lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 31 Jul 2020 18:49:45 -0700 (PDT)
From:   David Miller <>
Subject: Re: [PATCH net-next v2] rtnetlink: add support for protodown reason

From: Roopa Prabhu <>
Date: Fri, 31 Jul 2020 17:34:01 -0700

> From: Roopa Prabhu <>
> netdev protodown is a mechanism that allows protocols to
> hold an interface down. It was initially introduced in
> the kernel to hold links down by a multihoming protocol.
> There was also an attempt to introduce protodown
> reason at the time but was rejected. protodown and protodown reason
> is supported by almost every switching and routing platform.
> It was ok for a while to live without a protodown reason.
> But, its become more critical now given more than
> one protocol may need to keep a link down on a system
> at the same time. eg: vrrp peer node, port security,
> multihoming protocol. Its common for Network operators and
> protocol developers to look for such a reason on a networking
> box (Its also known as errDisable by most networking operators)
> This patch adds support for link protodown reason
> attribute. There are two ways to maintain protodown
> reasons.
> (a) enumerate every possible reason code in kernel
>     - A protocol developer has to make a request and
>       have that appear in a certain kernel version
> (b) provide the bits in the kernel, and allow user-space
> (sysadmin or NOS distributions) to manage the bit-to-reasonname
> map.
> 	- This makes extending reason codes easier (kind of like
>       the iproute2 table to vrf-name map /etc/iproute2/rt_tables.d/)
> This patch takes approach (b).
> a few things about the patch:
> - It treats the protodown reason bits as counter to indicate
> active protodown users
> - Since protodown attribute is already an exposed UAPI,
> the reason is not enforced on a protodown set. Its a no-op
> if not used.
> the patch follows the below algorithm:
>   - presence of reason bits set indicates protodown
>     is in use
>   - user can set protodown and protodown reason in a
>     single or multiple setlink operations
>   - setlink operation to clear protodown, will return -EBUSY
>     if there are active protodown reason bits
>   - reason is not included in link dumps if not used
> example with patched iproute2:
> $cat /etc/iproute2/protodown_reasons.d/r.conf
> 0 mlag
> 1 evpn
> 2 vrrp
> 3 psecurity
> $ip link set dev vxlan0 protodown on protodown_reason vrrp on
> $ip link set dev vxlan0 protodown_reason mlag on
> $ip link show
> 14: vxlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
> DEFAULT group default qlen 1000
>     link/ether f6:06:be:17:91:e7 brd ff:ff:ff:ff:ff:ff protodown on <mlag,vrrp>
> $ip link set dev vxlan0 protodown_reason mlag off
> $ip link set dev vxlan0 protodown off protodown_reason vrrp off
> Signed-off-by: Roopa Prabhu <>
> ---
> v2 - remove unnecessary helper dev_get_proto_down_reason
>      - move dev->proto_down_reason to use an existing hole in struct net_device

Applied, thank you.

Powered by blists - more mailing lists