lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Jul 2020 18:49:45 -0700 (PDT) From: David Miller <davem@...emloft.net> To: roopa@...ulusnetworks.com Cc: kuba@...nel.org, netdev@...r.kernel.org, nikolay@...ulusnetworks.com Subject: Re: [PATCH net-next v2] rtnetlink: add support for protodown reason From: Roopa Prabhu <roopa@...ulusnetworks.com> Date: Fri, 31 Jul 2020 17:34:01 -0700 > From: Roopa Prabhu <roopa@...ulusnetworks.com> > > netdev protodown is a mechanism that allows protocols to > hold an interface down. It was initially introduced in > the kernel to hold links down by a multihoming protocol. > There was also an attempt to introduce protodown > reason at the time but was rejected. protodown and protodown reason > is supported by almost every switching and routing platform. > It was ok for a while to live without a protodown reason. > But, its become more critical now given more than > one protocol may need to keep a link down on a system > at the same time. eg: vrrp peer node, port security, > multihoming protocol. Its common for Network operators and > protocol developers to look for such a reason on a networking > box (Its also known as errDisable by most networking operators) > > This patch adds support for link protodown reason > attribute. There are two ways to maintain protodown > reasons. > (a) enumerate every possible reason code in kernel > - A protocol developer has to make a request and > have that appear in a certain kernel version > (b) provide the bits in the kernel, and allow user-space > (sysadmin or NOS distributions) to manage the bit-to-reasonname > map. > - This makes extending reason codes easier (kind of like > the iproute2 table to vrf-name map /etc/iproute2/rt_tables.d/) > > This patch takes approach (b). > > a few things about the patch: > - It treats the protodown reason bits as counter to indicate > active protodown users > - Since protodown attribute is already an exposed UAPI, > the reason is not enforced on a protodown set. Its a no-op > if not used. > the patch follows the below algorithm: > - presence of reason bits set indicates protodown > is in use > - user can set protodown and protodown reason in a > single or multiple setlink operations > - setlink operation to clear protodown, will return -EBUSY > if there are active protodown reason bits > - reason is not included in link dumps if not used > > example with patched iproute2: > $cat /etc/iproute2/protodown_reasons.d/r.conf > 0 mlag > 1 evpn > 2 vrrp > 3 psecurity > > $ip link set dev vxlan0 protodown on protodown_reason vrrp on > $ip link set dev vxlan0 protodown_reason mlag on > $ip link show > 14: vxlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode > DEFAULT group default qlen 1000 > link/ether f6:06:be:17:91:e7 brd ff:ff:ff:ff:ff:ff protodown on <mlag,vrrp> > > $ip link set dev vxlan0 protodown_reason mlag off > $ip link set dev vxlan0 protodown off protodown_reason vrrp off > > Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com> > --- > v2 - remove unnecessary helper dev_get_proto_down_reason > - move dev->proto_down_reason to use an existing hole in struct net_device Applied, thank you.
Powered by blists - more mailing lists