Re: [PATCH 1/4] veth: move loopback logic to common location |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: Arnd Bergmann <arnd@xxxxxxxx>
- Subject: Re: [PATCH 1/4] veth: move loopback logic to common location
- From: Patrick McHardy <kaber@xxxxxxxxx>
- Date: Thu, 26 Nov 2009 16:33:36 +0100
- Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, Eric Dumazet <eric.dumazet@xxxxxxxxx>, Anna Fischer <anna.fischer@xxxxxx>, netdev@xxxxxxxxxxxxxxx, bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx, Mark Smith <lk-netdev@xxxxxxxxxxxxxxxxxxxxx>, Gerhard Stenzel <gerhard.stenzel@xxxxxxxxxx>, "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>, Jens Osterkamp <jens@xxxxxxxxxxxxxxxxxx>, Patrick Mullaney <pmullaney@xxxxxxxxxx>, Stephen Hemminger <shemminger@xxxxxxxxxx>, David Miller <davem@xxxxxxxxxxxxx>
- In-reply-to: <200911261621.28298.arnd@xxxxxxxx>
- References: <1259024166-28158-1-git-send-email-arnd@xxxxxxxx> <m1aayb6bfg.fsf@xxxxxxxxxxxxxxxxx> <4B0C2824.5010502@xxxxxxxxx> <200911261621.28298.arnd@xxxxxxxx>
- User-agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090701)
Arnd Bergmann wrote:
> On Tuesday 24 November 2009, Patrick McHardy wrote:
>> Eric W. Biederman wrote:
>>> I don't quite follow what you intend with dev_queue_xmit when the macvlan
>>> is in one namespace and the real physical device is in another. Are
>>> you mentioning that the packet classifier runs in the namespace where
>>> the primary device lives with packets from a different namespace?
>> Exactly. And I think we should make sure that the namespace of
>> the macvlan device can't (deliberately or accidentally) cause
>> misclassification.
>
> This is independent of my series and a preexisting problem, right?
Correct.
> Which fields do you think need to be reset to maintain namespace
> isolation for the outbound path in macvlan?
In addition to those already handled, I'd say
- priority: affects qdisc classification, may refer to classes of the
old namespace
- ipvs_property: might cause packets to incorrectly skip netfilter hooks
- nf_trace: might trigger packet tracing
- nf_bridge: contains references to network devices in the old NS,
also indicates packet was bridged
- iif: index is only valid in the originating namespace
- tc_index: classification result, should only be set in the namespace
of the classifier
- tc_verd: RTTL etc. should begin at zero again
- probably secmark.
_______________________________________________
Bridge mailing list
Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/bridge
[Netdev]
[AoE Tools]
[Linux Wireless]
[Kernel Newbies]
[Security]
[Linux for Hams]
[Netfilter]
[Bugtraq]
[Photo]
[Yosemite]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux RAID]
[Linux Admin]
[Samba]
[Video 4 Linux]
[Linux Resources]
