lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 11 Sep 2008 12:59:30 -0700
From:	David Stevens <dlstevens@...ibm.com>
To:	Daniel Lezcano <dlezcano@...ibm.com>
Cc:	Alexey Dobriyan <adobriyan@...il.com>,
	containers@...ts.linux-foundation.org, davem@...emloft.net,
	netdev@...r.kernel.org, netdev-owner@...r.kernel.org
Subject: Re: [PATCH] igmp: make /proc/net/{igmp,mcfilter} per netns

Daniel,
        Thanks for the detailed response.

        As long as you have distinct link-local addresses for
each advertiser, I don't see any protocol violations here.

        I don't believe it's all that difficult to do-- the main
thing is simply to push container joins down to the physical
device-- basically don't do any IGMP or MLD processing
in the virtual layer and just pass all that to the device. This
is essentially what is done  already to get multiple sockets
with distinct joins and filter sets boiled down to the right set
of listens to satisfy everything requested.
        Because the link-local addresses are distinct in v6,
it'll work for now, but be a little harder to do there than blindly
passing all advertisements to the device. Instead, you'd want
a shim layer at the device to intercept them and translate them
into joins for the physcal device, which would itself generate
the advertisements.
        Either way you'd want to demultiplex inbound to the
right container.
        I'm interested in looking at this, but I don't own my
time. Feel free to contact me when  you get started and I can
at least review, if not contribute on it.

        I suppose I won't lose sleep at night over it, but
it does mean use of multicasting in containers won't scale
very well until it's addressed.

                                        +-DLS

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ