lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 26 May 2015 12:53:11 +0200
From:	Alexander Holler <>
CC:	"Eric W. Biederman" <>,,,
Subject: Re: [PATCH net-next v2 0/7] netns: ease netlink use with a lot of

Am 25.05.2015 um 15:09 schrieb Nicolas Dichtel:
> Le 25/05/2015 12:55, Alexander Holler a écrit :
>> Am 25.05.2015 um 09:45 schrieb Nicolas Dichtel:
>>> Le 22/05/2015 22:50, Alexander Holler a écrit :
>>>> First I think if NETLINK_LISTEN_ALL_NSID is enabled, a dump
>>>> of the interfaces through RTM_GETLINK together with NLM_F_DUMP and
>>>> NLM_F_REQUEST should return all interfaces of all reachable namespaces.
>>> This option is only for 'listening', ie spontaneous notifications
>>> from the
>>> kernel. It does nothing for request.
>> The problem is that you need informations about the affected
>> interfaces. E.g. if
>> you receive an NEWADDR or NEWROUTE for some interface (indicated by
>> the index of
>> the interface) in a(nother) namespace, how do you get informations
>> about that
>> interface, if not by a dump which includes the interfaces of these
>> namespaces
>> too? Without knowledge about the interface, these messages are not
>> very usable. ;)
> Yes, this is the right things.
> Usually, a daemon opens a socket to listen netlink event. Then, it opens
> another netlink socket to dump the configuration (interfaces, addresses,
> routes, etc.) and fill its internal structures. Starting from that
> point, for
> most of configuration parameters, it doesn't need anymore to do dumps
> and thus
> it can close the second socket. This allows your daemon to have only one
> socket
> to monitor a set a netns.
> Look at iproute for example, it starts by dumping all interfaces before
> executing the specified command.

Hmm, sounds like we're talking in different rooms about the same thing 
in regard to the dump. ;)

I just wanted to explain why I think this series misses the (extended) 
dump which includes all interfaces (those of other namespaces too).

How does one use NETLINK_LISTEN_ALL_NSID without beeing able to dump all 
the interfaces of namespaces your patch series might send messages for?

The only way I currently see, is to start the listening part before any 
namespace is created. Doing so, it can fill it's internal structures 
with the RTM_NEWLINK messages (besides that missing one for lo). But how 
do you get these RTM_NEWLINK messages for already created namespaces and 
their interfaces, if not by a dump?


Alexander Holler

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists