lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1426864318-25132-1-git-send-email-anuradhak@cumulusnetworks.com>
Date:	Fri, 20 Mar 2015 08:11:55 -0700
From:	anuradhak@...ulusnetworks.com
To:	davem@...emloft.net
Cc:	netdev@...r.kernel.org, roopa@...ulusnetworks.com,
	gospo@...ulusnetworks.com, wkok@...ulusnetworks.com,
	anuradhak@...ulusnetworks.com
Subject: [PATCH net-next 0/3] net: introduce IFF_PROTO_DOWN flag.

From: Anuradha Karuppiah <anuradhak@...ulusnetworks.com>

Applications can detect errors in the network that would require
disabling the device independent of the admin state. In the presence of
these errors traffic could be black holed or looped resulting in a
network meltdown. Clearing the IFF_UP flag for error disabling the
device can be problematic because -

1. The administrator cannot distinguish between a user space daemon’s
error-disable and a regular device disable.
2. Applications can monitor the error state and enable the device once
the error is removed. If IFF_UP is used for this purpose the application
may end up enabling a device that the administrator has intentionally
disabled for other reasons. This could result in network changes not
expected by the admin.

To avoid these problems this patch adds a distinct IFF_PROTO_DOWN flag
for error disabling a device.

This patch introduces a netdevice proto_down field to allow multiple
applications to disable a device independent of each other. This field
is a bitmap with two defined protocols currently, MLAG and STP. Bits
can be added in the future to define other protocols that may need to
disable the device. If any of the bits in the proto_down field are set
an oper DOWN is done on the device by setting IFF_PROTO_DOWN.

IFF_PROTO_DOWN is a netdevice flag that is used to control the oper
state and also used for notifying drivers that a protocol has disabled
the device. Switch drivers could use the IFF_PROTO_DOWN flag to further
handle the error condition; for e.g. they could carrier down the device
allowing directly connected switches to quickly learn about the error
state and stop forwarding traffic to this device.

STP applications can use the proto_down control to implement BPDU guard
functionality which requires shutting down access ports on detecting
rogue switches that could take over as the root bridge.

MLAG applications can use the proto_down control to hold devices down
on the secondary switch on detecting a split-brain situation between the
MLAG-peers.

Anuradha Karuppiah (3):
  net core: Add support for netdevice proto_down.
  virtio net: Handle proto_down state by setting the carrier off.
  ip link: Config and display device proto_down bits.

Signed-off-by: Anuradha Karuppiah <anuradhak@...ulusnetworks.com>
Signed-off-by: Andy Gospodarek <gospo@...ulusnetworks.com>
Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com>
Signed-off-by: Wilson Kok <wkok@...ulusnetworks.com>

 drivers/net/virtio_net.c     |   78 +++++++++++++++++++++++++++++++++++++++---
 include/linux/netdevice.h    |    3 ++
 include/uapi/linux/if.h      |   29 +++++++++++++++-
 include/uapi/linux/if_link.h |    9 +++++
 net/8021q/vlan_dev.c         |    3 +-
 net/core/dev.c               |   36 +++++++++++++++++++
 net/core/link_watch.c        |    2 +-
 net/core/net-sysfs.c         |    2 ++
 net/core/rtnetlink.c         |   21 ++++++++++++
 9 files changed, 176 insertions(+), 7 deletions(-)

-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ