On Sun, Mar 13, 2016 at 8:53 PM, David Miller <da...@davemloft.net> wrote: > From: Mahesh Bandewar <mahe...@google.com> > Date: Sun, 13 Mar 2016 19:29:58 -0700 > >> On Sun, Mar 13, 2016 at 6:50 PM, David Miller <da...@davemloft.net> wrote: >>> It doesn't matter whether doing so or not makes sense. >>> >>> You're going to have to find a way to do both, and also I'm concerned >>> about how you're leaking the source namespace's "stuff" into the >>> destination's. That's very worrisome to me. >> >> If we add a new mode (e.g. L3s) and preserve current mode as is it, >> then that should address your first concern. > > Also, I don't want all of this device translation stuff all over the > place. > I could add skb->dev. Is that OK? Then non of this translation / helper-stuff is required. I'm definitely open for suggestions.
> Furthermore, when you walk across the ns boundary, that old device has > to disappear. That's why that is the device assigned to skb->dev. > The layer boundaries are not that well maintained. We do check for the xfrm policies in L4 and expect the skb->dev pointing to the L3 device. So unless we have a way to derive a L3 dev from skb->dev, I don't think xfrm will work. Unless some Xfrm-expert asserts that this is not needed. > Please stop pretending that this device switching is ok, it's not.
