lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <52CA8026.4010106@huawei.com>
Date:	Mon, 6 Jan 2014 18:06:30 +0800
From:	Libo Chen <clbchenlibo.chen@...wei.com>
To:	Gao feng <gaofeng@...fujitsu.com>,
	Cong Wang <xiyou.wangcong@...il.com>
CC:	David Miller <davem@...emloft.net>,
	Jamal Hadi Salim <jhs@...atatu.com>,
	Li Zefan <lizefan@...wei.com>,
	Eric Dumazet <edumazet@...gle.com>, <pshelar@...ira.com>,
	<jasowang@...hat.com>, Simon Horman <horms@...ge.net.au>,
	Serge Hallyn <serge.hallyn@...ntu.com>,
	"Linux Kernel Network Developers" <netdev@...r.kernel.org>,
	<cgroups@...r.kernel.org>, <containers@...ts.linux-foundation.org>,
	Patrick McHardy <kaber@...sh.net>, <xemul@...nvz.org>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH net-next 0/4] net_cls for sys container




yes
On 2014/1/6 16:42, Gao feng wrote:
> On 01/06/2014 03:54 PM, Libo Chen wrote:
>> On 2014/1/3 13:20, Cong Wang wrote:
>>> On Thu, Jan 2, 2014 at 7:11 PM, Libo Chen <clbchenlibo.chen@...wei.com> wrote:
>>>> Hi guys,
>>>>
>>>> Now, lxc created with veth can not be under control by
>>>> cls_cgroup.
>>>>
>>>> the former discussion:
>>>> http://lkml.indiana.edu/hypermail/linux/kernel/1312.1/00214.html
>>>>
>>>> In short, because cls_cgroup relys classid attached to sock
>>>> filter skb, but sock will be cleared inside dev_forward_skb()
>>>> in veth_xmit().
>>>
>>>
>>> So what are you trying to achieve here?
>>
>> sys container using veth can be controlled by cls_cgroup basing on physic network interface
>>
> 
> It's a problem about virtual nic, not container/net namespace.

yes

> 
> If veth device is running in host. the skb is transmitted firstly by veth device and then delivered
> by physical device. if you set both qdisc rule on veth and physical device. which qdisc rule will take
> effect?

both, the end result depends on a smaller.

> 
> In your patch, both qdisc rule are effective. it looks strange.
> 

qdisc is based nic, does not distinguish virtual or physics. if you are all set,
it means that what you want.  so the logic is not the problemI and this appears to be normal.


thanks,
Libo

> .
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ