From: Florian Westphal
log_invalid sysctl allows values of 0 to 255 inclusive so we no longer
need a range check: the min/max values can be removed.
This also removes all member variables that were moved to net_generic
data in previous patches.
This reduces size of netns_ct struct by one cache
These sysctls point to global variables:
- NF_SYSCTL_CT_MAX (&nf_conntrack_max)
- NF_SYSCTL_CT_EXPECT_MAX (&nf_ct_expect_max)
- NF_SYSCTL_CT_BUCKETS (&nf_conntrack_htable_size_user)
Because their data pointers are not updated to point to per-netns
structures, they must be marked re
read-only to prevent a leak.
To test, simply create a new netns:
$ sudo ip netns add dummy
As it sits now, this patch will WARN for two sysctls which will be
addressed in a subsequent patch:
- /proc/sys/net/netfilter/nf_conntrack_max
- /proc/sys/net/netfilter/nf_conntrack_expect_max
Signed-off
Add documentation for new IOAM sysctls:
- ioam6_id: a namespace sysctl
- ioam6_enabled and ioam6_id: two per-interface sysctls
Example of IOAM configuration based on the following simple topology:
_ _ _
| | eth0 eth0 | | eth1 eth0 | |
| A
From: Eric Dumazet
Convert most sysctls that can fit in a byte.
Signed-off-by: Eric Dumazet
---
include/net/netns/ipv6.h | 24
net/ipv6/icmp.c| 12 ++--
net/ipv6/sysctl_net_ipv6.c | 38 ++
3 files changed, 36
From: Eric Dumazet
Make room for better packing of netns_ipv4
Signed-off-by: Eric Dumazet
---
include/net/netns/ipv4.h | 4 ++--
net/ipv4/sysctl_net_ipv4.c | 8
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index
From: Eric Dumazet
Many tcp sysctls are either bools or small ints that can fit into u8.
Reducing space taken by sysctls can save few cache line misses
when sending/receiving data while cpu caches are empty,
for example after cpu idle period.
This is hard to measure with typical network
Add documentation for new IOAM sysctls:
- ioam6_id: a namespace sysctl
- ioam6_enabled and ioam6_id: two per-interface sysctls
Example of IOAM configuration based on the following simple topology:
_ _ _
| | eth0 eth0 | | eth1 eth0 | |
| A
On Sat, 7 Nov 2020 20:35:12 +0100 Vincent Bernat wrote:
> Some per-interface sysctls are ignoring the "all" variant. This
> patchset fixes some of them when such a sysctl is handled as a
> boolean. This includes:
>
> - net.ipv
Some per-interface sysctls are ignoring the "all" variant. This
patchset fixes some of them when such a sysctl is handled as a
boolean. This includes:
- net.ipvX.conf.all.disable_policy
- net.ipvX.conf.all.disable_policy.disable_xfrm
- net.ipv4.conf.all.proxy
>> Add documentation for new IOAM sysctls:
>> - ioam6_id: a namespace sysctl
>> - ioam6_enabled and ioam6_id: two per-interface sysctls
>>
> Are you planning add a more detailed description of the feature and
> how to use it (would be nice I think :-) )
Of cour
On Wed, Jun 24, 2020 at 12:33 PM Justin Iurman wrote:
>
> Add documentation for new IOAM sysctls:
> - ioam6_id: a namespace sysctl
> - ioam6_enabled and ioam6_id: two per-interface sysctls
>
Are you planning add a more detailed description of the feature and
how to use it (would
Add documentation for new IOAM sysctls:
- ioam6_id: a namespace sysctl
- ioam6_enabled and ioam6_id: two per-interface sysctls
Signed-off-by: Justin Iurman
---
Documentation/networking/ioam6-sysctl.rst | 20
Documentation/networking/ip-sysctl.rst| 5 +
2 files
From: Florian Westphal
When I merged the extension sysctl tables with the main one I forgot to
reset them on netns creation. They currently read/write init_net settings.
Fixes: d912dec12428 ("netfilter: conntrack: merge acct and helper sysctl table
with main one")
Fixes: cb2833ed0044 ("netfilt
From: Christian Brauner
This ports the sysctls to use struct brnf_net.
With this patch we make it possible to namespace the br_netfilter module in
the following patch.
Signed-off-by: Christian Brauner
Signed-off-by: Pablo Neira Ayuso
---
include/net/netfilter/br_netfilter.h | 3 +-
net
is unloaded.
In doing so the patch makes the sysctls:
bridge-nf-call-arptables
bridge-nf-call-ip6tables
bridge-nf-call-iptables
bridge-nf-filter-pppoe-tagged
bridge-nf-filter-vlan-tagged
bridge-nf-pass-vlan-input-dev
apply per network namespace. This unblocks some use-cases where users would
like
Given BPF reaches far beyond just networking these days, it was
never intended to allow setting and in some cases reading those
knobs out of a user namespace root running without CAP_SYS_ADMIN,
thus tighten such access.
Also the bpf_jit_enable = 2 debugging mode should only be allowed
if kptr_rest
From: Eric Dumazet
Date: Fri, 27 Oct 2017 07:47:20 -0700
> Ideally all TCP sysctls should be per netns.
> This patch series takes care of 12 sysctls.
Series applied, thanks Eric.
> Remains the ones that need discussion :
>
> sysctl_tcp_mem, sysctl_tcp_rmem, sysct
Ideally all TCP sysctls should be per netns.
This patch series takes care of 12 sysctls.
Remains the ones that need discussion :
sysctl_tcp_mem, sysctl_tcp_rmem, sysctl_tcp_wmem, and sysctl_tcp_max_orphans
Eric Dumazet (12):
tcp: Namespace-ify sysctl_tcp_nometrics_save
tcp: Namespace-ify
On Fri, 2017-10-27 at 13:46 +0900, David Miller wrote:
> From: Eric Dumazet
> Date: Thu, 26 Oct 2017 16:35:11 -0700
>
> > Ideally all TCP sysctls should be per netns.
> > This patch series takes care of 14 of sysctls.
> > More to come later.
>
> The tcp-fack pa
Ideally all TCP sysctls should be per netns.
This patch series takes care of 14 of sysctls.
More to come later.
Eric Dumazet (15):
tcp: Namespace-ify sysctl_tcp_early_retrans
tcp: Namespace-ify sysctl_tcp_recovery
tcp: Namespace-ify sysctl_tcp_thin_linear_timeouts
tcp: Namespace-ify
From: Eric Dumazet
Date: Thu, 26 Oct 2017 16:35:11 -0700
> Ideally all TCP sysctls should be per netns.
> This patch series takes care of 14 of sysctls.
> More to come later.
The tcp-fack patch doesn't apply cleanly, please respin.
Thank you.
Ideally all TCP sysctls should be per netns.
This patch series takes care of 14 of sysctls.
More to come later.
Eric Dumazet (15):
tcp: Namespace-ify sysctl_tcp_early_retrans
tcp: Namespace-ify sysctl_tcp_recovery
tcp: Namespace-ify sysctl_tcp_thin_linear_timeouts
tcp: Namespace-ify
From: Eric Dumazet
Date: Wed, 7 Jun 2017 10:34:35 -0700
> Move tcp_sack, tcp_window_scaling and tcp_timestamps
> sysctls to network namespaces.
>
> Eric Dumazet (4):
> tcp: add a struct net parameter to tcp_parse_options()
> tcp: Namespaceify sysctl_tcp_sack
>
Move tcp_sack, tcp_window_scaling and tcp_timestamps
sysctls to network namespaces.
Eric Dumazet (4):
tcp: add a struct net parameter to tcp_parse_options()
tcp: Namespaceify sysctl_tcp_sack
tcp: Namespaceify sysctl_tcp_window_scaling
tcp: Namespaceify sysctl_tcp_timestamps
drivers
This patch adds documentation for some SR-related per-interface
sysctls.
Signed-off-by: David Lebrun
---
Documentation/networking/seg6-sysctl.txt | 18 ++
1 file changed, 18 insertions(+)
create mode 100644 Documentation/networking/seg6-sysctl.txt
diff --git a/Documentation
This patch adds documentation for some SR-related per-interface
sysctls.
Signed-off-by: David Lebrun
---
Documentation/networking/seg6-sysctl.txt | 18 ++
1 file changed, 18 insertions(+)
create mode 100644 Documentation/networking/seg6-sysctl.txt
diff --git a/Documentation
This patch adds documentation for some SR-related per-interface
sysctls.
Signed-off-by: David Lebrun
---
Documentation/networking/seg6-sysctl.txt | 18 ++
1 file changed, 18 insertions(+)
create mode 100644 Documentation/networking/seg6-sysctl.txt
diff --git a/Documentation
This patch adds documentation for some SR-related per-interface
sysctls.
Signed-off-by: David Lebrun
---
Documentation/networking/seg6-sysctl.txt | 18 ++
1 file changed, 18 insertions(+)
create mode 100644 Documentation/networking/seg6-sysctl.txt
diff --git a/Documentation
From: Jann Horn
Date: Sat, 22 Oct 2016 23:23:42 +0200
> On Thu, Oct 20, 2016 at 02:37:47PM -0400, David Miller wrote:
>> From: Pablo Neira Ayuso
>> Date: Thu, 20 Oct 2016 20:22:24 +0200
>>
>> > On Sat, Sep 24, 2016 at 12:21:04AM +0200, Jann Horn wrote:
>> >> This prevents the modification of nf
On Thu, Oct 20, 2016 at 02:37:47PM -0400, David Miller wrote:
> From: Pablo Neira Ayuso
> Date: Thu, 20 Oct 2016 20:22:24 +0200
>
> > On Sat, Sep 24, 2016 at 12:21:04AM +0200, Jann Horn wrote:
> >> This prevents the modification of nf_conntrack_max in unprivileged network
> >> namespaces. For unp
From: Pablo Neira Ayuso
Date: Thu, 20 Oct 2016 20:22:24 +0200
> On Sat, Sep 24, 2016 at 12:21:04AM +0200, Jann Horn wrote:
>> This prevents the modification of nf_conntrack_max in unprivileged network
>> namespaces. For unprivileged network namespaces, ip_conntrack_max is kept
>> as a readonly sy
On Sat, Sep 24, 2016 at 12:21:04AM +0200, Jann Horn wrote:
> This prevents the modification of nf_conntrack_max in unprivileged network
> namespaces. For unprivileged network namespaces, ip_conntrack_max is kept
> as a readonly sysctl in order to minimize potential compatibility issues.
>
> This p
This patch adds documentation for some SR-related per-interface
sysctls.
Signed-off-by: David Lebrun
---
Documentation/networking/seg6-sysctl.txt | 18 ++
1 file changed, 18 insertions(+)
create mode 100644 Documentation/networking/seg6-sysctl.txt
diff --git a/Documentation
to a user namespace let's make container's
> >> root owner of sysctls affecting said network namespace instead of global
> >> root.
> >>
> >> This also allows us to clean up net_ctl_permissions() because we do not
> >> need to fudge permissions any
From: Dmitry Torokhov
Date: Thu, 29 Sep 2016 08:46:05 -0700
> Hi David,
>
> On Wed, Aug 10, 2016 at 2:36 PM, Dmitry Torokhov
> wrote:
>> If net namespace is attached to a user namespace let's make container's
>> root owner of sysctls affecting said network n
Hi David,
On Wed, Aug 10, 2016 at 2:36 PM, Dmitry Torokhov
wrote:
> If net namespace is attached to a user namespace let's make container's
> root owner of sysctls affecting said network namespace instead of global
> root.
>
> This also allows us to clean up net_ctl_pe
This prevents the modification of nf_conntrack_max in unprivileged network
namespaces. For unprivileged network namespaces, ip_conntrack_max is kept
as a readonly sysctl in order to minimize potential compatibility issues.
This patch should apply cleanly to the net tree.
Signed-off-by: Jann Horn
From: Jann Horn
Date: Sun, 18 Sep 2016 22:58:20 +0200
> There were two net sysctls that could be written from unprivileged net
> namespaces, but weren't actually namespaced.
>
> To fix the existing issues and prevent stuff this from happening again in
> the future,
From: Jann Horn
Date: Sun, 18 Sep 2016 22:58:20 +0200
> There were two net sysctls that could be written from unprivileged net
> namespaces, but weren't actually namespaced.
>
> To fix the existing issues and prevent stuff this from happening again in
> the future,
There were two net sysctls that could be written from unprivileged net
namespaces, but weren't actually namespaced.
To fix the existing issues and prevent stuff this from happening again in
the future, explicitly whitelist permitted sysctls.
Note: The current whitelist is "allow every
If net namespace is attached to a user namespace let's make container's
root owner of sysctls affecting said network namespace instead of global
root.
This also allows us to clean up net_ctl_permissions() because we do not
need to fudge permissions anymore for the container's own
Dmitry Torokhov writes:
> On Mon, Aug 8, 2016 at 2:08 PM, Eric W. Biederman
> wrote:
>> Dmitry Torokhov writes:
>>
>>> If net namespace is attached to a user namespace let's make container's
>>> root owner of sysctls affecting said network name
On Mon, Aug 8, 2016 at 2:08 PM, Eric W. Biederman wrote:
> Dmitry Torokhov writes:
>
>> If net namespace is attached to a user namespace let's make container's
>> root owner of sysctls affecting said network namespace instead of global
>> root.
>
Dmitry Torokhov writes:
> If net namespace is attached to a user namespace let's make container's
> root owner of sysctls affecting said network namespace instead of global
> root.
>
> This also allows us to clean up net_ctl_permissions() because we do not
> need to f
If net namespace is attached to a user namespace let's make container's
root owner of sysctls affecting said network namespace instead of global
root.
This also allows us to clean up net_ctl_permissions() because we do not
need to fudge permissions anymore for the container's own
David Miller writes:
> From: ebied...@xmission.com (Eric W. Biederman)
> Date: Mon, 25 Jul 2016 19:44:50 -0500
>
>> User namespaces have enabled unprivileged users access to a lot more
>> data structures and so to catch programs that go crazy we need a lot
>> more limits. I believe some of those
From: ebied...@xmission.com (Eric W. Biederman)
Date: Mon, 25 Jul 2016 19:44:50 -0500
> User namespaces have enabled unprivileged users access to a lot more
> data structures and so to catch programs that go crazy we need a lot
> more limits. I believe some of those limits make sense per namespac
David Miller writes:
> From: ebied...@xmission.com (Eric W. Biederman)
> Date: Mon, 25 Jul 2016 19:02:01 -0500
>
>>Which means this change gets has to wait for next cycle.
>
> Ok.
For clarity I intend to merge these changes through the userns tree,
when the issues are resolved.
I Cc
From: ebied...@xmission.com (Eric W. Biederman)
Date: Mon, 25 Jul 2016 19:02:01 -0500
>Which means this change gets has to wait for next cycle.
Ok.
"Eric W. Biederman" writes:
> Limit per userns sysctls to only be opened for write by a holder
> of CAP_SYS_RESOURCE.
>
> Add all of the necessary boilerplate for having per user namespace
> sysctls.
> @@ -141,6 +215,7 @@ void free_user_ns(struct user_n
Limit per userns sysctls to only be opened for write by a holder
of CAP_SYS_RESOURCE.
Add all of the necessary boilerplate for having per user namespace
sysctls.
Signed-off-by: "Eric W. Biederman"
---
include/linux/user_namespace.h | 4 ++
kernel/user_namespace.c
gt;> random. In particular consider the case of an application in a
>> non-initial network namespace creating a new network namespace. It is
>> not even possible to predict what values they will get for sysctls
>> today.
> +1
But there is a counter argument to this.
creating a new network namespace. It is
not even possible to predict what values they will get for sysctls
today.
+1
From a backwards compatibility standpoint we are probably better off
with copying from the current network namespace rather than the initial
network namespace. As that more closely
no sense because new netns might be created
>> from any netns. This patch makes private copy also for init netns if
>> network namespaces are enabled. Other sysctls in net.ipv4 and net.ipv6
>> already initialized with default values at namespace creation.
>>
>> Sig
From: Konstantin Khlebnikov
Date: Wed, 24 Feb 2016 08:16:59 +0300
> Major kernel upgrades always break something in weird setups.
> This shouldn't block bug fixing.
A bug for you is a feature for another person. I'm standing by my
position, and will not apply this and break existing setups, sor
>> for init_net. This makes no sense because new netns might be created
>> from any netns. This patch makes private copy also for init netns if
>> network namespaces are enabled. Other sysctls in net.ipv4 and net.ipv6
>> already initialized with default values at namesp
gt; from any netns. This patch makes private copy also for init netns if
> network namespaces are enabled. Other sysctls in net.ipv4 and net.ipv6
> already initialized with default values at namespace creation.
>
> Signed-off-by: Konstantin Khlebnikov
> Fixes: 752d14dc6aa9 ("[IPV
private copy also for init netns if
> network namespaces are enabled. Other sysctls in net.ipv4 and net.ipv6
> already initialized with default values at namespace creation.
Acked-by: "Eric W. Biederman"
Assuming that this does not cause a regression I am all for this,
as i
Konstantin,
I've investigated question with sysctls initialization inside namespaces some
time ago.
IIRC I've found people expect that sysctl values should be inherited from
parent namespace.
It allows node admin to adjust unsafe pre-compiled settings, and prepare
adequate defaul
are enabled. Other sysctls in net.ipv4 and net.ipv6
already initialized with default values at namespace creation.
Signed-off-by: Konstantin Khlebnikov
Fixes: 752d14dc6aa9 ("[IPV4]: Move the devinet pointers on the struct net")
---
net/ipv4/devinet.c |2 +-
1 file changed, 1 inser
On 21.02.2016 12:25, Vasily Averin wrote:
Konstantin,
I've investigated question with sysctls initialization inside namespaces some
time ago.
IIRC I've found people expect that sysctl values should be inherited from
parent namespace.
It allows node admin to adjust unsafe pre-compile
Hi,
It seems due to the following patch set in Linux v3.5
[PATCH net-next 00/19] net: Sysctl simplications and enhancements
http://comments.gmane.org/gmane.linux.network/227965
some of the previously visible sysctls variables in net/core and
net/ipv4 has become invisible.
Is there a possibility
From: Robert Shearman
Date: Thu, 11 Jun 2015 19:58:26 +0100
> If a device is renamed and the original name is subsequently reused
> for a new device, the following warning is generated:
...
> Fix this by unregistering the previous sysctl table (registered for
> the path containing the original d
If a device is renamed and the original name is subsequently reused
for a new device, the following warning is generated:
sysctl duplicate entry: /net/mpls/conf/veth0//input
CPU: 3 PID: 1379 Comm: ip Not tainted 4.1.0-rc4+ #20
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.7.5-2014
There are many tables in net/core/sysctl_net_core.c that are
to be read-only. Current implementation duplicates this array
for each namespace just to clear the "write" bits in the
permissions mask.
Keep the writable tables to per-net ctl root and move the others
to the read-only one. This saves so
The do_sysctl_strategy can be static since it's used in
kernel/sysctl.c only.
Besides, move it and parse_table above their callers and
drop the forward declarations.
Signed-off-by: Pavel Emelyanov <[EMAIL PROTECTED]>
---
include/linux/sysctl.h |5 --
kernel/sysctl.c| 144
The addrconf sysctls and neigh sysctls are registered and
unregistered always in pairs, so they can be joined into
one (well, two) functions, that accept the struct inet6_dev
and do all the job.
This also get rids of unneeded ifdefs inside the code.
Signed-off-by: Pavel Emelyanov <[EM
All the sysctl concerning the routes are moved to the network namespace
structure. A helper function is called to initialize the variables.
Because the ipv6 protocol is not yet per namespace, the variables are
accessed relatively from the network namespace.
Signed-off-by: Daniel Lezcano <[EMAIL P
All the sysctl concerning the routes are moved to the network namespace
structure. A helper function is called to initialize the variables.
Because the ipv6 protocol is not yet per namespace, the variables are
accessed relatively from the network namespace.
Signed-off-by: Daniel Lezcano <[EMAIL P
All the sysctl concerning the routes are moved to the network namespace
structure.
Because the ipv6 protocol is not yet per namespace, the variables are
accessed relatively from the network namespace.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
include/net/ip6_route.h|2 -
incl
From: Pavel Emelyanov <[EMAIL PROTECTED]>
Date: Fri, 07 Dec 2007 16:07:19 +0300
> Making them per-namespace is required for the following
> two reasons:
>
> First, some ctl values have a per-namespace meaning.
> Second, making them writable from the sub-namespace
> is an isolation hole.
>
>
de/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -37,6 +37,9 @@ struct net {
struct sock *rtnl; /* rtnetlink socket */
+ /* core sysctls */
+ struct ctl_table_header *sysctl_core_hdr;
+
/* List of all packet sockets. */
rw
On Sat, Dec 01, 2007 at 04:46:41PM +0300, Pavel Emelyanov wrote:
> This looks very much like the patch for ipv4's devinet.
>
> This is also intended to help us with the net namespaces
> and saves the ipv6.ko size by ~320 bytes.
>
> The difference from the first version is just the patch
> offsets
On Sat, Dec 01, 2007 at 04:39:58PM +0300, Pavel Emelyanov wrote:
>
> The difference from the first version is just the patch
> offsets, that changed due to changes in the patch #2.
>
> Signed-off-by: Pavel Emelyanov <[EMAIL PROTECTED]>
All applied to net-2.6.25. Thanks Pavel.
--
Visit Openswan
This looks very much like the patch for ipv4's devinet.
This is also intended to help us with the net namespaces
and saves the ipv6.ko size by ~320 bytes.
The difference from the first version is just the patch
offsets, that changed due to changes in the patch #2.
Signed-off-by: Pavel Emelyanov
This looks very much like the patch for neighbors.
The path is also located on the stack and is prepared
inside the function. This time, the call to the registering
function is guarded with the RTNL lock, but I decided
to keep it on the stack not to litter the devinet.c file
with unneeded names an
On Fri, Nov 30, 2007 at 08:29:16PM +0300, Pavel Emelyanov wrote:
> Since the path is modified, it is put on the stack, to avoid
> possible races with multiple calls to neigh_sysctl_register() : it
> is called by protocols and I didn't find any protection in this
> case. Did I overlooked the rtnl lo
Pavel Emelyanov <[EMAIL PROTECTED]> writes:
> Hi, Herbert, guys.
>
> Since you have accepted some net-namespaces-related work
> from Eric (sysctl namespaces), I hope, that you can pay
> some attention to further work in this direction.
>
> This set makes the unix-sock
This looks very much like the patch for ipv4's devinet.
This is also intended to help us with the net namespaces
and saves the ipv6.ko size by ~320 bytes.
Signed-off-by: Pavel Emelyanov <[EMAIL PROTECTED]>
---
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 8b93593..37e2cc0 100644
This looks very much like the patch for neighbors.
The path is also located on the stack and is prepared
inside the function. This time, the call to the registering
function is guarded with the RTNL lock, but I decided
to keep it on the stack not to litter the devinet.c file
with unneeded names an
The appropriate path is prepared right inside this function. It
is prepared similar to how the ctl tables were.
Since the path is modified, it is put on the stack, to avoid
possible races with multiple calls to neigh_sysctl_register() : it
is called by protocols and I didn't find any protection i
Hi, Herbert, guys.
Since you have accepted some net-namespaces-related work
from Eric (sysctl namespaces), I hope, that you can pay
some attention to further work in this direction.
This set makes the unix-sockets sysctls (currently this
includes the sys/net/unix/max_dgram_qlen only) per net
This patch implements the basic infrastructure for per namespace sysctls.
A list of lists of sysctl headers is added, allowing each namespace to have
it's own list of sysctl headers.
Each list of sysctl headers has a lookup function to find the first
sysctl header in the list, allowin
Stephen Hemminger wrote:
On Tue, 25 Sep 2007 06:07:24 +0200
Patrick McHardy <[EMAIL PROTECTED]> wrote:
I meant removing brnf_sysctl_call_tables function, not the sysctls
themselves, all it does is change values != 0 to 1. Or did you
actually mean that something in userspace might dep
ve it?
> >
> >
> > I agree, removing seems like a better option. But probably need to
> > go through a 3-6mo warning period, since sysctl's are technically
> > an API.
>
>
> I meant removing brnf_sysctl_call_tables function, not the sysctls
> them
something, the entire brnf_sysctl_call_tables
>>thing looks purely cosmetic to me, wouldn't it be better to simply
>>remove it?
>
>
> I agree, removing seems like a better option. But probably need to go
> through a 3-6mo warning period, since sysctl's are technic
;>> to whether there should have been bounds checking (as did some of the folks
>>> who did some internal review for me). That leads to the question - is it
>>> considered worthwhile to add a bit more bounds checking to sundry networking
>>> sysctls?
>>>
>&g
al review for me). That leads to the
question - is it considered worthwhile to add a bit more bounds checking
to sundry networking sysctls?
rick jones
IMHO As long as the any value from sysctl doesn't crash kernel, we
should let it go. Enforcing RFC policy or inter-dependencies seems
likes a
r me). That leads to the
> question - is it considered worthwhile to add a bit more bounds checking
> to sundry networking sysctls?
>
> rick jones
IMHO As long as the any value from sysctl doesn't crash kernel, we
should let it go. Enforcing RFC policy or inter-dependencies seems
to sundry networking sysctls?
rick jones
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
ath5k, remove sysctls
Syscalls were buggy and defunct in later kernels (due to sysctl check).
Signed-off-by: Jiri Slaby <[EMAIL PROTECTED]>
---
commit 069bfbe93facb3468f579568434d18f1268a487c
tree 87c19ebf2c91d9fb07f1847adcb6098f2235eaaa
parent b01c0e9a02b248c3e2f2923da9728ba2c3961dee
No one has bothered to set strategy routine for the
the netfilter sysctls that return jiffies to be sysctl_jiffies.
So it appears the sys_sysctl path is unused and untested,
so this patch removes the binary sysctl numbers.
Which fixes the netfilter oops in 2.6.23-rc2-mm2 for me.
Signed-off-by
On Fri, 10 Aug 2007 15:00:05 -0600
[EMAIL PROTECTED] (Eric W. Biederman) wrote:
>
> The binary interface for the cdrom sysctls can't possilby work.
> So remove the binary sysctls and reduce cdrom_sysctl_handler
> to it's essentials (to kill the uses of ctl_name).
>
&
The binary interface for the cdrom sysctls can't possilby work.
So remove the binary sysctls and reduce cdrom_sysctl_handler
to it's essentials (to kill the uses of ctl_name).
Since the last time this patch was posted I radically
simplified cdrom_sysctl_helper to meet address Alan&#x
YOSHIFUJI Hideaki / 吉藤英明 <[EMAIL PROTECTED]> writes:
> In article <[EMAIL PROTECTED]> (at Thu, 09 Aug 2007
> 20:23:16 -0600), [EMAIL PROTECTED] (Eric W. Biederman) says:
>
>> YOSHIFUJI Hideaki / 吉藤英明 <[EMAIL PROTECTED]> writes:
>>
>> > Would you explain why it does not work properly
>> > for thos
In article <[EMAIL PROTECTED]> (at Thu, 09 Aug 2007 20:23:16 -0600), [EMAIL
PROTECTED] (Eric W. Biederman) says:
> YOSHIFUJI Hideaki / 吉藤英明 <[EMAIL PROTECTED]> writes:
>
> > Would you explain why it does not work properly
> > for those cases?
>
> Mostly no appropriate strategy routine was setup
YOSHIFUJI Hideaki / 吉藤英明 <[EMAIL PROTECTED]> writes:
> Would you explain why it does not work properly
> for those cases?
Mostly no appropriate strategy routine was setup to
report the data to the caller of sys_sysctl.
Eric
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
In article <[EMAIL PROTECTED]> (at Thu, 09 Aug 2007 18:56:09 -0600), [EMAIL
PROTECTED] (Eric W. Biederman) says:
>
> - In ipv6 ndisc_ifinfo_syctl_change so it doesn't depend on binary
> sysctl names for a function that works with proc.
:
Well, retrans_time_ms and base_reachable_time_ms superc
Andrew Morton <[EMAIL PROTECTED]> writes:
> But it is good to remove bad interfaces, if we possibly can.
>
> It is worth making the attempt. Does anyone know of anything which will
> break? I fed NET_NEIGH_ANYCAST_DELAY at random into
> http://www.google.com/codesearch and came up with nothing..
1 - 100 of 126 matches
Mail list logo
