| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Jul 2020 18:49:45 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: roopa@...ulusnetworks.com
Cc: kuba@...nel.org, netdev@...r.kernel.org,
nikolay@...ulusnetworks.com
Subject: Re: [PATCH net-next v2] rtnetlink: add support for protodown reason
From: Roopa Prabhu <roopa@...ulusnetworks.com>
Date: Fri, 31 Jul 2020 17:34:01 -0700
> From: Roopa Prabhu <roopa@...ulusnetworks.com>
>
> netdev protodown is a mechanism that allows protocols to
> hold an interface down. It was initially introduced in
> the kernel to hold links down by a multihoming protocol.
> There was also an attempt to introduce protodown
> reason at the time but was rejected. protodown and protodown reason
> is supported by almost every switching and routing platform.
> It was ok for a while to live without a protodown reason.
> But, its become more critical now given more than
> one protocol may need to keep a link down on a system
> at the same time. eg: vrrp peer node, port security,
> multihoming protocol. Its common for Network operators and
> protocol developers to look for such a reason on a networking
> box (Its also known as errDisable by most networking operators)
>
> This patch adds support for link protodown reason
> attribute. There are two ways to maintain protodown
> reasons.
> (a) enumerate every possible reason code in kernel
> - A protocol developer has to make a request and
> have that appear in a certain kernel version
> (b) provide the bits in the kernel, and allow user-space
> (sysadmin or NOS distributions) to manage the bit-to-reasonname
> map.
> - This makes extending reason codes easier (kind of like
> the iproute2 table to vrf-name map /etc/iproute2/rt_tables.d/)
>
> This patch takes approach (b).
>
> a few things about the patch:
> - It treats the protodown reason bits as counter to indicate
> active protodown users
> - Since protodown attribute is already an exposed UAPI,
> the reason is not enforced on a protodown set. Its a no-op
> if not used.
> the patch follows the below algorithm:
> - presence of reason bits set indicates protodown
> is in use
> - user can set protodown and protodown reason in a
> single or multiple setlink operations
> - setlink operation to clear protodown, will return -EBUSY
> if there are active protodown reason bits
> - reason is not included in link dumps if not used
>
> example with patched iproute2:
> $cat /etc/iproute2/protodown_reasons.d/r.conf
> 0 mlag
> 1 evpn
> 2 vrrp
> 3 psecurity
>
> $ip link set dev vxlan0 protodown on protodown_reason vrrp on
> $ip link set dev vxlan0 protodown_reason mlag on
> $ip link show
> 14: vxlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
> DEFAULT group default qlen 1000
> link/ether f6:06:be:17:91:e7 brd ff:ff:ff:ff:ff:ff protodown on <mlag,vrrp>
>
> $ip link set dev vxlan0 protodown_reason mlag off
> $ip link set dev vxlan0 protodown off protodown_reason vrrp off
>
> Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com>
> ---
> v2 - remove unnecessary helper dev_get_proto_down_reason
> - move dev->proto_down_reason to use an existing hole in struct net_device
Applied, thank you.
Powered by blists - more mailing lists