| Message ID | 20171130194526.8076-1-aring@mojatatu.com |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net-next] net: llc: remove init_net check | expand |
On Thu, 2017-11-30 at 14:45 -0500, Alexander Aring wrote: > Commit e730c15519d09 ("[NET]: Make packet reception network namespace > safe") added several init_net compares to protocols with unknown > net namespace support. The idea was as users started using the > different > protocols they would test and enable them. > In our use-case we generate STP enabled Linux bridges in different > namespaces. The bridges are connected via veth interfaces. > This patch makes STP work in such a setup. > > Signed-off-by: Alexander Aring <aring@mojatatu.com> > --- > net/llc/llc_input.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c > index 82cb93f66b9b..09b530d90610 100644 > --- a/net/llc/llc_input.c > +++ b/net/llc/llc_input.c > @@ -14,7 +14,6 @@ > #include <linux/netdevice.h> > #include <linux/slab.h> > #include <linux/export.h> > -#include <net/net_namespace.h> > #include <net/llc.h> > #include <net/llc_pdu.h> > #include <net/llc_sap.h> > @@ -162,9 +161,6 @@ int llc_rcv(struct sk_buff *skb, struct > net_device *dev, > void (*sta_handler)(struct sk_buff *skb); > void (*sap_handler)(struct llc_sap *sap, struct sk_buff > *skb); > > - if (!net_eq(dev_net(dev), &init_net)) > - goto drop; > - > /* > * When the interface is in promisc. mode, drop all the crap > that it > * receives, do not try to analyse it. Well, we use different netns for isolation. You need more changes than simply removing this check, I guess. __llc_sap_find() would need a per netns list, or proper netns checks.
Hi, On Thu, Nov 30, 2017 at 3:12 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote: > ... > > > Well, we use different netns for isolation. > > You need more changes than simply removing this check, I guess. > > __llc_sap_find() would need a per netns list, or proper netns checks. > I looked deeper into this and try to move the list from global resource to net struct and use per netns init... it's just a very big task and I try to do my best there... Also I figured out that the bridge code use a lot of global resources which should also be per netns as well and I am worried that you can actually move bridges to different namespaces. :-/ Just a status update - when I have time I try to do that... just need time and it's not simple to do this change in llc. - Alex
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c index 82cb93f66b9b..09b530d90610 100644 --- a/net/llc/llc_input.c +++ b/net/llc/llc_input.c @@ -14,7 +14,6 @@ #include <linux/netdevice.h> #include <linux/slab.h> #include <linux/export.h> -#include <net/net_namespace.h> #include <net/llc.h> #include <net/llc_pdu.h> #include <net/llc_sap.h> @@ -162,9 +161,6 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev, void (*sta_handler)(struct sk_buff *skb); void (*sap_handler)(struct llc_sap *sap, struct sk_buff *skb); - if (!net_eq(dev_net(dev), &init_net)) - goto drop; - /* * When the interface is in promisc. mode, drop all the crap that it * receives, do not try to analyse it.
Commit e730c15519d09 ("[NET]: Make packet reception network namespace safe") added several init_net compares to protocols with unknown net namespace support. The idea was as users started using the different protocols they would test and enable them. In our use-case we generate STP enabled Linux bridges in different namespaces. The bridges are connected via veth interfaces. This patch makes STP work in such a setup. Signed-off-by: Alexander Aring <aring@mojatatu.com> --- net/llc/llc_input.c | 4 ---- 1 file changed, 4 deletions(-)