lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 14 May 2014 10:23:13 +0200
From:	Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:	Stephen Hemminger <stephen@...workplumber.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>
CC:	netdev@...r.kernel.org
Subject: Re: Problem with iflink in netns

Le 13/05/2014 17:39, Stephen Hemminger a écrit :
> There have been a couple of bugzilla reports already about cases where a macvlan
> or vlan is moved into another namespace. In these cases the parent device ifindex (iflink)
> is no longer valid.
>
>
> Normally it is not a big issue, until another device is created using the ifindex
> of the parent
>
> Does anyone have a suggested fix? Marking iflink as 0 won't work then the devices no
> longer appear as slaves. Another possibility would be to make block creation of device
> where ifindex matches existing iflink of other devices; but this would slow down device
> creation.
The problem is that we to add an information about the netns where the ifindex
stands, we can currently use only a pid or a file descriptor, hence it's not
possible to broadcast this information. The advantage of the file descriptor is
that it's a local id not a global one.

On idea I'm thinking is that each netns manages its own set of UID for peer
netns, this means that these UID will be valid only in a spcecified netns.
We may add a netlink message to help the user to associate an UID with a file
descriptor/pid (he gives the file descriptor/pid and the kernel returns the
UID).
These UID may be generated only the user requests them or when the kernel sends
an information about a peer netns.
These UID will be provided in existing netlink message in a separate netlink
attribute.

If the idea is ok, I can help to work on this topic.


Regards,
Nicolas
>
>
> The bugs come in as ip command bugs, but obviously the issue is in the kernel.
>
> https://bugzilla.kernel.org/show_bug.cgi?id=66691
> https://bugzilla.kernel.org/show_bug.cgi?id=75911
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ