lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <485F7FBC.9040302@trash.net>
Date:	Mon, 23 Jun 2008 12:49:32 +0200
From:	Patrick McHardy <kaber@...sh.net>
To:	Alexey Dobriyan <adobriyan@...il.com>
CC:	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
	den@...nvz.org, xemul@...nvz.org, ebiederm@...ssion.com,
	benjamin.thery@...l.net, dlezcano@...ibm.com
Subject: Re: [PATCH 12/25] netns ct: actualy enable in netns

Alexey Dobriyan wrote:
> Known to not work/broken:
> 1) event cache -- double free if netns flushes event cache, not netns-ready,
>    haven't looked into this.

The event cache also needs to be per namespace, its not allowed to
be flushed it while connection tracking is still active.

> 2) NOTRACK -- amazing circular dependencies and compile breakages if nf_conn
>    is embedded into netns_ct.
> 
>    This is easy excuse, real excuse is from where to grab netns that early.
>    and since we wait until untracked refcount drops to zero it should be per-netns
>    otherwise one netns which uses NOTRACK can prevent other from stopping.

Yes. For untracked connections we usually return before doing
any real work, so maybe you don't need a valid netns pointer
for the untrack conntrack entry?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ