lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20121025143811.GH15034@kvack.org>
Date:	Thu, 25 Oct 2012 10:38:11 -0400
From:	Benjamin LaHaise <bcrl@...ck.org>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	rsa <ravi.mlists@...il.com>, netdev@...r.kernel.org
Subject: Re: switching network namespace midway

Hello Eric,

On Wed, Oct 24, 2012 at 06:37:16PM -0700, Eric W. Biederman wrote:
> Yes.  Although L2TP is not an example of code I would copy.  Any other
> tunnel would be better.  I haven't looked closely at L2TP but it keeps
> popping up as a poster child for small little network namespace bugs
> that I don't want to think about.

Agreed.

> Last I looked to use L2TP it required a magic userspace that I couldn't
> find and I haven't cared enough to write.  Ben would you be interested
> in helping flush out the network namespace bugs out of L2TP?

Sure, that I can do.  To be entirely honest, I have not yet tried using 
network namespaces with the in kernel L2TP stack, but rather with the 
Babylon code.  I have, however, put together changes to make the Babylon 
userland code work with the in kernel L2TP over the past couple of months.  
Since the network namespace support is already present in the userland 
code, it shouldn't be too hard to adapt.

>From a quick read of the L2TP over UDP code paths, it looks like things 
should work, as the ingress and egress lookups use the transport socket's 
namespace.  All the reference counting looks a bit heavy handed, though.  
I also wrote a couple of test programs for setting up L2TP sockets and 
devices which may be of use -- see http://www.kvack.org/~bcrl/pppol2tp/ .

		-ben
-- 
"Thought is the essence of where you are now."
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ