lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 30 Apr 2010 21:42:58 -0400
From:	Oren Laadan <orenl@...columbia.edu>
To:	Daniel Lezcano <daniel.lezcano@...e.fr>
CC:	Dan Smith <danms@...ibm.com>, containers@...ts.osdl.org,
	Vlad Yasevich <vladislav.yasevich@...com>,
	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH] [RFC] C/R: inet4 and inet6 unicast routes (v2)



Daniel Lezcano wrote:
> Dan Smith wrote:
>> This patch adds support for checkpointing and restoring route information.
>> It keeps enough information to restore basic routes at the level of detail
>> of /proc/net/route.  It uses RTNETLINK to extract the information during
>> checkpoint and also to insert it back during restore.  This gives us a
>> nice layer of isolation between us and the various "fib" implementations.
>>
>> Changes in v2:
>>
>> This version of the patch actually moves the current task into the
>> desired network namespace temporarily, for the purposes of examining and
>> restoring the route information.  This is a instead of creating a cross-
>> namespace socket to do the job, as was done in v1.
>>
>> This is just an RFC to see if this is an acceptable method.  For a final
>> version, adding a helper to nsproxy.c would allow us to create a new
>> nsproxy with the desired netns instead of creating one with
>> copy_namespaces() just to kill it off and use the target one.
>>
>> I still think the previous method is cleaner, but this way may violate
>> fewer namespace boundaries (I'm still undecided :)
>>
>> Signed-off-by: Dan Smith <danms@...ibm.com>
>> Cc: David Miller <davem@...emloft.net>
>> Cc: Vlad Yasevich <vladislav.yasevich@...com>
>> Cc: jamal <hadi@...erus.ca>
>> ---
> Hi Dan,
> 
> Eric did a patchset (as Jamal mentioned it) where you can have a process 
> to enter a specific namespace from userspace.
> 
> http://git.kernel.org/?p=linux/kernel/git/ebiederm/linux-2.6.33-nsfd-v5.git;a=commit;h=9c2f86a44d9ca93e78fd8e81a4e2a8c2a4cdb054
> 
> Is it possible to enter the namespace and dump / restore the routes with 
> NETLINK_ROUTE from userspace ? Or is it something not possible ?
> 

I also think that restoring routes from userspace, if feasible,
will be advantageous.

Besides, that will simplify cases in which userspace would like to
restore something different (in terms of routes) than what was
saved in the checkpoint.

So the question is, what would it take ?

Oren.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ