From: ebiederm@xmission•com (Eric W. Biederman)
To: Nikolay Borisov <kernel@kyup•com>
Cc: davem@davemloft•net, netdev@vger•kernel.org
Subject: Re: [PATCH 0/4] Namespacify inet_peer_* sysctl knobs
Date: Wed, 17 Feb 2016 13:15:37 -0600 [thread overview]
Message-ID: <87si0r4086.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <1455703798-15258-1-git-send-email-kernel@kyup.com> (Nikolay Borisov's message of "Wed, 17 Feb 2016 12:09:54 +0200")
Nikolay Borisov <kernel@kyup•com> writes:
> This series make the inet_peer ttl sysctls to be namespace aware.
>
> Patch 1 adds a namespace association to the inet_peer_base struct,
> which in turn is used to make the sysctls namespace aware. The
> rest of the patches are straightforward.
At a quick skim I am not certain I am comfortable with this change.
The issue is that these are not packet parameters you are tuning but
lifetimes for data structures.
Generally there are challenges making this kind of thing per namespace
because resource control can lead to DOS attack from one namespace
being able to arbitrarly control it's own resource consumption.
Is this something that is actually worth making per namespace?
Eric
> Nikolay Borisov (4):
> inetpeer: Add net namespace assosication in inet_peer_base
> inetpeer: Namespacify inet_peer_maxttl sysctl knob
> inetpeer: Namespacify inet_peer_minttl sysctl knob
> inetpeer: Namespacify inet_peer_threshold sysctl knob
>
> include/net/inetpeer.h | 1 +
> include/net/ip.h | 5 -----
> include/net/netns/ipv4.h | 4 ++++
> net/ipv4/inetpeer.c | 15 ++++++---------
> net/ipv4/route.c | 1 +
> net/ipv4/sysctl_net_ipv4.c | 47 ++++++++++++++++++++++++----------------------
> 6 files changed, 37 insertions(+), 36 deletions(-)
next prev parent reply other threads:[~2016-02-17 19:25 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-17 10:09 [PATCH 0/4] Namespacify inet_peer_* sysctl knobs Nikolay Borisov
2016-02-17 10:09 ` [PATCH 1/4] inetpeer: Add net namespace assosication in inet_peer_base Nikolay Borisov
2016-02-17 10:09 ` [PATCH 2/4] inetpeer: Namespacify inet_peer_maxttl sysctl knob Nikolay Borisov
2016-02-17 10:09 ` [PATCH 3/4] inetpeer: Namespacify inet_peer_minttl " Nikolay Borisov
2016-02-17 10:09 ` [PATCH 4/4] inetpeer: Namespacify inet_peer_threshold " Nikolay Borisov
2016-02-17 19:15 ` Eric W. Biederman [this message]
2016-02-18 15:04 ` [PATCH 0/4] Namespacify inet_peer_* sysctl knobs Nikolay Borisov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87si0r4086.fsf@x220.int.ebiederm.org \
--to=ebiederm@xmission$(echo .)com \
--cc=davem@davemloft$(echo .)net \
--cc=kernel@kyup$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox