| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Mar 2015 08:11:55 -0700 From: anuradhak@...ulusnetworks.com To: davem@...emloft.net Cc: netdev@...r.kernel.org, roopa@...ulusnetworks.com, gospo@...ulusnetworks.com, wkok@...ulusnetworks.com, anuradhak@...ulusnetworks.com Subject: [PATCH net-next 0/3] net: introduce IFF_PROTO_DOWN flag. From: Anuradha Karuppiah <anuradhak@...ulusnetworks.com> Applications can detect errors in the network that would require disabling the device independent of the admin state. In the presence of these errors traffic could be black holed or looped resulting in a network meltdown. Clearing the IFF_UP flag for error disabling the device can be problematic because - 1. The administrator cannot distinguish between a user space daemon’s error-disable and a regular device disable. 2. Applications can monitor the error state and enable the device once the error is removed. If IFF_UP is used for this purpose the application may end up enabling a device that the administrator has intentionally disabled for other reasons. This could result in network changes not expected by the admin. To avoid these problems this patch adds a distinct IFF_PROTO_DOWN flag for error disabling a device. This patch introduces a netdevice proto_down field to allow multiple applications to disable a device independent of each other. This field is a bitmap with two defined protocols currently, MLAG and STP. Bits can be added in the future to define other protocols that may need to disable the device. If any of the bits in the proto_down field are set an oper DOWN is done on the device by setting IFF_PROTO_DOWN. IFF_PROTO_DOWN is a netdevice flag that is used to control the oper state and also used for notifying drivers that a protocol has disabled the device. Switch drivers could use the IFF_PROTO_DOWN flag to further handle the error condition; for e.g. they could carrier down the device allowing directly connected switches to quickly learn about the error state and stop forwarding traffic to this device. STP applications can use the proto_down control to implement BPDU guard functionality which requires shutting down access ports on detecting rogue switches that could take over as the root bridge. MLAG applications can use the proto_down control to hold devices down on the secondary switch on detecting a split-brain situation between the MLAG-peers. Anuradha Karuppiah (3): net core: Add support for netdevice proto_down. virtio net: Handle proto_down state by setting the carrier off. ip link: Config and display device proto_down bits. Signed-off-by: Anuradha Karuppiah <anuradhak@...ulusnetworks.com> Signed-off-by: Andy Gospodarek <gospo@...ulusnetworks.com> Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com> Signed-off-by: Wilson Kok <wkok@...ulusnetworks.com> drivers/net/virtio_net.c | 78 +++++++++++++++++++++++++++++++++++++++--- include/linux/netdevice.h | 3 ++ include/uapi/linux/if.h | 29 +++++++++++++++- include/uapi/linux/if_link.h | 9 +++++ net/8021q/vlan_dev.c | 3 +- net/core/dev.c | 36 +++++++++++++++++++ net/core/link_watch.c | 2 +- net/core/net-sysfs.c | 2 ++ net/core/rtnetlink.c | 21 ++++++++++++ 9 files changed, 176 insertions(+), 7 deletions(-) -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists