lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20071205.021318.144125922.davem@davemloft.net>
Date:	Wed, 05 Dec 2007 02:13:18 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	den@...nvz.org
Cc:	devel@...nvz.org, netdev@...r.kernel.org, containers@...ts.osdl.org
Subject: Re: [PATCH 1/4] netns: Tag the network flow with the network
 namespace it is in (v2)

From: "Denis V. Lunev" <den@...nvz.org>
Date: Tue, 4 Dec 2007 12:53:33 +0300

> As well as marking flows this indirectly marks the ipv4 routing cache
> as every routing entry contains a flow.
> 
> It is useful to add the network namespace into flows as frequently
> the routing information for ingoing and outgoing network packets is
> collected into a flow structure which is then used for several functions
> as it sorts out what is going on.
> 
> Changes from v1:
> - remove flow.h dependency from net_namespace.h
> 
> Signed-off-by: Denis V. Lunev <den@...nvz.org>
> Signed-off-by: Eric W. Biederman <ebiederm@...ssion.com>

Hmmm, actually I change my mind.

> @@ -10,7 +10,9 @@
>  #include <linux/in6.h>
>  #include <asm/atomic.h>
>  
> +struct net;
>  struct flowi {
> +	struct net *fl_net;
>  	int	oif;
>  	int	iif;
>  	__u32	mark;

I'm not applying this, it's going to have a negative impact on routing
performance.

It also changes the semantics of the flowi object in a way I very
much dislike, in that there is now non-clobberable state in there.

Previously only addressing identifying objects were present in the
flow, you could use it any context, and there were no pointer
dereferencing or object references from this thing.  It was very
simple.

That is no longer the case after your patch and I don't want us
to go down this path.

Please find another way to implement this.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ