| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Dec 2007 10:44:53 -0800 From: Ben Greear <greearb@...delatech.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> CC: Daniel Lezcano <daniel.lezcano@...e.fr>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, containers@...ts.osdl.org, Mark Lord <lkml@....ca>, Stephen Hemminger <shemminger@...ux-foundation.org>, David Miller <davem@...emloft.net> Subject: Re: namespace support requires network modules to say "GPL" Eric W. Biederman wrote: > However there also seem to be simpler cases like Ben's bridge module, > that don't appear to have any global state. > Well, my module has some global state, but I don't think it needs to care about namespaces. My first impression is that my module should be able to bridge namespaces...not be contained within one. I can have user-space make sure that I don't bridge between devices in different name-spaces, or perhaps bridging between namespaces wouldn't be a problem anyway. If I *do* need to add some sort of namespace awareness to just achieve today's functionality, I don't mind making the changes, so long as I don't need to change to GPL licensing. Perhaps at the least you can export enough symbols w/out GPL tag to achieve backwards compat with .23 and previous kernels, or rework dev_get_by_* etc to not need GPL'd namespace symbols and just return the device in the default namespace? > Ben I don't have a clue how your user space interface works. My gut > feel is that you can likely use sk->sk_net (if your configuration is > through a socket), or failing that current->nsproxy->net_ns. To get > the network namespace to look up "eth0" and "eth1". > Currently I use procfs and ioctls bound to a procfs file descriptor. For namespaces in general, will there be a way to just do a dev_get_by_* and find the device in *any* namespace and query the device to see what namespace it is in? Then my module or some other more clever piece of code can determine the namespaces (by comparing pointers if nothing else) and make proper decision. For instance, maybe we want to bridge two namespaces, or maybe we want to forbid that ever happening... > This however still begs the question how do we want to handle this > so there is a minimum of pain. > > Since using register_pernet_subsys implies you need your own member > in struct net. I am inclined to leave that with the GPL hint on > the EXPORT as you need to be really tight with the system to use that. > I certainly don't want to have to muck with struct net unless you have some way to register anonymous (and non GPL) subsystems. I'm guessing you do not want to support that.... Thanks, Ben -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists