lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0c540a69-f7a4-dc71-c540-6e0785b2b5c9@kernel.org>
Date:   Thu, 25 Aug 2022 08:27:04 -0700
From:   David Ahern <dsahern@...nel.org>
To:     cgel.zte@...il.com, davem@...emloft.net, kuba@...nel.org,
        yoshfuji@...ux-ipv6.org
Cc:     netdev@...r.kernel.org, linl@...r.kernel.org, xu.xin16@....com.cn
Subject: Re: [PATCH v2 0/3] Namespaceify two sysctls related with route

On 8/23/22 7:00 PM, cgel.zte@...il.com wrote:
> From: xu xin <xu.xin16@....com.cn>
> 
> With the rise of cloud native, more and more container applications are
> deployed. The network namespace is one of the foundations of the container.
> The sysctls of error_cost and error_burst are important knobs to control
> the sending frequency of ICMP_DEST_UNREACH packet for ipv4. When different
> containers has requirements on the tuning of error_cost and error_burst,
> for host's security, the sysctls should exist per network namespace.
> 
> Different netns has different requirements on the setting of error_cost
> and error_burst, which are related with limiting the frequency of sending
> ICMP_DEST_UNREACH packets. Enable them to be configured per netns.
> 
> 

you did not respond to the IPv6 question Jakub asked.

I think it is legacy for IPv4 since it pre-dates the move to git and
just never added to IPv6. But, if it is important enough for this to
move to per container then it should be important enough to add for IPv6
too.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ