lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20220207030134.GA5614@dhcp-10-157-36-190>
Date:   Mon, 7 Feb 2022 11:01:34 +0800
From:   Geliang Tang <geliang.tang@...e.com>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org,
        mptcp@...ts.linux.dev, Paolo Abeni <pabeni@...hat.com>,
        Mat Martineau <mathew.j.martineau@...ux.intel.com>
Subject: Re: [PATCH iproute2-next] mptcp: add the fullmesh flag setting
 support

On Fri, Feb 04, 2022 at 10:17:34AM -0800, Stephen Hemminger wrote:
> On Fri,  4 Feb 2022 11:29:03 +0800
> Geliang Tang <geliang.tang@...e.com> wrote:
> 
> > This patch added the fullmesh flag setting support, use it like this:
> > 
> >  ip mptcp endpoint change id 1 fullmesh
> >  ip mptcp endpoint change id 1 nofullmesh
> >  ip mptcp endpoint change id 1 backup fullmesh
> >  ip mptcp endpoint change id 1 nobackup nofullmesh
> > 
> > Add the fullmesh flag check for the adding address, the fullmesh flag
> > can't be used with the signal flag in that case.
> > 
> > Update the port keyword check for the setting flags, allow to use the
> > port keyword with the non-signal flags. Don't allow to use the port
> > keyword with the id number.
> > 
> > Update the usage of 'ip mptcp endpoint change', it can be used in two
> > forms, using the address directly or the id number of the address:
> > 
> >  ip mptcp endpoint change id 1 fullmesh
> >  ip mptcp endpoint change 10.0.2.1 fullmesh
> >  ip mptcp endpoint change 10.0.2.1 port 10100 fullmesh
> > 
> > Acked-by: Paolo Abeni <pabeni@...hat.com>
> > Acked-by: Mat Martineau <mathew.j.martineau@...ux.intel.com>
> > Signed-off-by: Geliang Tang <geliang.tang@...e.com>
> 
> I don't see  any parts in here to show the flag settings?
> 

Hi Stephen,

Thanks for your review.

We use the 'ip mptcp endpoint change flags' command to set the flags of the
given address. It's a little strange because we use 'set flags' in the
kernel space (like MPTCP_PM_CMD_SET_FLAGS, mptcp_nl_cmd_set_flags), but
'change flags' in the user space.

Before applying this patch, we can only set the backup flag:

> sudo ip mptcp endpoint add 10.0.2.1 subflow
> sudo ip mptcp endpoint show
10.0.2.1 id 1 subflow
> sudo ip mptcp endpoint change id 1 backup
> sudo ip mptcp endpoint show
10.0.2.1 id 1 subflow backup 
> sudo ip mptcp endpoint change id 1 nobackup
> sudo ip mptcp endpoint show
10.0.2.1 id 1 subflow

The commit 73c762c1f07d ("mptcp: set fullmesh flag in pm_netlink") is
merged to net-next recently. It added the fullmesh flag setting in the
kernel space.

We need to let the fullmesh flag not be blocked in the user space. So this
patch added this code:

 +                       /* allow changing the 'backup' and 'fullmesh' flags only */
                         if (cmd == MPTCP_PM_CMD_SET_FLAGS &&
 -                           (flags & ~MPTCP_PM_ADDR_FLAG_BACKUP))
 +                           (flags & ~(MPTCP_PM_ADDR_FLAG_BACKUP |
 +                                      MPTCP_PM_ADDR_FLAG_FULLMESH)))
                                 invarg("invalid flags\n", *argv);

Now we can set the fullmesh flag like this:

> sudo ip mptcp endpoint flush
> sudo ip mptcp endpoint add 10.0.2.1 subflow
> sudo ip mptcp endpoint show
10.0.2.1 id 1 subflow 
> sudo ip mptcp endpoint change id 1 fullmesh
> sudo ip mptcp endpoint show
10.0.2.1 id 1 subflow fullmesh 
> sudo ip mptcp endpoint change id 1 nofullmesh
> sudo ip mptcp endpoint show
10.0.2.1 id 1 subflow 

This patch also added the related flags checks and updated the usage.

Thanks,

Geliang
SUSE

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ