lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 23 Oct 2008 00:14:19 -0400
From:	"Kyle Moffett" <kyle@...fetthome.net>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	"Stephen Hemminger" <shemminger@...tta.com>,
	"Serge E. Hallyn" <serue@...ibm.com>,
	"Benjamin Thery" <benjamin.thery@...l.net>,
	netdev <netdev@...r.kernel.org>,
	"Dave Miller" <davem@...emloft.net>,
	"Greg Kroah-Hartman" <gregkh@...e.de>,
	"Al Viro" <viro@....linux.org.uk>,
	"Daniel Lezcano" <dlezcano@...ibm.com>,
	linux-kernel@...r.kernel.org, "Tejun Heo" <htejun@...il.com>,
	"Denis Lunev" <den@...nvz.org>,
	"Linux Containers" <containers@...ts.linux-foundation.org>
Subject: Re: [PATCH 0/4][RFC] netns: sysfs: add a netns suffix to net device sysfs entries

On Wed, Oct 22, 2008 at 6:54 PM, Eric W. Biederman
<ebiederm@...ssion.com> wrote:
> Stephen Hemminger <shemminger@...tta.com> writes:
>>> The well-known user space tools don't use /sys at all.  Modern
>>> network tools use rtnetlink (ip) old network tools use /proc/net.
>>>
>>> Very few things actually use /sys and for those things lo@1 or
>>> eth0@1 are completely useless except for implementing a FUSE
>>> mock up of sysfs.  But you don't need anything in sysfs to do
>>> that as all of the interesting information is available through
>>> /proc/net or rtnetlink.
>>
>> Lots of scripts are starting use /sys for things. It is easier to
>> parse /sys/class/net than the output of ifconfig or ip
>
> Yes.  So we need the correct values in /sys/class/net.
>
> Which is why sysfs and network namespaces do not coexist currently.

I definitely agree that "eth0@1" is a bad ide. I know for sure that a
relatively large number of system init scripts poke about in
/sys/class/net/$IFACE, as well as a number of the system installation
scripts.  Those scripts include some that my company has written for
internal use and others supplied by distributions.

Daemons and such mostly use netlink, but for anything written in shell
it's much easier to do things like this:

for devpath in /sys/class/net/*; do
    dev="${dev##/sys/class/net/}"
    case "${dev}" in
        [....]
    esac
    if [ "x${mac}" = "x$(cat ${devpath}/address)" ]; then
        echo "Found MAC '${mac}': ${dev}"
    fi
done

If I wanted to perform similar things with the output of ifconfig, it
would involve some much more fragile manual text parsing of the output
of the "ip" or "ifconfig" commands.  And sometimes the "ifconfig"
command is outright wrong.  If you have an interface name longer than
7 characters or so then some versions of ifconfig will truncate it
internally and display garbage.

While the "show only the root namespace" interim solution is
problematic for processes in network namespaces, I think it's more
important not to break things for admin tools in the root namespace.

Cheers,
Kyle Moffett
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ