lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 12 Dec 2012 19:39:57 +0100
From:	Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:	netdev@...r.kernel.org
Cc:	davem@...emloft.net, ebiederm@...ssion.com, aatteka@...ira.com
Subject: Re: [RFC PATCH net-next 0/5] Ease netns management for userland

2012/12/12 Nicolas Dichtel <nicolas.dichtel@...nd.com>:
> The goal of this serie is to ease netns management by daemons. Some systems use
> netns only to virtualize network stack and don't want to multiply userland
> daemons.  These system may have a lot of netns, up to 2000. We don't want to
> launch an instance of each daemons (quagga, strongswan, conntrackd, ...) for
> each netns because it will consume a lot of ressources. Having one daemon that
> manage all netns is more efficient (mainly if there are few objects to manage:
> one or two routes per netns for example).
> Hence, one goal of this serie is to allow, for a daemon, to monitor netns
> activities, thus it can open or close netlink sockets, allocating structures
> needed to manage these netns when they are created or deleted.
> To help to identify a netns, an index has been added to each netns.
>
> A new setsockopt() option is also added, to help daemons to open socket in the
> right netns. For now, a daemon that want to open a socket in a specified netns,
> need to call setns(CLONE_NEWNET) with a fd (not so easy to found), open the
> socket and then call again setns() to go back in the initial netns. Having this
> kind of setsockopt() will simplify operations. Obviously, this setsockopt()
> should be done enough early (is test on sk_state enough?). The first target is
> netlink socket but it can be useful for other kind of socket, it's why a add a
> generic socket option.
>
> As usual, the patch against iproute2 will be sent once the patches are included
> and net-next merged. I can send it on demand.
>
>  arch/alpha/include/asm/socket.h        |   2 +
>  arch/avr32/include/uapi/asm/socket.h   |   2 +
>  arch/frv/include/uapi/asm/socket.h     |   2 +
>  arch/h8300/include/asm/socket.h        |   2 +
>  arch/ia64/include/uapi/asm/socket.h    |   2 +
>  arch/m32r/include/asm/socket.h         |   2 +
>  arch/m68k/include/uapi/asm/socket.h    |   2 +
>  arch/mips/include/uapi/asm/socket.h    |   2 +
>  arch/mn10300/include/uapi/asm/socket.h |   2 +
>  arch/parisc/include/uapi/asm/socket.h  |   2 +
>  arch/powerpc/include/uapi/asm/socket.h |   2 +
>  arch/s390/include/uapi/asm/socket.h    |   2 +
>  arch/sparc/include/uapi/asm/socket.h   |   2 +
>  arch/xtensa/include/uapi/asm/socket.h  |   2 +
>  include/net/net_namespace.h            |   3 +
>  include/uapi/asm-generic/socket.h      |   2 +
>  include/uapi/linux/if_link.h           |   1 +
>  include/uapi/linux/netns.h             |  31 +++++
>  net/core/net_namespace.c               | 223 +++++++++++++++++++++++++++++++++
>  net/core/rtnetlink.c                   |   7 +-
>  net/core/sock.c                        |  28 +++++
>  net/netlink/genetlink.c                |   4 +
>  22 files changed, 326 insertions(+), 1 deletion(-)
>
> I do not pretend to be a netns expert, it's why I add RFC in the title ;-)
>
> Comments are welcome.

Sorry for the double send, it's a wrong manip!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists