| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Oct 2021 23:02:17 +0300
From: Sergey Ryazanov <ryazanov.s.a@...il.com>
To: Sargun Dhillon <sargun@...gun.me>
Cc: LKML <linux-kernel@...r.kernel.org>,
netdev <netdev@...r.kernel.org>,
Christian Brauner <christian.brauner@...ntu.com>
Subject: Re: Retrieving the network namespace of a socket
On Wed, Oct 20, 2021 at 7:34 PM Sargun Dhillon <sargun@...gun.me> wrote:
> On Wed, Oct 20, 2021 at 05:03:56PM +0300, Sergey Ryazanov wrote:
>> On Wed, Oct 20, 2021 at 12:57 PM Sargun Dhillon <sargun@...gun.me> wrote:
>>> I'm working on a problem where I need to determine which network namespace a
>>> given socket is in. I can currently bruteforce this by using INET_DIAG, and
>>> enumerating namespaces and working backwards.
>>
>> Namespace is not a per-socket, but a per-process attribute. So each
>> socket of a process belongs to the same namespace.
>>
> > Could you elaborate what kind of problem you are trying to solve?
>> Maybe there is a more simple solution. for it.
>
> That's not entirely true. See the folowing code:
>
> int main() {
> int fd1, fd2;
> fd1 = socket(AF_INET, SOCK_STREAM, 0);
> assert(fd1 >= 0);
> assert(unshare(CLONE_NEWNET) == 0);
> fd2 = socket(AF_INET, SOCK_STREAM, 0);
> assert(fd2 >= 0);
> }
>
> fd1 and fd2 have different sock_net.
Ouch, I totally missed this case. Thank you for reminding me.
--
Sergey
Powered by blists - more mailing lists