lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d1bb3c4d-3afa-c153-30f0-462060903e86@6wind.com>
Date:   Fri, 14 Dec 2018 18:30:32 +0100
From:   Nicolas Dichtel <nicolas.dichtel@...nd.com>
To:     Jean Delvare <jdelvare@...e.de>, netdev@...r.kernel.org
Subject: Re: Identifying a network namespace

Le 14/12/2018 à 12:19, Jean Delvare a écrit :
> Hi all,
> 
> The question: is there any way to uniquely identify a network namespace
> in the kernel?
> 
> The context: for debugging purposes, I need to log information about
> network devices. netdev_info() uses the device name to identify the
> device, however there can be several devices by that name in different
> namespaces. To know which device the message relates to, I would need
> to know the namespace in addition to the device name. For all I know,
> the namespace's name is a user-space thing and the kernel has no idea.
> But I would at least need some kind of unique identifier to group log
> message by device.
> 
> So far I'm using the struct address returned by dev_net() as the unique
> ID, but leaking kernel addresses to userspace is not recommended. So I
> am wondering, is there another recommended way to uniquely identify a
> network namespace in a log message?
You can use nsid, which are also used in netlink messages sent by the kernel.

$ ip netns
$ ip netns add foo
$ ip netns add bar
$ ip netns set foo auto
$ ip netns set bar 1234
$ ip netns
bar (id: 1234)
foo (id: 0)
$ ip link add veth1 type veth peer name veth2
$ ip link set veth2 netns bar
$ ip -d l ls veth1
9: veth1@if8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
group default qlen 1000
    link/ether 22:41:5b:e4:af:b5 brd ff:ff:ff:ff:ff:ff link-netns bar
promiscuity 0 minmtu 68 maxmtu 65535
    veth addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536
gso_max_segs 65535

iproute2 get the link-netns name via the nsid sent by the kernel ('link-netns bar').

Note that nsid are local to one netns, there are not global (ie the same netns
can have a different nsid in each netns):

$ ip -n bar netns set foo 456
$ ip -n bar netns
bar
foo (id: 456)
$ ip -n foo netns
bar
foo
$ ip netns
bar (id: 1234)
foo (id: 0)

Regards,
Nicolas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ