search for: net_eq

...n at quietfountain.com> > Date: Tue, 11 Jul 2023 16:40:03 -0500 >> On 7/11/23 15:44, Andrew Lunn wrote: >> >>>>>> The current llc_rcv.c around line 166 in net/llc/llc_input.c has >> >>>>>> >> >>>>>> if (!net_eq(dev_net(dev), &init_net)) >> >>>>>> goto drop; >> >>>>>> >> >> Thank you! When you offer your patches, and you hear worries about being >> >> 'invasive', it's worth asking 'compared to wh...

..._stp_if.c b/net/bridge/br_stp_if.c > index a807996ac56b..b5143de37938 100644 > --- a/net/bridge/br_stp_if.c > +++ b/net/bridge/br_stp_if.c > @@ -201,10 +201,8 @@ int br_stp_set_enabled(struct net_bridge *br, unsigned long val, > { > ASSERT_RTNL(); > > - if (!net_eq(dev_net(br->dev), &init_net)) { > + if (!net_eq(dev_net(br->dev), &init_net)) > NL_SET_ERR_MSG_MOD(extack, "STP can't be enabled in non-root netns"); > - return -EINVAL; > - } > > if (br_mrp_enabled(br...

...changed, 5 insertions(+) diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c index 75204d36d7f9..a807996ac56b 100644 --- a/net/bridge/br_stp_if.c +++ b/net/bridge/br_stp_if.c @@ -201,6 +201,11 @@ int br_stp_set_enabled(struct net_bridge *br, unsigned long val, { ASSERT_RTNL(); + if (!net_eq(dev_net(br->dev), &init_net)) { + NL_SET_ERR_MSG_MOD(extack, "STP can't be enabled in non-root netns"); + return -EINVAL; + } + if (br_mrp_enabled(br)) { NL_SET_ERR_MSG_MOD(extack, "STP can't be enabled if MRP is already enabled"); -- 2.30.2

Hi, now that we have multi-transport upstream, I started to take a look to support network namespace (netns) in vsock. As we partially discussed in the multi-transport proposal [1], it could be nice to support network namespace in vsock to reach the following goals: - isolate host applications from guest applications using the same ports with CID_ANY - assign the same CID of VMs running in

Hi, now that we have multi-transport upstream, I started to take a look to support network namespace (netns) in vsock. As we partially discussed in the multi-transport proposal [1], it could be nice to support network namespace in vsock to reach the following goals: - isolate host applications from guest applications using the same ports with CID_ANY - assign the same CID of VMs running in

A malicious actor behind one bridge port may spam the kernel with packets with a random source MAC address, each of which will create an FDB entry, each of which is a dynamic allocation in the kernel. There are roughly 2^48 different MAC addresses, further limited by the rhashtable they are stored in to 2^31. Each entry is of the type struct net_bridge_fdb_entry, which is currently 128 bytes big.

...et/bridge/br_stp_if.c b/net/bridge/br_stp_if.c > index 75204d36d7f9..a807996ac56b 100644 > --- a/net/bridge/br_stp_if.c > +++ b/net/bridge/br_stp_if.c > @@ -201,6 +201,11 @@ int br_stp_set_enabled(struct net_bridge *br, unsigned long val, > { > ASSERT_RTNL(); > > + if (!net_eq(dev_net(br->dev), &init_net)) { > + NL_SET_ERR_MSG_MOD(extack, "STP can't be enabled in non-root netns"); > + return -EINVAL; > + } > + > if (br_mrp_enabled(br)) { > NL_SET_ERR_MSG_MOD(extack, > "STP can't be enabled if MRP is alread...

...sock.c b/net/vmw_vsock/af_vsock.c index 1e5f5ed..cdb3dd3 100644 --- a/net/vmw_vsock/af_vsock.c +++ b/net/vmw_vsock/af_vsock.c @@ -1840,6 +1840,9 @@ static const struct proto_ops vsock_stream_ops = { ?static int vsock_create(struct net *net, struct socket *sock, ? int protocol, int kern) ?{ + if (!net_eq(net, &init_net)) + return -EAFNOSUPPORT; + ? if (!sock) ? return -EINVAL; ? --? 2.8.0.rc3

This is the third version of the macvtap device driver, following another major restructuring and a lot of bug fixes: * Change macvtap to be based around a struct sock * macvtap: fix initialization * return 0 to netlink * don't use rcu for q->file and q->vlan pointers * macvtap: checkpatch.pl fixes * macvtap: fix tun IFF flags * Use a struct socket to make tx flow control work * disable

This is the third version of the macvtap device driver, following another major restructuring and a lot of bug fixes: * Change macvtap to be based around a struct sock * macvtap: fix initialization * return 0 to netlink * don't use rcu for q->file and q->vlan pointers * macvtap: checkpatch.pl fixes * macvtap: fix tun IFF flags * Use a struct socket to make tx flow control work * disable

This is the third version of the macvtap device driver, following another major restructuring and a lot of bug fixes: * Change macvtap to be based around a struct sock * macvtap: fix initialization * return 0 to netlink * don't use rcu for q->file and q->vlan pointers * macvtap: checkpatch.pl fixes * macvtap: fix tun IFF flags * Use a struct socket to make tx flow control work * disable

This series is based on Michael Tsirkin's vhost branch (v4.5-rc6). I'm about to process Claudio Imbrenda's locking fixes for virtio-vsock but first I want to share the latest version of the code. Several people are playing with vsock now so sharing the latest code should avoid duplicate work. v5: * Transport reset event for live migration support * Reorder virtqueues, drop unused

This series is based on Michael Tsirkin's vhost branch (v4.5-rc6). I'm about to process Claudio Imbrenda's locking fixes for virtio-vsock but first I want to share the latest version of the code. Several people are playing with vsock now so sharing the latest code should avoid duplicate work. v5: * Transport reset event for live migration support * Reorder virtqueues, drop unused