On 02/17/2016 09:15 PM, Eric W. Biederman wrote: > Nikolay Borisov <ker...@kyup.com> writes: > >> This series make the inet_peer ttl sysctls to be namespace aware. >> >> Patch 1 adds a namespace association to the inet_peer_base struct, >> which in turn is used to make the sysctls namespace aware. The >> rest of the patches are straightforward. > > At a quick skim I am not certain I am comfortable with this change. > > The issue is that these are not packet parameters you are tuning but > lifetimes for data structures.
Right, I though the inet peer expiration might have repercussion on the way the networking stack worked. But apparently that's not case. > > Generally there are challenges making this kind of thing per namespace > because resource control can lead to DOS attack from one namespace > being able to arbitrarly control it's own resource consumption. > > Is this something that is actually worth making per namespace? I guess the series can be dropped if it's deemed unnecessary. > > Eric > >> Nikolay Borisov (4): >> inetpeer: Add net namespace assosication in inet_peer_base >> inetpeer: Namespacify inet_peer_maxttl sysctl knob >> inetpeer: Namespacify inet_peer_minttl sysctl knob >> inetpeer: Namespacify inet_peer_threshold sysctl knob >> >> include/net/inetpeer.h | 1 + >> include/net/ip.h | 5 ----- >> include/net/netns/ipv4.h | 4 ++++ >> net/ipv4/inetpeer.c | 15 ++++++--------- >> net/ipv4/route.c | 1 + >> net/ipv4/sysctl_net_ipv4.c | 47 >> ++++++++++++++++++++++++---------------------- >> 6 files changed, 37 insertions(+), 36 deletions(-)
