lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e66fee63-ad27-c5e0-8321-76999e7d82c9@gmail.com>
Date:   Sat, 21 Dec 2019 21:57:35 -0700
From:   David Ahern <dsahern@...il.com>
To:     Jiri Pirko <jiri@...nulli.us>
Cc:     netdev@...r.kernel.org, davem@...emloft.net,
        jakub.kicinski@...ronome.com, saeedm@...lanox.com, leon@...nel.org,
        tariqt@...lanox.com, ayal@...lanox.com, vladbu@...lanox.com,
        michaelgur@...lanox.com, moshe@...lanox.com, mlxsw@...lanox.com
Subject: Re: [patch net-next 0/4] net: allow per-net notifier to follow netdev
 into namespace

On 12/21/19 1:14 AM, Jiri Pirko wrote:
> Fri, Dec 20, 2019 at 07:30:22PM CET, dsahern@...il.com wrote:
>> On 12/20/19 5:35 AM, Jiri Pirko wrote:
>>> However if netdev can change namespace, per-net notifier cannot be used.
>>> Introduce dev_net variant that is basically per-net notifier with an
>>> extension that re-registers the per-net notifier upon netdev namespace
>>> change. Basically the per-net notifier follows the netdev into
>>> namespace.
>>
>> This is getting convoluted.
>>
>> If the driver wants notifications in a new namespace, then it should
>> register for notifiers in the new namespace. The info for
>> NETDEV_UNREGISTER event could indicate the device is getting moved to a
>> new namespace and the driver register for notifications in the new
> 
> Yes, I considered this option. However, that would lead to having a pair
> of notifier block struct for every registration and basically the same
> tracking code would be implemented in every driver.
> 
> That is why i chose this implementation where there is still one
> notifier block structure and the core takes care of the tracking for
> all.
> 

This design has core code only handling half of the problem - automatic
registration in new namespaces for a netdev but not dealing with drivers
receiving notifications in namespaces they no longer care about. If a
driver cares for granularity, it can deal with namespace changes on its
own. If that's too much, use the global registration.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ