lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 18 Jun 2009 14:35:43 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	linux-wireless <linux-wireless@...r.kernel.org>
Cc:	Netdev <netdev@...r.kernel.org>
Subject: wireless netns work

Hi,

You've all seen the netns patches fly by -- time to explain what I'm
doing maybe?

First, I've not copied all patches to both lists, please look at
http://johannes.sipsolutions.net/patches/kernel/all/LATEST/ for all the
patches with netns in their name, as there are:

## netns work [sent]
006-wext-netns.patch
007-netns-rcu.patch
008-genl-netns.patch
009-mac80211-netns.patch
010-netns-export-get-by-pid.patch

## netns work [rfc]
011-cfg80211-netns.patch

## play together
012-mac80211-allow-netns.patch

## HACK HACK HACK
013-mac80211-no-netdev-dev.patch


Also, to play with it you will need the netns branch of iw, which has
this simple commit:
http://git.sipsolutions.net/gitweb.cgi?p=iw.git;a=commitdiff;h=518d4092312a8b02bdb49163ae403de7abc9bdee

Also grab ns_exec and compile it:
http://johannes.sipsolutions.net/files/ns_exec.c.txt

Now compile your kernel with all the above patches (including the HACK
one) and let's play:

# modprobe mac80211_hsim

open a new terminal, and in it do
# ns_exec -c -n /bin/bash
and note the PID. In the new shell, also do
# ip link set lo up

Then in the old terminal, do
# iw phy#0 set netns PID-from-above

You'll get a sysfs complaint. Now, in the old terminal:
# ip addr add 192.168.12.1/24 dev wlan1
and in the new netns terminal:
# ip addr add 192.168.12.2/24 dev wlan0

Now you can run hostapd on one of them and connect to the other. This
bit works fine. Once the link is established, you _should_ also be able
to ping between the two, but that doesn't work.

Oddly, the link works unidirectionally in both directions, if I ping
from either side tcpdump shows the echo requests on the other side, but
no echo reply is being generated. Still investigating why this is, since
it works fine with veth. Ideas why this is broken would be
appreciated :)

(and to play with veth, do
# ip link add type veth
# ip link set veth0 netns <PID>
# ip addr add ...
)

johannes

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ