lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 3 Mar 2017 17:25:10 +0100
From:   Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:     Jiri Pirko <jiri@...nulli.us>
Cc:     Dan Geist <dan@...ter.net>, Cong Wang <xiyou.wangcong@...il.com>,
        Stephen Hemminger <stephen@...workplumber.org>,
        Linux Kernel Network Developers <netdev@...r.kernel.org>,
        chenweilong@...wei.com, Jiri Pirko <jiri@...lanox.com>
Subject: Re: [Bug 194749] New: kernel bonding does not work in a network
 nameservice in versions above 3.10.0-229.20.1

Le 03/03/2017 à 17:03, Jiri Pirko a écrit :
> Fri, Mar 03, 2017 at 04:19:13PM CET, nicolas.dichtel@...nd.com wrote:
>> Le 02/03/2017 à 21:39, Dan Geist a écrit :
[snip]
>>>> NETIF_F_NETNS_LOCAL was introduced for loopback device which
>>>> is created for each netns, it is not clear why we need to add it to bond
>>>> and bridge...
>>>
>>> Thank you for tracking this down. Without digging through the code to figure it out, does this imply that the existence of a bond interface is not possible AT ALL within a netns or simply that it may not be "migrated" between the global scope and a netns?
>> It means that the migration is not possible. I think the only reason to have
>> this flag on bonding and bridge is the lack of test and fix. There is probably
>> some work to be done to have this feature. But are there real use cases of
>> x-netns bonding or x-netns bridge?
> 
> If that use case exists I believe it is an abuse. Soft devices that are
> by definition in upper-lower relationships with other devices should not
> move to other namespaces. Prevents all kinds of issues. If you need a
> soft device like bridge of bond within a namespace, just create it there.
> 
Note that vlan supports x-netns. And I think that the corresponding use cases
are valid ;-)
But I agree that for bonding and bridge it seems wrong.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ