lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5489D56E.4010505@gmail.com>
Date:	Thu, 11 Dec 2014 15:33:34 -0200
From:	Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:	vadim4j@...il.com, Jiri Benc <jbenc@...hat.com>
CC:	netdev@...r.kernel.org
Subject: Re: [PATCH iproute2] ip: Simplify executing ip cmd within namespace

On 11-12-2014 14:33, vadim4j@...il.com wrote:
> On Thu, Dec 11, 2014 at 05:09:28PM +0100, Jiri Benc wrote:
>> On Thu, 11 Dec 2014 00:56:35 +0200, Vadim Kochan wrote:
>>> From: Vadim Kochan <vadim4j@...il.com>
>>>
>>> Added new '-ns' option to simplify executing following cmd:
>>>
>>>      ip netns exec NETNS ip OPTIONS COMMAND OBJECT
>>>
>>>      to
>>>
>>>      ip -ns NETNS OPTIONS COMMAND OBJECT
>>>
>>> e.g.:
>>>
>>>      ip -ns vnet0 link add br0 type bridge
>>
>> This is great! It's a thing that has been bothering me for long time
>> but never got high enough on my todo list. Thanks for working on this.
>>
>> However,
>>
>>> --- a/ip/ip.c
>>> +++ b/ip/ip.c
>>> @@ -262,6 +262,12 @@ int main(int argc, char **argv)
>>>   			rcvbuf = size;
>>>   		} else if (matches(opt, "-help") == 0) {
>>>   			usage();
>>> +		} else if (matches(opt, "-ns") == 0) {
>>> +			argc--;
>>> +			argv++;
>>> +			argv[0] = argv[1];
>>> +			argv[1] = basename;
>>> +			return netns_exec(argc, argv);
>>
>> I very much dislike this. There's no reason to exec another ip binary.
>> The main reason I wanted the -n (or whatever) option was to speed up
>> execution of test scripts in environments with hundreds of interfaces
>> in different net namespaces.
>>
>> Please just change to the specified netns and continue with interpreting
>> of the rest of the command line, there's absolutely no reason for doing
>> the exec.
> Yes, I will follow that way.

In that case, it would be interesting to also accelerate the original use 
case, no? So all usages we currently have will benefit from this speed up 
without a change.

if (command to be executed == myself)
   switch namespace, continue without fork/exec..

I'm not sure if this is feasible, though. Just sharing the idea, didn't even 
open the code..

   Marcelo

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ