diff mbox

ipv4: net namespace does not inherit network configurations

Message ID 53D7697C.6020103@gmail.com
State Changes Requested, archived
Delegated to: David Miller
Headers show

Commit Message

Zhu Yanjun July 29, 2014, 9:29 a.m. UTC 
Hi,all

I did a test on kernel3.16 rc6:

root@qemu1:~# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
root@qemu1:~# echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
root@qemu1:~# ip netns list
root@qemu1:~# ip netns add fib1
root@qemu1:~# ip netns exec fib1 bash
root@qemu1:~# cat /proc/sys/net/ipv6/conf/all/forwarding
0
root@qemu1:~# cat /proc/sys/net/ipv4/conf/all/forwarding
1

The behavior of ipv4 and ipv6 is very inconsistent. I checked
the kernel source code. I found that from this patch
[ipv6: fix bad free of addrconf_init_net], the above difference
appeared.

Since a net namespace is independent to another. That is, there
is no any relationship between the net namespaces. So the behavior
of ipv4 is not correct.

Based on this patch [ipv6: fix bad free of addrconf_init_net], I made
a new patch to fix this problem on ipv4.

Any reply is appreciated.

Zhu Yanjun

Comments

Cong Wang July 29, 2014, 5:48 p.m. UTC | #1 
On Tue, Jul 29, 2014 at 2:29 AM, zhuyj <zyjzyj2000@gmail.com> wrote:
> Hi,all
>
> I did a test on kernel3.16 rc6:
>
> root@qemu1:~# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
> root@qemu1:~# echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
> root@qemu1:~# ip netns list
> root@qemu1:~# ip netns add fib1
> root@qemu1:~# ip netns exec fib1 bash
> root@qemu1:~# cat /proc/sys/net/ipv6/conf/all/forwarding
> 0
> root@qemu1:~# cat /proc/sys/net/ipv4/conf/all/forwarding
> 1
>
> The behavior of ipv4 and ipv6 is very inconsistent. I checked
> the kernel source code. I found that from this patch
> [ipv6: fix bad free of addrconf_init_net], the above difference
> appeared.
>
> Since a net namespace is independent to another. That is, there
> is no any relationship between the net namespaces. So the behavior
> of ipv4 is not correct.
>

Well, they are already independent, not shared, just that the initial
value is duplicated from init_net for IPv4.

This change might break existing applications which rely on this
behavior, but given IPv6 change is almost the same, I think it's ok.

BTW, you need to submit a patch as normal, instead of as an attachment.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Zhu Yanjun July 31, 2014, 1:59 a.m. UTC | #2 
On 07/30/2014 01:48 AM, Cong Wang wrote:
> On Tue, Jul 29, 2014 at 2:29 AM, zhuyj <zyjzyj2000@gmail.com> wrote:
>> Hi,all
>>
>> I did a test on kernel3.16 rc6:
>>
>> root@qemu1:~# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
>> root@qemu1:~# echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
>> root@qemu1:~# ip netns list
>> root@qemu1:~# ip netns add fib1
>> root@qemu1:~# ip netns exec fib1 bash
>> root@qemu1:~# cat /proc/sys/net/ipv6/conf/all/forwarding
>> 0
>> root@qemu1:~# cat /proc/sys/net/ipv4/conf/all/forwarding
>> 1
>>
>> The behavior of ipv4 and ipv6 is very inconsistent. I checked
>> the kernel source code. I found that from this patch
>> [ipv6: fix bad free of addrconf_init_net], the above difference
>> appeared.
>>
>> Since a net namespace is independent to another. That is, there
>> is no any relationship between the net namespaces. So the behavior
>> of ipv4 is not correct.
>>
> Well, they are already independent, not shared, just that the initial
> value is duplicated from init_net for IPv4.
>
> This change might break existing applications which rely on this
> behavior, but given IPv6 change is almost the same, I think it's ok.
>
> BTW, you need to submit a patch as normal, instead of as an attachment.
>
OK. Thanks a lot.

Zhu Yanjun
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Zhu Yanjun Oct. 13, 2014, 8:20 a.m. UTC | #3 
Hi, Miller && Cong

Can we merge this patch into kernel mainline? since the independence
between ipv4 and ipv6 is inconsistent even in the latest linux 
kernel(3.17-rc7),
that is, the net namespace is independent in ipv6 while it is not in ipv4.

Thanks a lot.
Zhu Yanjun

On 07/30/2014 01:48 AM, Cong Wang wrote:
> On Tue, Jul 29, 2014 at 2:29 AM, zhuyj <zyjzyj2000@gmail.com> wrote:
>> Hi,all
>>
>> I did a test on kernel3.16 rc6:
>>
>> root@qemu1:~# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
>> root@qemu1:~# echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
>> root@qemu1:~# ip netns list
>> root@qemu1:~# ip netns add fib1
>> root@qemu1:~# ip netns exec fib1 bash
>> root@qemu1:~# cat /proc/sys/net/ipv6/conf/all/forwarding
>> 0
>> root@qemu1:~# cat /proc/sys/net/ipv4/conf/all/forwarding
>> 1
>>
>> The behavior of ipv4 and ipv6 is very inconsistent. I checked
>> the kernel source code. I found that from this patch
>> [ipv6: fix bad free of addrconf_init_net], the above difference
>> appeared.
>>
>> Since a net namespace is independent to another. That is, there
>> is no any relationship between the net namespaces. So the behavior
>> of ipv4 is not correct.
>>
> Well, they are already independent, not shared, just that the initial
> value is duplicated from init_net for IPv4.
>
> This change might break existing applications which rely on this
> behavior, but given IPv6 change is almost the same, I think it's ok.
>
> BTW, you need to submit a patch as normal, instead of as an attachment.
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

From f3a68831d7c58b185d57f30130217b22a8e2c71f Mon Sep 17 00:00:00 2001
From: Zhu Yanjun <zyjzyj2000@gmail.com>
Date: Tue, 29 Jul 2014 17:23:10 +0800
Subject: [PATCH 1/1] ipv4: net namespace does not inherit network
 configurations

Ipv4 net namespace requires a similar logic change as commit c900a800
[ipv6: fix bad free of addrconf_init_net] introduces for newer kernels.

Since a net namespace is independent to another. That is, there
is no any relationship between the net namespaces. So a new net
namespace should not inherit network configurations from another
net namespace including the host.

CC: Hong Zhiguo <honkiko@gmail.com>
CC: David S. Miller <davem@davemloft.net>
Signed-off-by: Zhu Yanjun <zyjzyj2000@gmail.com>
---
 net/ipv4/devinet.c | 29 ++++++++++++-----------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index e944937..a16aa39 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -2220,28 +2220,23 @@  static __net_init int devinet_init_net(struct net *net)
 #endif
 
 	err = -ENOMEM;
-	all = &ipv4_devconf;
-	dflt = &ipv4_devconf_dflt;
 
-	if (!net_eq(net, &init_net)) {
-		all = kmemdup(all, sizeof(ipv4_devconf), GFP_KERNEL);
-		if (all == NULL)
-			goto err_alloc_all;
-
-		dflt = kmemdup(dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
-		if (dflt == NULL)
-			goto err_alloc_dflt;
+	all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
+	if (all == NULL)
+		goto err_alloc_all;
 
+	dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
+	if (dflt == NULL)
+		goto err_alloc_dflt;
 #ifdef CONFIG_SYSCTL
-		tbl = kmemdup(tbl, sizeof(ctl_forward_entry), GFP_KERNEL);
-		if (tbl == NULL)
-			goto err_alloc_ctl;
+	tbl = kmemdup(tbl, sizeof(ctl_forward_entry), GFP_KERNEL);
+	if (tbl == NULL)
+		goto err_alloc_ctl;
 
-		tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
-		tbl[0].extra1 = all;
-		tbl[0].extra2 = net;
+	tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
+	tbl[0].extra1 = all;
+	tbl[0].extra2 = net;
 #endif
-	}
 
 #ifdef CONFIG_SYSCTL
 	err = __devinet_sysctl_register(net, "all", all);
-- 
1.9.1