lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241107200410.4126cf52@kernel.org>
Date: Thu, 7 Nov 2024 20:04:10 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Xiao Liang <shaw.leon@...il.com>
Cc: Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org,
 linux-kselftest@...r.kernel.org, Kuniyuki Iwashima <kuniyu@...zon.com>,
 "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>,
 Paolo Abeni <pabeni@...hat.com>, Ido Schimmel <idosch@...dia.com>, Andrew
 Lunn <andrew+netdev@...n.ch>, Simon Horman <horms@...nel.org>, Donald
 Hunter <donald.hunter@...il.com>, Shuah Khan <shuah@...nel.org>, Jiri Pirko
 <jiri@...nulli.us>, Hangbin Liu <liuhangbin@...il.com>
Subject: Re: [PATCH net-next v2 5/8] net: ip_gre: Add netns_atomic module
 parameter

On Fri, 8 Nov 2024 00:53:55 +0800 Xiao Liang wrote:
> > > It is to control driver behavior at rtnl_ops registration time. I
> > > think rtnetlink
> > > attributes are too late for that, maybe? Can't think of a way other than
> > > module parameters or register separate ops. Any suggestions?  
> >
> > Step back from the implementation you have a little, forget that there
> > is a boolean in rtnl_link_ops. User makes a request to spawn an
> > interface, surely a flag inside that request can dictate how the netns
> > attrs are interpreted.  
> 
> IMO, this is about driver capability, not about user requests.

The bit is a driver capability, that's fine. But the question was how
to achieve backward compatibility. A flag in user request shifts the
responsibility of ensuring all services are compatible to whoever
spawns the interfaces. Which will probably be some network management
daemon.

> As you've pointed out earlier, probably no one would actually want
> the old behavior whenever the driver supports the new one.
> I added the module parameter just for compatibility, because ip_tunnels
> was not implemented to support src_net properly.

And I maintain that it's very unlikely anyone cares about old behavior.
So maybe as a starting point we can have neither the flag nor the
module param? We can add them later if someone screams.

> Yes it's possible to add an extra flag in user request, but I don't
> think it's a good approach.

There are two maintainers with opposing intuition so more data may be
needed to convince..

> BTW, I didn't find what's going on with module parameters, is there
> any documentation?

Not sure if there is documentation, but module params are quite painful
to work with. Main reason is that they are global and not namespace
aware. Plus developers usually default to making them read only, which
means they practically speaking have to be configured at boot.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ