From: Jiri Pirko <jiri@resnulli.us>
To: David Ahern <dsahern@gmail.com>
Cc: Si-Wei Liu <si-wei.liu@oracle.com>,
mst@redhat.com, stephen@networkplumber.org,
alexander.h.duyck@intel.com, davem@davemloft.net,
jesse.brandeburg@intel.com, kubakici@wp.pl, jasowang@redhat.com,
sridhar.samudrala@intel.com, netdev@vger.kernel.org,
virtualization@lists.linux-foundation.org,
virtio-dev@lists.oasis-open.org
Subject: Re: [RFC PATCH 2/3] netdev: kernel-only IFF_HIDDEN netdevice
Date: Tue, 3 Apr 2018 17:42:10 +0200 [thread overview]
Message-ID: <20180403154210.GK3313@nanopsycho> (raw)
In-Reply-To: <8b589cd2-1abc-59c2-99f1-96df8174bb6b@gmail.com>
Sun, Apr 01, 2018 at 06:11:29PM CEST, dsahern@gmail.com wrote:
>On 4/1/18 3:13 AM, Si-Wei Liu wrote:
>> Hidden netdevice is not visible to userspace such that
>> typical network utilites e.g. ip, ifconfig and et al,
>> cannot sense its existence or configure it. Internally
>> hidden netdev may associate with an upper level netdev
>> that userspace has access to. Although userspace cannot
>> manipulate the lower netdev directly, user may control
>> or configure the underlying hidden device through the
>> upper-level netdev. For identification purpose, the
>> kobject for hidden netdev still presents in the sysfs
>> hierarchy, however, no uevent message will be generated
>> when the sysfs entry is created, modified or destroyed.
>>
>> For that end, a separate namescope needs to be carved
>> out for IFF_HIDDEN netdevs. As of now netdev name that
>> starts with colon i.e. ':' is invalid in userspace,
>> since socket ioctls such as SIOCGIFCONF use ':' as the
>> separator for ifname. The absence of namescope started
>> with ':' can rightly be used as the namescope for
>> the kernel-only IFF_HIDDEN netdevs.
>>
>> Signed-off-by: Si-Wei Liu <si-wei.liu@oracle.com>
>> ---
>> include/linux/netdevice.h | 12 ++
>> include/net/net_namespace.h | 2 +
>> net/core/dev.c | 281 ++++++++++++++++++++++++++++++++++++++------
>> net/core/net_namespace.c | 1 +
>> 4 files changed, 263 insertions(+), 33 deletions(-)
>>
>
>There are other use cases that want to hide a device from userspace. I
What usecases do you have in mind?
>would prefer a better solution than playing games with name prefixes and
>one that includes an API for users to list all devices -- even ones
>hidden by default.
Netdevice hiding feels a bit scarry for me. This smells like a workaround
for userspace issues. Why can't the netdevice be visible always and
userspace would know what is it and what should it do with it?
Once we start with hiding, there are other things related to that which
appear. Like who can see what, levels of visibility etc...
>
>https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00
>
>https://github.com/dsahern/iproute2/commit/7563f5b26f5539960e99066e34a995d22ea908ed
>
>Also, why are you suggesting that the device should still be visible via
>/sysfs? That leads to inconsistent views of networking state - /sys
>shows a device but a link dump does not.
next prev parent reply other threads:[~2018-04-03 15:42 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-01 9:13 [RFC PATCH 0/3] Userspace compatible driver model for virtio_bypass Si-Wei Liu
2018-04-01 9:13 ` [RFC PATCH 1/3] qemu: virtio-bypass should explicitly bind to a passthrough device Si-Wei Liu
2018-04-03 12:25 ` Michael S. Tsirkin
2018-04-04 8:02 ` [virtio-dev] " Siwei Liu
2018-04-05 15:31 ` Paolo Bonzini
2018-04-07 2:54 ` Siwei Liu
2018-04-01 9:13 ` [RFC PATCH 2/3] netdev: kernel-only IFF_HIDDEN netdevice Si-Wei Liu
2018-04-01 16:11 ` David Ahern
2018-04-03 7:40 ` Siwei Liu
2018-04-03 14:57 ` David Ahern
2018-04-03 15:42 ` Jiri Pirko [this message]
2018-04-03 19:23 ` Siwei Liu
2018-04-04 1:04 ` David Ahern
2018-04-04 6:19 ` Jiri Pirko
2018-04-04 8:01 ` Siwei Liu
2018-04-04 7:36 ` Siwei Liu
2018-04-04 17:21 ` David Ahern
2018-04-04 17:37 ` David Miller
2018-04-04 18:20 ` Jiri Pirko
2018-04-07 2:32 ` Siwei Liu
2018-04-07 3:19 ` Andrew Lunn
2018-04-09 22:07 ` Siwei Liu
2018-04-09 22:15 ` Andrew Lunn
2018-04-09 22:30 ` Siwei Liu
2018-04-09 23:03 ` Stephen Hemminger
2018-04-09 23:31 ` Siwei Liu
2018-04-08 16:32 ` David Miller
2018-04-10 6:48 ` Siwei Liu
2018-04-18 0:26 ` Siwei Liu
2018-04-18 23:33 ` Samudrala, Sridhar
2018-04-19 4:41 ` Michael S. Tsirkin
2018-04-19 5:00 ` [virtio-dev] " Samudrala, Sridhar
2018-04-19 5:07 ` Michael S. Tsirkin
2018-04-19 6:10 ` [virtio-dev] " Samudrala, Sridhar
2018-04-19 6:43 ` Siwei Liu
2018-04-19 6:31 ` Siwei Liu
2018-04-04 18:02 ` Siwei Liu
2018-04-04 8:28 ` Siwei Liu
2018-04-04 17:37 ` David Ahern
2018-04-04 17:42 ` David Miller
2018-04-04 17:44 ` Stephen Hemminger
2018-04-04 20:08 ` Andrew Lunn
2018-04-03 17:35 ` Stephen Hemminger
[not found] ` <CADGSJ23vZdtQzWdc_6M_Hr4MUej--wgvJ785DwRF3VaPWS1rpA@mail.gmail.com>
[not found] ` <20180403160834.51594373@xeon-e3>
2018-04-06 21:29 ` Siwei Liu
2018-04-01 9:13 ` [RFC PATCH 3/3] virtio_net: make lower netdevs for virtio_bypass hidden Si-Wei Liu
2018-04-03 12:20 ` Michael S. Tsirkin
2018-04-04 8:03 ` [virtio-dev] " Siwei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180403154210.GK3313@nanopsycho \
--to=jiri@resnulli.us \
--cc=alexander.h.duyck@intel.com \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=jasowang@redhat.com \
--cc=jesse.brandeburg@intel.com \
--cc=kubakici@wp.pl \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=si-wei.liu@oracle.com \
--cc=sridhar.samudrala@intel.com \
--cc=stephen@networkplumber.org \
--cc=virtio-dev@lists.oasis-open.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox