From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F00311C2AF for ; Mon, 13 Nov 2023 12:42:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=blackwall-org.20230601.gappssmtp.com header.i=@blackwall-org.20230601.gappssmtp.com header.b="YaE5Usvr" Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 71F18D4C for ; Mon, 13 Nov 2023 04:42:54 -0800 (PST) Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-9e8b36e36e1so159517766b.0 for ; Mon, 13 Nov 2023 04:42:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blackwall-org.20230601.gappssmtp.com; s=20230601; t=1699879373; x=1700484173; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=HTMjA4ssyL++DWD2DVI4qlEy9E92qwo6FSpDzNmZXaU=; b=YaE5UsvrVXYpKJrzebJGEmHAZ0y6E5HsvWF0VWQ4Lq1zUkNwKoufo29QMmKstAqW50 Y7Jne5OWb1gLmnsZKGPQvWTZNhIUc3vyi3Yi1h8xTKp/wU+39ynF2ecUIGg+SxR0jP/8 cjnE/zx2ZO5C4fDNFBXSPChJ0o7/iZw6PavWwfwioiOt2Zq+xYMoy2osefSGJsLDPmag eje9YY1bG9bmU6GJ9lXKVS0/L0GUWdgSnAqjqLiXhJffGZPsFcZRN5zUEcJAP+WYadJy b2JkxdUyUbRllL8QRmUPShqpw7rFxHqkZOn+p9KrzPTvTw2pIIqAOvErpkkZQVHuMrln Rv4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699879373; x=1700484173; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HTMjA4ssyL++DWD2DVI4qlEy9E92qwo6FSpDzNmZXaU=; b=PclvTCxMRnowvgRf8H/t8Gmf/wNdzXB/2+S/0d9j//n81HxjXrmYElDFm8KdZVYwfL bZJCJrPkwD+guNbWFb33ez0tXOKqBlWp4TeYMOirjfUUbzXnB/kU5uGrmQ6I4ssWK62l 9dFVsnQDvVP6KiAruO8M9fy9MDTfZDCvdtqiZCWahkbEbzGv+EaYovSCS7gzH8OBVLB1 THspXaqBhgEZV+BqeIJTPQ44V5qnn9Tdt6ENGX5lnEs1bavT2zu4+vnXcibLHkekgdhK 6Yi6ycjId+0i9lbljQrPnQjwP8FhQ069ez1E+GRWmfixS7ad4ffx/WYZ+Ri9eLvCkfsR qx3w== X-Gm-Message-State: AOJu0YzMLM3BSIZ3wM98Qk0M7fwwVlHPCD2fBjoZUybdnKjkXkEvOzQ3 MTJgjkqEA04pQy2DjUDoEVeQ7h23TKbI2RCX4Uc= X-Google-Smtp-Source: AGHT+IG8ZgkdgxUKAigSmM2Nvh1MFykWsPWGJRnS5qoNBBLr3vnbW/vEy6Z8mrmYyX3rr54YiLnmNA== X-Received: by 2002:a17:906:1e17:b0:9d2:5cf8:e61 with SMTP id g23-20020a1709061e1700b009d25cf80e61mr4132260ejj.35.1699879372684; Mon, 13 Nov 2023 04:42:52 -0800 (PST) Received: from [192.168.0.106] (starletless.turnabout.volia.net. [93.73.214.90]) by smtp.gmail.com with ESMTPSA id ay1-20020a170906d28100b009dd606ce80fsm4000438ejb.31.2023.11.13.04.42.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 13 Nov 2023 04:42:52 -0800 (PST) Message-ID: Date: Mon, 13 Nov 2023 14:42:51 +0200 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Subject: Re: [PATCH iproute2] ip, link: Add support for netkit Content-Language: en-US To: Daniel Borkmann , stephen@networkplumber.org Cc: martin.lau@kernel.org, netdev@vger.kernel.org References: <20231113032323.14717-1-daniel@iogearbox.net> From: Nikolay Aleksandrov In-Reply-To: <20231113032323.14717-1-daniel@iogearbox.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 11/13/23 05:23, Daniel Borkmann wrote: > Add base support for creating/dumping netkit devices. > > Minimal example usage: > > # ip link add type netkit > # ip -d a > [...] > 7: nk0@nk1: mtu 1500 qdisc noop state DOWN group default qlen 1000 > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535 > netkit mode l3 type peer policy forward numtxqueues 1 numrxqueues 1 [...] > 8: nk1@nk0: mtu 1500 qdisc noop state DOWN group default qlen 1000 > link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535 > netkit mode l3 type primary policy forward numtxqueues 1 numrxqueues 1 [...] > > Example usage with netns (for BPF examples, see BPF selftests linked below): > > # ip netns add blue > # ip link add nk0 type netkit peer nk1 netns blue > # ip link set up nk0 > # ip addr add 10.0.0.1/24 dev nk0 > # ip -n blue link set up nk1 > # ip -n blue addr add 10.0.0.2/24 dev nk1 > # ping -c1 10.0.0.2 > PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. > 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.021 ms > > Example usage with L2 mode and peer blackholing when no BPF is attached: > > # ip link add foo type netkit mode l2 forward peer blackhole bar > # ip -d a > [...] > 13: bar@foo: mtu 1500 qdisc noop state DOWN group default qlen 1000 > link/ether 5e:5b:81:17:02:27 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535 > netkit mode l2 type peer policy blackhole numtxqueues 1 numrxqueues 1 [...] > 14: foo@bar: mtu 1500 qdisc noop state DOWN group default qlen 1000 > link/ether de:01:a5:88:9e:99 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535 > netkit mode l2 type primary policy forward numtxqueues 1 numrxqueues 1 [...] > > Signed-off-by: Daniel Borkmann > Link: https://git.kernel.org/torvalds/c/35dfaad7188c > Link: https://git.kernel.org/torvalds/c/05c31b4ab205 > Link: https://git.kernel.org/torvalds/c/ace15f91e569 > --- > (Targeted for iproute2 v6.7.0.) > > ip/Makefile | 2 +- > ip/iplink.c | 4 +- > ip/iplink_netkit.c | 160 +++++++++++++++++++++++++++++++++++++++ > man/man8/ip-address.8.in | 3 +- > man/man8/ip-link.8.in | 44 +++++++++++ > 5 files changed, 209 insertions(+), 4 deletions(-) > create mode 100644 ip/iplink_netkit.c > > diff --git a/ip/Makefile b/ip/Makefile > index 8fd9e295..3535ba78 100644 > --- a/ip/Makefile > +++ b/ip/Makefile > @@ -13,7 +13,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \ > ipvrf.o iplink_xstats.o ipseg6.o iplink_netdevsim.o iplink_rmnet.o \ > ipnexthop.o ipmptcp.o iplink_bareudp.o iplink_wwan.o ipioam6.o \ > iplink_amt.o iplink_batadv.o iplink_gtp.o iplink_virt_wifi.o \ > - ipstats.o > + iplink_netkit.o ipstats.o > > RTMONOBJ=rtmon.o > > diff --git a/ip/iplink.c b/ip/iplink.c > index 9a548dd3..6989cc4d 100644 > --- a/ip/iplink.c > +++ b/ip/iplink.c > @@ -46,8 +46,8 @@ void iplink_types_usage(void) > " dsa | dummy | erspan | geneve | gre | gretap | gtp | ifb |\n" > " ip6erspan | ip6gre | ip6gretap | ip6tnl |\n" > " ipip | ipoib | ipvlan | ipvtap |\n" > - " macsec | macvlan | macvtap |\n" > - " netdevsim | nlmon | rmnet | sit | team | team_slave |\n" > + " macsec | macvlan | macvtap | netdevsim |\n" > + " netkit | nlmon | rmnet | sit | team | team_slave |\n" > " vcan | veth | vlan | vrf | vti | vxcan | vxlan | wwan |\n" > " xfrm | virt_wifi }\n"); > } > diff --git a/ip/iplink_netkit.c b/ip/iplink_netkit.c > new file mode 100644 > index 00000000..c539777a > --- /dev/null > +++ b/ip/iplink_netkit.c > @@ -0,0 +1,160 @@ > +/* SPDX-License-Identifier: GPL-2.0-or-later */ > +/* > + * iplink_netkit.c netkit device management > + * > + * Authors: Daniel Borkmann > + */ > +#include > +#include > +#include > +#include > +#include > + > +#include "rt_names.h" > +#include "utils.h" > +#include "ip_common.h" > + > +static void explain(struct link_util *lu, FILE *f) > +{ > + fprintf(f, > + "Usage: ... %s [ mode MODE ] [ POLICY ] [ peer [ POLICY ] ]\n" > + "\n" > + "MODE: l3 | l2\n" > + "POLICY: forward | blackhole\n" > + "(first values are the defaults if nothing is specified)\n" > + "\n" > + "To get type 'ip link add help'.\n", > + lu->id); > +} > + > +static bool seen_mode, seen_peer; > +static struct rtattr *data; > + > +static int netkit_parse_opt(struct link_util *lu, int argc, char **argv, > + struct nlmsghdr *n) > +{ > + __u32 ifi_flags, ifi_change, ifi_index; > + struct ifinfomsg *ifm, *peer_ifm; > + int err; > + > + ifm = NLMSG_DATA(n); > + ifi_flags = ifm->ifi_flags; > + ifi_change = ifm->ifi_change; > + ifi_index = ifm->ifi_index; > + ifm->ifi_flags = 0; > + ifm->ifi_change = 0; > + ifm->ifi_index = 0; > + while (argc > 0) { > + if (matches(*argv, "mode") == 0) { matches() should not be used anymore, only strcmp > + __u32 mode = 0; > + > + NEXT_ARG(); > + if (seen_mode) > + duparg("mode", *argv); > + seen_mode = true; > + > + if (strcmp(*argv, "l3") == 0) > + mode = NETKIT_L3; > + else if (strcmp(*argv, "l2") == 0) > + mode = NETKIT_L2; minor nit: curly braces for all cases > + else { > + fprintf(stderr, "Error: argument of \"mode\" must be either \"l3\" or \"l2\"\n"); > + return -1; > + } > + addattr32(n, 1024, IFLA_NETKIT_MODE, mode); > + } else if (matches(*argv, "forward") == 0 || > + matches(*argv, "blackhole") == 0) { same about matches and strcmp > + int attr_name = seen_peer ? > + IFLA_NETKIT_PEER_POLICY : > + IFLA_NETKIT_POLICY; > + __u32 policy = 0; > + > + if (strcmp(*argv, "forward") == 0) > + policy = NETKIT_PASS; > + else if (strcmp(*argv, "blackhole") == 0) > + policy = NETKIT_DROP; > + else { > + fprintf(stderr, "Error: policy must be either \"forward\" or \"blackhole\"\n"); > + return -1; > + } same minor nit about the braces > + addattr32(n, 1024, attr_name, policy); > + } else if (matches(*argv, "peer") == 0) { matches -> strcmp > + if (seen_peer) > + duparg("peer", *(argv + 1)); > + seen_peer = true; > + } else { > + char *type = NULL; > + > + if (seen_peer) { > + data = addattr_nest(n, 1024, IFLA_NETKIT_PEER_INFO); > + n->nlmsg_len += sizeof(struct ifinfomsg); > + err = iplink_parse(argc, argv, (struct iplink_req *)n, &type); > + if (err < 0) > + return err; > + if (type) > + duparg("type", argv[err]); > + goto out_ok; > + } > + fprintf(stderr, "%s: unknown option \"%s\"?\n", > + lu->id, *argv); > + explain(lu, stderr); > + return -1; > + } > + argc--; > + argv++; > + } > +out_ok: > + if (data) { > + peer_ifm = RTA_DATA(data); > + peer_ifm->ifi_index = ifm->ifi_index; > + peer_ifm->ifi_flags = ifm->ifi_flags; > + peer_ifm->ifi_change = ifm->ifi_change; > + addattr_nest_end(n, data); > + } > + ifm->ifi_flags = ifi_flags; > + ifm->ifi_change = ifi_change; > + ifm->ifi_index = ifi_index; > + return 0; > +} > + > +static void netkit_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) > +{ > + if (!tb) > + return; > + if (tb[IFLA_NETKIT_MODE]) { > + __u32 mode = rta_getattr_u32(tb[IFLA_NETKIT_MODE]); > + const char *mode_str = > + mode == NETKIT_L2 ? "l2" : > + mode == NETKIT_L3 ? "l3" : "unknown"; > + > + print_string(PRINT_ANY, "mode", "mode %s ", mode_str); > + } > + if (tb[IFLA_NETKIT_PRIMARY]) { > + __u8 primary = rta_getattr_u8(tb[IFLA_NETKIT_PRIMARY]); > + const char *type_str = primary ? "primary" : "peer"; > + > + print_string(PRINT_ANY, "type", "type %s ", type_str); > + } > + if (tb[IFLA_NETKIT_POLICY]) { > + __u32 policy = rta_getattr_u32(tb[IFLA_NETKIT_POLICY]); > + const char *policy_str = > + policy == NETKIT_PASS ? "forward" : > + policy == NETKIT_DROP ? "blackhole" : "unknown"; > + > + print_string(PRINT_ANY, "policy", "policy %s ", policy_str); > + } > +} > + > +static void netkit_print_help(struct link_util *lu, > + int argc, char **argv, FILE *f) > +{ > + explain(lu, f); > +} > + > +struct link_util netkit_link_util = { > + .id = "netkit", > + .maxattr = IFLA_NETKIT_MAX, > + .parse_opt = netkit_parse_opt, > + .print_opt = netkit_print_opt, > + .print_help = netkit_print_help, > +}; > diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in > index b9a476a5..9d34a6a1 100644 > --- a/man/man8/ip-address.8.in > +++ b/man/man8/ip-address.8.in > @@ -146,7 +146,8 @@ ip-address \- protocol address management > .BR ipvlan " |" > .BR lowpan " |" > .BR geneve " |" > -.BR macsec " ]" > +.BR macsec " |" > +.BR netkit " ]" > > .SH "DESCRIPTION" > The > diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in > index e82b2dbb..ca49b008 100644 > --- a/man/man8/ip-link.8.in > +++ b/man/man8/ip-link.8.in > @@ -247,6 +247,7 @@ ip-link \- network device configuration > .BR macvlan " | " > .BR macvtap " | " > .BR netdevsim " |" > +.BR netkit " |" > .BR nlmon " |" > .BR rmnet " |" > .BR sit " |" > @@ -384,6 +385,9 @@ Link types: > .BR netdevsim > - Interface for netdev API tests > .sp > +.BR netkit > +- BPF-programmable network device > +.sp > .BR nlmon > - Netlink monitoring device > .sp > @@ -848,6 +852,46 @@ tunnel. > > .in -8 > > +.TP > +netkit Type Support > +For a link of type > +.I netkit > +the following additional arguments are supported: > + > +.BI "ip link add " DEVICE > +.BR type " netkit " > +[ > +.BI mode " MODE " > +] [ > +.I "POLICY " > +] [ > +.BR peer > +[ > +.I "POLICY " > +] [ > +.I "NAME " > +] ] > + > +.in +8 > + > +.sp > +.BI mode " MODE" > +- specifies the operation mode of the netkit device with "l3" and "l2" > +as possible values. Default option is "l3". > + > +.sp > +.I "POLICY" > +- specifies the default device policy when no BPF programs are attached > +with "forward" and "blackhole" as possible values. Default option is > +"forward". Specifying policy before the peer option refers to the primary > +device, after the peer option refers to the peer device. > + > +.sp > +.I "NAME" > +- specifies the device name of the peer device. > + > +.in -8 > + > .TP > IPIP, SIT Type Support > For a link of type