From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
To: Flavio Leitner <fbl@sysclose.org>
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: Re: [PATCH net] netlink: don't send unknown nsid
Date: Thu, 8 Jun 2017 10:31:53 +0200 [thread overview]
Message-ID: <057303a1-5d27-1b24-c8b0-d3cf46b14825@6wind.com> (raw)
In-Reply-To: <20170607183746.GD2658@x240.lan>
Le 07/06/2017 à 21:14, Flavio Leitner a écrit :
> On Mon, Jun 05, 2017 at 10:40:24AM +0200, Nicolas Dichtel wrote:
>>> Let me ask this instead: How do you think userspace should behave when
>>> netnsid allocation fails?
>>>
>> There is two ways to assign a nsid:
>> - manually with netlink ('ip netns set'). In this case, the error is reported
>> to userspace via netlink.
>
> OK.
>
>> - automatically when a x-netns interface is created. The link-nsid is also
>> reported to userspace. If the allocation failed, NETNSA_NSID_NOT_ASSIGNED is
>> reported. And if you were able to create this x-netns interface, it means
>> that you have access to this peer netns, thus you can try to assign the nsid
>> manually.
>
> Does that prevent the interface to be created?
No.
>
>> So, in both cases, userland knows that something went wrong.
>> Do you have another scenario in mind?
>
> Let's say the app is restarted, or another monitoring app is executed
> with enough perms. How will it identify the error condition?
Your app wants to monitor a subset of netns. It means that you already have a
way to identify those netns, something like a file stored somewhere
(/var/run/netns/, /proc/<pid>/ns/net, ...). Thus, it's easy to check if those
netns have a nsid assigned in the netns where your app will open the socket.
This option was called NETLINK_F_LISTEN_ALL_NSID, because it only enables to
listen netns *with* a nsid assigned, nothing more. It's up to the user to ensure
that nsid are correctly assigned.
Regards,
Nicolas
next prev parent reply other threads:[~2017-06-08 8:31 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-30 21:33 [PATCH net-next] netlink: include netnsid only when netns differs Flavio Leitner
2017-05-31 8:38 ` Nicolas Dichtel
2017-05-31 12:28 ` Flavio Leitner
2017-05-31 13:48 ` Nicolas Dichtel
2017-05-31 18:34 ` Flavio Leitner
2017-06-01 7:57 ` Nicolas Dichtel
2017-06-01 8:00 ` [PATCH net] netlink: don't send unknown nsid Nicolas Dichtel
2017-06-01 15:50 ` David Miller
2017-06-01 17:02 ` Flavio Leitner
2017-06-01 20:42 ` Nicolas Dichtel
2017-06-01 22:44 ` Flavio Leitner
2017-06-05 8:40 ` Nicolas Dichtel
2017-06-07 18:40 ` Flavio Leitner
2017-06-08 8:31 ` Nicolas Dichtel [this message]
2017-06-09 17:33 ` Flavio Leitner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=057303a1-5d27-1b24-c8b0-d3cf46b14825@6wind.com \
--to=nicolas.dichtel@6wind.com \
--cc=davem@davemloft.net \
--cc=fbl@sysclose.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.