| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <52f84baf-8027-d01f-8ece-db4f39a2f76f@6wind.com> Date: Mon, 2 Oct 2017 14:06:59 +0200 From: Nicolas Dichtel <nicolas.dichtel@...nd.com> To: "Jason A. Donenfeld" <Jason@...c4.com> Cc: Netdev <netdev@...r.kernel.org>, Mathias <mathias@...l-andersen.dk> Subject: Re: cross namespace interface notification for tun devices Le 02/10/2017 à 13:11, Jason A. Donenfeld a écrit : > On Mon, Oct 2, 2017 at 11:32 AM, Nicolas Dichtel > <nicolas.dichtel@...nd.com> wrote: >> 1. Move the process to netns B, open the netlink socket and move back the >> process to netns A. The socket will remain in netns B and you will receive all >> netlink messages related to netns B. >> >> 2. Assign a nsid to netns B in netns A and use NETLINK_LISTEN_ALL_NSID on your >> netlink socket (see iproute2). > > Both of these seem to rely on the process knowing where the device is > being moved and having access to that namespace. I don't think these > two things are a given though. Unless I'm missing something? I didn't understand correctly. Your control process cannot monitor or control an interface which is in a unkown/hidden netns. But x-netns interfaces are special. We already add a way to identify peer netns for this kind of interfaces. If an handler get_link_net was added to the rtnl_link_ops of the tun driver, it will help to identify netns A when you are in netns B. But you need the opposite. I already try a patch to advertise via netlink the dst netns when an interface moves to a new netns. I think that it is valid for x-netns interfaces. As soon as you can identify the dst netns, your problem is solved, right? Nicolas
Powered by blists - more mailing lists