lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080913104515.GA7440@x200.localdomain>
Date:	Sat, 13 Sep 2008 14:45:15 +0400
From:	Alexey Dobriyan <adobriyan@...il.com>
To:	Patrick McHardy <kaber@...sh.net>
Cc:	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
	containers@...ts.linux-foundation.org
Subject: Re: [PATCH 17/33] netns ct: final init_net tweaks

On Tue, Sep 09, 2008 at 09:51:56AM +0200, Patrick McHardy wrote:
> Alexey Dobriyan wrote:
>> On Tue, Sep 09, 2008 at 09:20:42AM +0200, Patrick McHardy wrote:
>>> Having multiple of these net_eq checks per function (14 total) is
>>> not a very nice way to do this.
>>
>> Yep, I was just afraid of some subtle ordering rules and to keep
>> potential init_net breakage to minimum.
>
> Me too, but I still prefer to do it properly once.
>
>>> How about splitting the code into a netns and a global part instead?
>>
>> Prebably they aren't strict at all.
>
> Not particulary. For cleanup a three stage approach with
>
> 1. init_net deactivation (ip_ct_attach = NULL)
> 2. generic netns cleanup
> 3. init_net specific final cleanup (slab cache, nf_conntrack_cachep,
>    accounting, helpers, protocols, ...)
>
> should work fine.
>
> The initialization should be OK with just a init_net part
> and a generic netns part.

Ugh, I'm still finding the least ugly way to put init_net checks, and
it's better to do it at the very end.

So, slight reordering.

See per-netns statistics, nf_conntrack_count, nf_conntrack_checksum,
nf_conntrack_log_invalid and accounting.

The rest (SIP, H323, GRE, PPTP, per-netns NAT) remains the same and can
be applied independently of init_net checks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ