lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <878tp6al2z.fsf@xmission.com>
Date:   Thu, 16 Feb 2017 16:08:52 +1300
From:   ebiederm@...ssion.com (Eric W. Biederman)
To:     David Ahern <dsa@...ulusnetworks.com>
Cc:     Alexei Starovoitov <ast@...com>,
        "David S . Miller" <davem@...emloft.net>,
        Daniel Borkmann <daniel@...earbox.net>,
        Tejun Heo <tj@...nel.org>,
        Andy Lutomirski <luto@...capital.net>, netdev@...r.kernel.org
Subject: Re: [PATCH v4 net] bpf: add bpf_sk_netns_id() helper

David Ahern <dsa@...ulusnetworks.com> writes:

> On 2/14/17 12:21 AM, Eric W. Biederman wrote:
>>> in cases where bpf programs are looking at sockets and packets
>>> that belong to different netns, it could be useful to get an id
>>> that uniquely identify a netns within the whole system.
>> It could be useful but there is no unique namespace id.
>> 
>
> Have you given thought to a unique namespace id? Networking tracepoints
> for example could really benefit from a unique id.

An id from the perspective of a process in the initial instance of every
namespace is certainly possible.

A truly unique id is just not maintainable.  Think of the question how
do you assign every device in the world a rguaranteed unique ip address
without coordination, that is routable.  It is essentially the same
problem.

AKA it is theoretically possible and very expensive.  It is much easier
and much more maintainable for identifiers to have scope and only be
unique within that scope.

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ