Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info only when crossing netns

[Liran Alon]

On 20/03/18 20:51, valdis.kletnieks@xxxxxx wrote:
> On Tue, 20 Mar 2018 18:39:47 +0200, Liran Alon said:
> > What is your opinion in regards if it's OK to put the flag enabling this
> > "fix" in /proc/sys/net/core? Do you think it's sufficient?
>
> Umm.. *which* /proc/sys/net/core?  These could differ for things that
> are in different namespaces.  Or are you proposing one systemwide
> global value (which also gets "interesting" if it's writable inside a
> container and changes the behavior a different container sees...)

I'm indeed proposing an opt-in system-wide global value.
I think it is the simplest approach to fix the issue at
hand here while maintaining backwards-compatibility.

I'm open to suggestions to where that system-wide
global value should be.

It must be a system-wide global value if we are not going
with the per-netdev flag approach as this system-wide global flag
should control how a skb is travelled between different netns.
So it doesn't belong to any one single netns.