From: Hangbin Liu <liuhangbin@gmail.com>
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: Richard Cochran <richardcochran@gmail.com>,
Jiri Benc <jbenc@redhat.com>,
netdev@vger.kernel.org, David Miller <davem@davemloft.net>,
Patrick McHardy <kaber@trash.net>,
stefan.sorensen@spectralink.com
Subject: Re: [PATCH net-next] macvlan: pass get_ts_info and SIOC[SG]HWTSTAMP ioctl to real device
Date: Tue, 23 Apr 2019 12:18:17 +0800 [thread overview]
Message-ID: <20190423041817.GE18865@dhcp-12-139.nay.redhat.com> (raw)
In-Reply-To: <20190418080509.GD5984@localhost>
Hi Miroslav,
On Thu, Apr 18, 2019 at 10:05:09AM +0200, Miroslav Lichvar wrote:
> > So I guess the macvlan should reject SIOCSHWTSTAMP but allow
> > SIOCGHWTSTAMP.
>
> FWIW, my suggestion was to limit what the SIOCSHWTSTAMP ioctl can do
> on the virtual interface. It could only enable HW timestamping or
I think this is not enough as user could enable HWTSTAMP_FILTER_NONE.
> select a more general filter. A container could run a PTP clock if it
Do you have an idea about how to select a general filter? If we have enabled
HWTSTAMP_FILTER_PTP_V2_L4_SYNC on host and a user in container want to enable
HWTSTAMP_FILTER_PTP_V2_L4_DELAY_REQ, then which one is more general?
> had also access to the PHC device, or it could have the NET_ADMIN
> capability for other reasons, but it couldn't disable HW timestamping
> enabled by the host or other container.
>
> If I understand it correctly, even without this ioctl a container can
> prevent the host or other containers from getting some of the HW
> timestamps by requesting TX timestamps at a high rate. I suspect the
Could traffic sharping/limitation fix it?
> timestamping would need to be restricted to the real interface to
> fully protect it from applications having access to the virtual
> interfaces.
Thanks
Hangbin
next prev parent reply other threads:[~2019-04-23 4:18 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-20 2:23 [PATCH net-next] macvlan: pass get_ts_info and SIOC[SG]HWTSTAMP ioctl to real device Hangbin Liu
2019-03-20 18:05 ` David Miller
2019-04-17 8:05 ` Hangbin Liu
2019-04-17 15:43 ` Richard Cochran
2019-04-17 18:59 ` Jiri Benc
2019-04-18 3:31 ` Richard Cochran
2019-04-18 6:10 ` Hangbin Liu
2019-04-18 8:05 ` Miroslav Lichvar
2019-04-23 4:18 ` Hangbin Liu [this message]
2019-04-23 8:31 ` Miroslav Lichvar
2019-04-23 9:15 ` Hangbin Liu
2019-04-23 9:32 ` Miroslav Lichvar
2019-04-25 13:40 ` Hangbin Liu
2019-05-06 7:34 ` Hangbin Liu
2019-05-06 14:01 ` Richard Cochran
2019-05-07 8:35 ` Miroslav Lichvar
2019-05-08 1:41 ` Hangbin Liu
2019-05-08 13:58 ` Michal Kubecek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190423041817.GE18865@dhcp-12-139.nay.redhat.com \
--to=liuhangbin@gmail.com \
--cc=davem@davemloft.net \
--cc=jbenc@redhat.com \
--cc=kaber@trash.net \
--cc=mlichvar@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=richardcochran@gmail.com \
--cc=stefan.sorensen@spectralink.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.