From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joe Stringer Subject: Re: netns_id in bpf_sk_lookup_{tcp,udp} Date: Mon, 19 Nov 2018 12:54:42 -0800 Message-ID: References: <15bf5496-523f-564f-443e-f3262bb9e668@gmail.com> <90ae2d6b-049a-90a2-05e5-66700e885b39@gmail.com> <55816e4b-1a00-a1f3-6514-f755b992a049@6wind.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT Cc: David Ahern , Joe Stringer , netdev , daniel@iogearbox.net To: nicolas.dichtel@6wind.com Return-path: Received: from mail-io1-f65.google.com ([209.85.166.65]:38444 "EHLO mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730839AbeKTHUT (ORCPT ); Tue, 20 Nov 2018 02:20:19 -0500 Received: by mail-io1-f65.google.com with SMTP id e9-v6so7980374iob.5 for ; Mon, 19 Nov 2018 12:54:55 -0800 (PST) In-Reply-To: <55816e4b-1a00-a1f3-6514-f755b992a049@6wind.com> Sender: netdev-owner@vger.kernel.org List-ID: On Mon, 19 Nov 2018 at 12:29, Nicolas Dichtel wrote: > > Le 19/11/2018 à 20:54, David Ahern a écrit : > > On 11/19/18 12:47 PM, Joe Stringer wrote: > >> On Mon, 19 Nov 2018 at 10:39, David Ahern wrote: > >>> > >>> On 11/19/18 11:36 AM, Joe Stringer wrote: > >>>> Hi David, thanks for pointing this out. > >>>> > >>>> This is more of an oversight through iterations, the runtime lookup > >>>> will fail to find a socket if the netns value is greater than the > >>>> range of a uint32 so I think it would actually make more sense to drop > >>>> the parameter size to u32 rather than u64 so that this would be > >>>> validated at load time rather than silently returning NULL because of > >>>> a bad parameter. > >>> > >>> ok. I was wondering if it was a u64 to handle nsid of 0 which as I > >>> understand it is a legal nsid. If you drop to u32, how do you know when > >>> nsid has been set? > >> > >> I was operating under the assumption that 0 represents the root netns > >> id, and cannot be assigned to another non-root netns. > >> > >> Looking at __peernet2id_alloc(), it seems to me like it attempts to > >> find a netns and if it cannot find one, returns 0, which then leads to > >> a scroll over the idr starting from 0 to INT_MAX to find a legitimate > >> id for the netns, so I think this is a fair assumption? > The NET_ID_ZERO trick is used to manage nsid 0 in net_eq_idr() (idr_for_each() > stops when the callback returns != 0). > > >> > > > > Maybe Nicolas can give a definitive answer; as I recall he added the > > NSID option. I have not had time to walk the code. But I do recall > > seeing an id of 0. e.g, on my dev box: > > $ ip netns > > vms (id: 0) > > > > And include/uapi/linux/net_namespace.h shows -1 as not assigned. > Yes, 0 is a valid value and can be assigned to any netns. > nsid are signed 32 bit values. Note that -1 (NETNSA_NSID_NOT_ASSIGNED) is used > by the kernel to express that the nsid is not assigned. It can also be used by > the user to let the kernel chooses a nsid. > > $ ip netns add foo > $ ip netns add bar > $ ip netns > bar > foo > $ ip netns set foo 0 > $ ip netns set bar auto > $ ip netns > bar (id: 1) > foo (id: 0) OK, I'll fix this up then.