lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 20 Nov 2023 23:16:51 +0200
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: Daniel Borkmann <daniel@...earbox.net>, stephen@...workplumber.org
Cc: martin.lau@...nel.org, dsahern@...nel.org, netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 v2] ip, link: Add support for netkit

On 11/20/23 23:10, Daniel Borkmann wrote:
> Add base support for creating/dumping netkit devices.
> 
> Minimal example usage:
> 
>    # ip link add type netkit
>    # ip -d a
>    [...]
>    7: nk0@nk1: <BROADCAST,MULTICAST,NOARP,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
>      link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
>      netkit mode l3 type peer policy forward numtxqueues 1 numrxqueues 1 [...]
>    8: nk1@nk0: <BROADCAST,MULTICAST,NOARP,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
>      link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
>      netkit mode l3 type primary policy forward numtxqueues 1 numrxqueues 1 [...]
> 
> Example usage with netns (for BPF examples, see BPF selftests linked below):
> 
>    # ip netns add blue
>    # ip link add nk0 type netkit peer nk1 netns blue
>    # ip link set up nk0
>    # ip addr add 10.0.0.1/24 dev nk0
>    # ip -n blue link set up nk1
>    # ip -n blue addr add 10.0.0.2/24 dev nk1
>    # ping -c1 10.0.0.2
>    PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
>    64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.021 ms
> 
> Example usage with L2 mode and peer blackholing when no BPF is attached:
> 
>    # ip link add foo type netkit mode l2 forward peer blackhole bar
>    # ip -d a
>    [...]
>    13: bar@foo: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
>       link/ether 5e:5b:81:17:02:27 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
>       netkit mode l2 type peer policy blackhole numtxqueues 1 numrxqueues 1 [...]
>    14: foo@bar: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
>       link/ether de:01:a5:88:9e:99 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
>       netkit mode l2 type primary policy forward numtxqueues 1 numrxqueues 1 [...]
> 
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
> Link: https://git.kernel.org/torvalds/c/35dfaad7188c
> Link: https://git.kernel.org/torvalds/c/05c31b4ab205
> Link: https://git.kernel.org/torvalds/c/ace15f91e569
> ---
>   [ Targetted for iproute2 6.7 release. ]
> 
>   v1 -> v2:
>   - Add table-driven approach for netlink settings dump
>   - Remove matches, use strcmp
>   - Fix nit with braces
>   - Add maintainers entry
> 
>   MAINTAINERS              |   6 ++
>   ip/Makefile              |   2 +-
>   ip/iplink.c              |   4 +-
>   ip/iplink_netkit.c       | 165 +++++++++++++++++++++++++++++++++++++++
>   man/man8/ip-address.8.in |   3 +-
>   man/man8/ip-link.8.in    |  44 +++++++++++
>   6 files changed, 220 insertions(+), 4 deletions(-)
>   create mode 100644 ip/iplink_netkit.c
> 

Looks good to me,
Reviewed-by: Nikolay Aleksandrov <razor@...ckwall.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ