wrote: > On Tue, 20 Mar 2018 18:39:47 +0200, Liran Alon said: >> What is your opinion in regards if it's OK to put the flag enabling this >> "fix" in /proc/sys/net/core? Do you think it's sufficient? > > Umm.. *which* /proc/sys/net/core? These could differ for things that > are in different namespaces. Or are you proposing one systemwide > global value (which also gets "interesting" if it's writable inside a > container and changes the behavior a different container sees...) > I'm indeed proposing an opt-in system-wide global value. I think it is the simplest approach to fix the issue at hand here while maintaining backwards-compatibility. I'm open to suggestions to where that system-wide global value should be. It must be a system-wide global value if we are not going with the per-netdev flag approach as this system-wide global flag should control how a skb is travelled between different netns. So it doesn't belong to any one single netns.