[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <56C5DD6C.1050504@kyup.com>
Date: Thu, 18 Feb 2016 17:04:12 +0200
From: Nikolay Borisov <kernel@...p.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH 0/4] Namespacify inet_peer_* sysctl knobs
On 02/17/2016 09:15 PM, Eric W. Biederman wrote:
> Nikolay Borisov <kernel@...p.com> writes:
>
>> This series make the inet_peer ttl sysctls to be namespace aware.
>>
>> Patch 1 adds a namespace association to the inet_peer_base struct,
>> which in turn is used to make the sysctls namespace aware. The
>> rest of the patches are straightforward.
>
> At a quick skim I am not certain I am comfortable with this change.
>
> The issue is that these are not packet parameters you are tuning but
> lifetimes for data structures.
Right, I though the inet peer expiration might have repercussion on the
way the networking stack worked. But apparently that's not case.
>
> Generally there are challenges making this kind of thing per namespace
> because resource control can lead to DOS attack from one namespace
> being able to arbitrarly control it's own resource consumption.
>
> Is this something that is actually worth making per namespace?
I guess the series can be dropped if it's deemed unnecessary.
>
> Eric
>
>> Nikolay Borisov (4):
>> inetpeer: Add net namespace assosication in inet_peer_base
>> inetpeer: Namespacify inet_peer_maxttl sysctl knob
>> inetpeer: Namespacify inet_peer_minttl sysctl knob
>> inetpeer: Namespacify inet_peer_threshold sysctl knob
>>
>> include/net/inetpeer.h | 1 +
>> include/net/ip.h | 5 -----
>> include/net/netns/ipv4.h | 4 ++++
>> net/ipv4/inetpeer.c | 15 ++++++---------
>> net/ipv4/route.c | 1 +
>> net/ipv4/sysctl_net_ipv4.c | 47 ++++++++++++++++++++++++----------------------
>> 6 files changed, 37 insertions(+), 36 deletions(-)
Powered by blists - more mailing lists