[PATCH net 00/12] net: iflink and link-netnsid fixes
by Sabrina Dubroca
In a lot of places, we use this kind of comparison to detect if a
device has a lower link:
dev->ifindex != dev_get_iflink(dev)
This seems to be a leftover of the pre-netns days, when the ifindex
was unique over the whole system. Nowadays, with network namespaces,
it's very easy to create a device with the same ifindex as its lower
link:
ip netns add main
ip netns add peer
ip -net main link add dummy0 type dummy
ip -net main link add link dummy0 macvlan0 netns peer type macvlan
ip -net main link show type dummy
9: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop ...
ip -net peer link show type macvlan
9: macvlan0@if9: <BROADCAST,MULTICAST> mtu 1500 qdisc noop ...
To detect if a device has a lower link, we can simply check the
existence of the dev->netdev_ops->ndo_get_iflink operation, instead of
checking its return value. In particular, I attempted to fix one of
these checks in commit feadc4b6cf42 ("rtnetlink: always put IFLA_LINK
for links with a link-netnsid"), but this patch isn't correct, since
tunnel devices can export IFLA_LINK_NETNSID without IFLA_LINK. That
patch needs to be reverted.
This series will fix all those bogus comparisons, and export missing
IFLA_LINK_NETNSID attributes in bridge and ipv6 dumps.
ipvlan and geneve are also missing the get_link_net operation, so
userspace can't know when those device are cross-netns. There are a
couple of other device types that have an ndo_get_iflink op but no
get_link_net (virt_wifi, ipoib), and should probably also have a
get_link_net.
Sabrina Dubroca (12):
ipvlan: add get_link_net
geneve: add get_link_net
Revert "rtnetlink: always put IFLA_LINK for links with a link-netnsid"
rtnetlink: always put IFLA_LINK for links with ndo_get_iflink
bridge: always put IFLA_LINK for ports with ndo_get_iflink
bridge: advertise IFLA_LINK_NETNSID when dumping bridge ports
ipv6: always put IFLA_LINK for devices with ndo_get_iflink
ipv6: advertise IFLA_LINK_NETNSID when dumping ipv6 addresses
net: link_watch: fix operstate when the link has the same index as the
device
net: link_watch: fix detection of urgent events
batman-adv: fix iflink detection in batadv_is_on_batman_iface
batman-adv: fix detection of lower link in batadv_get_real_netdevice
drivers/net/can/vxcan.c | 2 +-
drivers/net/geneve.c | 8 ++++++++
drivers/net/ipvlan/ipvlan_main.c | 9 +++++++++
drivers/net/veth.c | 2 +-
include/net/rtnetlink.h | 4 ++++
net/batman-adv/hard-interface.c | 4 ++--
net/bridge/br_netlink.c | 4 +++-
net/core/link_watch.c | 4 ++--
net/core/rtnetlink.c | 25 ++++++++++++-------------
net/ipv6/addrconf.c | 11 ++++++++++-
10 files changed, 52 insertions(+), 21 deletions(-)
--
2.28.0
8 months, 3 weeks
[syzbot] WARNING: ODEBUG bug in batadv_v_ogm_free
by syzbot
Hello,
syzbot found the following issue on:
HEAD commit: 44cc24b04bed Merge tag 'wireless-drivers-next-2021-10-07' ..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=130661b8b00000
kernel config: https://syzkaller.appspot.com/x/.config?x=97f67871098c6901
dashboard link: https://syzkaller.appspot.com/bug?extid=0ef06384b5f39a16ebb9
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1361e884b00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1472de98b00000
The issue was bisected to:
commit 9ee11f0fff205b4b3df9750bff5e94f97c71b6a0
Author: Justin Iurman <justin.iurman(a)uliege.be>
Date: Tue Jul 20 19:42:57 2021 +0000
ipv6: ioam: Data plane support for Pre-allocated Trace
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12c661b8b00000
final oops: https://syzkaller.appspot.com/x/report.txt?x=11c661b8b00000
console output: https://syzkaller.appspot.com/x/log.txt?x=16c661b8b00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0ef06384b5f39a16ebb9(a)syzkaller.appspotmail.com
Fixes: 9ee11f0fff20 ("ipv6: ioam: Data plane support for Pre-allocated Trace")
R13: 00007ffc310f3710 R14: 00007ffc310f3760 R15: 0000000000000001
------------[ cut here ]------------
ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0
WARNING: CPU: 1 PID: 6548 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Modules linked in:
CPU: 1 PID: 6548 Comm: syz-executor580 Not tainted 5.15.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd c0 3e e4 89 4c 89 ee 48 c7 c7 c0 32 e4 89 e8 29 8d 16 05 <0f> 0b 83 05 55 18 91 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:ffffc90002bdee90 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
RDX: ffff88801c395580 RSI: ffffffff815dbbc8 RDI: fffff5200057bdc4
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815d596e R11: 0000000000000000 R12: ffffffff898de200
R13: ffffffff89e43940 R14: ffffffff8164b870 R15: 1ffff9200057bddd
FS: 000055555617e300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f868a8856c0 CR3: 0000000024660000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
debug_object_assert_init lib/debugobjects.c:895 [inline]
debug_object_assert_init+0x1f4/0x2e0 lib/debugobjects.c:866
debug_timer_assert_init kernel/time/timer.c:739 [inline]
debug_assert_init kernel/time/timer.c:784 [inline]
del_timer+0x6d/0x110 kernel/time/timer.c:1204
try_to_grab_pending+0x6d/0xd0 kernel/workqueue.c:1270
__cancel_work_timer+0xa6/0x570 kernel/workqueue.c:3129
batadv_v_ogm_free+0x1f/0xd0 net/batman-adv/bat_v_ogm.c:1076
batadv_mesh_free+0x75/0x170 net/batman-adv/main.c:244
batadv_mesh_init+0x62f/0x710 net/batman-adv/main.c:226
batadv_softif_init_late+0xad4/0xdd0 net/batman-adv/soft-interface.c:804
register_netdevice+0x51e/0x1500 net/core/dev.c:10236
batadv_softif_newlink+0x6e/0x90 net/batman-adv/soft-interface.c:1068
__rtnl_newlink+0x106d/0x1750 net/core/rtnetlink.c:3458
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3506
rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2485
netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
netlink_sendmsg+0x86d/0xda0 net/netlink/af_netlink.c:1910
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:724
__sys_sendto+0x21c/0x320 net/socket.c:2036
__do_sys_sendto net/socket.c:2048 [inline]
__se_sys_sendto net/socket.c:2044 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:2044
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f4cb72c2829
Code: b2 01 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc310f36a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f4cb72c2829
RDX: 000000000000ad2a RSI: 0000000020000000 RDI: 0000000000000004
RBP: 00007ffc310f3710 R08: 0000000000000000 R09: 4b6ae4f95a5de394
R10: 0000000000007812 R11: 0000000000000246 R12: 0000000000000005
R13: 00007ffc310f3710 R14: 00007ffc310f3760 R15: 0000000000000001
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller(a)googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
1 year, 2 months
[PATCH 4.9 0/7] batman-adv: Fixes for stable/linux-4.9.y
by Sven Eckelmann
Hi,
I went through all changes in batman-adv since v4.9 with a Fixes: line
and checked whether they were backported to the LTS kernels. The ones which
weren't ported and applied to this branch are now part of this patch series.
There are also following three patches included:
* batman-adv: Consider fragmentation for needed_headroom
* batman-adv: Reserve needed_*room for fragments
* batman-adv: Don't always reallocate the fragmentation skb head
which could in some circumstances cause packet loss but which were created
to fix high CPU load/low throughput problems. But I've added them here
anyway because the corresponding VXLAN patches were also added to stable.
And some stable kernels also got these fixes a while back.
Kind regards,
Sven
Linus Lüssing (3):
batman-adv: Fix own OGM check in aggregated OGMs
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from
LAN
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to
mesh
Sven Eckelmann (4):
batman-adv: Keep fragments equally sized
batman-adv: Consider fragmentation for needed_headroom
batman-adv: Reserve needed_*room for fragments
batman-adv: Don't always reallocate the fragmentation skb head
net/batman-adv/bat_v_ogm.c | 11 +--
net/batman-adv/bridge_loop_avoidance.c | 103 +++++++++++++++++++++----
net/batman-adv/fragmentation.c | 42 ++++++----
net/batman-adv/hard-interface.c | 3 +
net/batman-adv/multicast.c | 31 ++++++++
net/batman-adv/multicast.h | 15 ++++
net/batman-adv/soft-interface.c | 5 +-
7 files changed, 172 insertions(+), 38 deletions(-)
--
2.30.2
1 year, 2 months
[PATCH 4.4 00/11] batman-adv: Fixes for stable/linux-4.4.y
by Sven Eckelmann
Hi,
I went through all changes in batman-adv since v4.4 with a Fixes: line
and checked whether they were backported to the LTS kernels. The ones which
weren't ported and applied to this branch are now part of this patch series.
There are also following three patches included:
* batman-adv: Consider fragmentation for needed_headroom
* batman-adv: Reserve needed_*room for fragments
* batman-adv: Don't always reallocate the fragmentation skb head
which could in some circumstances cause packet loss but which were created
to fix high CPU load/low throughput problems. But I've added them here
anyway because the corresponding VXLAN patches were also added to stable.
And some stable kernels also got these fixes a while back.
Kind regards,
Sven
Linus Lüssing (4):
batman-adv: Fix multicast TT issues with bogus ROAM flags
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from
LAN
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from
mesh
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to
mesh
Sven Eckelmann (6):
batman-adv: Keep fragments equally sized
batman-adv: Prevent duplicated softif_vlan entry
batman-adv: Consider fragmentation for needed_headroom
batman-adv: Reserve needed_*room for fragments
batman-adv: Don't always reallocate the fragmentation skb head
batman-adv: Avoid WARN_ON timing related checks
Taehee Yoo (1):
batman-adv: set .owner to THIS_MODULE
net/batman-adv/bat_iv_ogm.c | 4 +-
net/batman-adv/bridge_loop_avoidance.c | 133 ++++++++++++++++++++-----
net/batman-adv/bridge_loop_avoidance.h | 4 +-
net/batman-adv/debugfs.c | 1 +
net/batman-adv/fragmentation.c | 41 +++++---
net/batman-adv/hard-interface.c | 3 +
net/batman-adv/multicast.c | 31 ++++++
net/batman-adv/multicast.h | 15 +++
net/batman-adv/soft-interface.c | 31 +++---
net/batman-adv/translation-table.c | 6 +-
10 files changed, 215 insertions(+), 54 deletions(-)
--
2.30.2
1 year, 2 months
[PATCH 4.14 0/5] batman-adv: Fixes for stable/linux-4.14.y
by Sven Eckelmann
Hi,
I went through all changes in batman-adv since v4.14 with a Fixes: line
and checked whether they were backported to the LTS kernels. The ones which
weren't ported and applied to this branch are now part of this patch series.
There are also following three patches included:
* batman-adv: Consider fragmentation for needed_headroom
* batman-adv: Reserve needed_*room for fragments
* batman-adv: Don't always reallocate the fragmentation skb head
which could in some circumstances cause packet loss but which were created
to fix high CPU load/low throughput problems. But I've added them here
anyway because the corresponding VXLAN patches were also added to stable.
And some stable kernels also got these fixes a while back.
Kind regards,
Sven
Linus Lüssing (2):
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from
LAN
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to
mesh
Sven Eckelmann (3):
batman-adv: Consider fragmentation for needed_headroom
batman-adv: Reserve needed_*room for fragments
batman-adv: Don't always reallocate the fragmentation skb head
net/batman-adv/bridge_loop_avoidance.c | 103 +++++++++++++++++++++----
net/batman-adv/fragmentation.c | 26 ++++---
net/batman-adv/hard-interface.c | 3 +
net/batman-adv/multicast.c | 31 ++++++++
net/batman-adv/multicast.h | 15 ++++
net/batman-adv/soft-interface.c | 5 +-
6 files changed, 154 insertions(+), 29 deletions(-)
--
2.30.2
1 year, 2 months
[PATCH 4.19 0/4] batman-adv: Fixes for stable/linux-4.19.y
by Sven Eckelmann
Hi,
I went through all changes in batman-adv since v4.19 with a Fixes: line
and checked whether they were backported to the LTS kernels. The ones which
weren't ported and applied to this branch are now part of this patch series.
There are also following three patches included:
* batman-adv: Consider fragmentation for needed_headroom
* batman-adv: Reserve needed_*room for fragments
* batman-adv: Don't always reallocate the fragmentation skb head
which could in some circumstances cause packet loss but which were created
to fix high CPU load/low throughput problems. But I've added them here
anyway because the corresponding VXLAN patches were also added to stable.
And some stable kernels also got these fixes a while back.
Kind regards,
Sven
Linus Lüssing (1):
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from
LAN
Sven Eckelmann (3):
batman-adv: Consider fragmentation for needed_headroom
batman-adv: Reserve needed_*room for fragments
batman-adv: Don't always reallocate the fragmentation skb head
net/batman-adv/fragmentation.c | 26 ++++++++++++++++----------
net/batman-adv/hard-interface.c | 3 +++
net/batman-adv/multicast.c | 31 +++++++++++++++++++++++++++++++
net/batman-adv/multicast.h | 15 +++++++++++++++
net/batman-adv/soft-interface.c | 5 ++---
5 files changed, 67 insertions(+), 13 deletions(-)
--
2.30.2
1 year, 2 months
[PATCH 5.4 0/3] batman-adv: Fixes for stable/linux-4.19.y
by Sven Eckelmann
Hi,
I went through all changes in batman-adv since v4.19 with a Fixes: line
and checked whether they were backported to the LTS kernels. The ones which
weren't ported and applied to this branch are now part of this patch series.
For this kernel version, I only found following three patches:
* batman-adv: Consider fragmentation for needed_headroom
* batman-adv: Reserve needed_*room for fragments
* batman-adv: Don't always reallocate the fragmentation skb head
which could in some circumstances cause packet loss but which were created
to fix high CPU load/low throughput problems. But I've added them here
anyway because the corresponding VXLAN patches were also added to stable.
And some stable kernels also got these fixes a while back.
Kind regards,
Sven
Sven Eckelmann (3):
batman-adv: Consider fragmentation for needed_headroom
batman-adv: Reserve needed_*room for fragments
batman-adv: Don't always reallocate the fragmentation skb head
net/batman-adv/fragmentation.c | 26 ++++++++++++++++----------
net/batman-adv/hard-interface.c | 3 +++
2 files changed, 19 insertions(+), 10 deletions(-)
--
2.30.2
1 year, 2 months
Unable to get DHCP after join wlan0 WIFI mesh network
by Dweb Fan
Dear all,
Thanks for making such a great project!
I'm following the guide from
https://github.com/binnes/WiFiMeshRaspberryPi, and setting up wifi
mesh network on top of raspberry pi 3B+. Below steps are good now:
- batctl ping works (peer can ping each other through both IP and MAC address)
- mac os wifi client can discover the ad-host network, and join the network
But, after joining the wifi network, the client can not get DHCP, and
I did below debugging
1. configure static IP in the same subnet at the mac OS wifi client
manually, and unable to ping other nodes
2. I run "batctl td bat0" to dump packets, and I am unable to see
packets from wifi client MAC address
3. I run "batctl td wlan0" to dump packets, and I can see dhcp
request, but unable to see further packets
$ sudo batctl td -p 256 wlan0
09:01:23.945726 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
Request from 18:65:90:d1:cf:79, length 300
09:01:26.457608 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
Request from 18:65:90:d1:cf:79, length 300
09:01:30.999474 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
Request from 18:65:90:d1:cf:79, length 300
09:01:39.903231 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP,
Request from 18:65:90:d1:cf:79, length 300
4. I follow the document
https://www.kernel.org/doc/Documentation/networking/batman-adv.txt,
but seems like unable to see batman related files/folders under
/sys/class/net/wlan0. Here is output:
$ ls /sys/class/net/wlan0
addr_assign_type carrier device duplex
ifindex mtu operstate phys_switch_id speed
tx_queue_len wireless
address carrier_changes dev_id flags
iflink name_assign_type phy80211 power
statistics type
addr_len carrier_down_count dev_port gro_flush_timeout
link_mode napi_defer_hard_irqs phys_port_id proto_down
subsystem uevent
broadcast carrier_up_count dormant ifalias
master netdev_group phys_port_name queues
testing upper_bat0
I searched from google, and seems all documents only mentioned about
setting up bat0 interfaces, but not one like me. So wonder to know if
anyone here can share insight on how to debug it.
More information for your reference:
- Hardware: Raspberry PI 3B+
- OS Image: The latest 64bit Raspberry OS
- Kernel: 5.10.63-v8+ #1459 SMP PREEMPT Wed Oct 6 16:42:49 BST 2021 aarch64
- Batctl version: 2021.3
- Output of "batctl if"
$ sudo batctl if
wlan0: active
- Output of "ifconfig"
$ ifconfig
bat0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.199.1 netmask 255.255.255.0 broadcast 192.168.199.255
inet6 fe80::1eba:7eaf:a368:c6b prefixlen 64 scopeid 0x20<link>
ether 26:62:68:1a:9e:60 txqueuelen 1000 (Ethernet)
RX packets 459 bytes 19278 (18.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1 bytes 54 (54.0 B)
TX errors 0 dropped 124 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.45 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fd7d:f80:9055:0:1d0c:6985:efd9:a41 prefixlen 64
scopeid 0x0<global>
inet6 2601:646:8600:6ba:a5c0:ef19:893f:d9b3 prefixlen 64
scopeid 0x0<global>
inet6 fd7d:f80:9055::5a8 prefixlen 128 scopeid 0x0<global>
inet6 fe80::2435:6879:8cc:a782 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:14:84:89 txqueuelen 1000 (Ethernet)
RX packets 2943 bytes 484286 (472.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 582 bytes 86581 (84.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 9 bytes 728 (728.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 728 (728.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 169.254.75.154 netmask 255.255.0.0 broadcast 169.254.255.255
inet6 fe80::ba27:ebff:fe41:d1dc prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:41:d1:dc txqueuelen 1000 (Ethernet)
RX packets 289 bytes 91371 (89.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4084 bytes 467767 (456.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- Files under /sys/class/net/bat0
$ tree /sys/class/net/bat0
/sys/class/net/bat0
├── addr_assign_type
├── address
├── addr_len
├── broadcast
├── carrier
├── carrier_changes
├── carrier_down_count
├── carrier_up_count
├── dev_id
├── dev_port
├── dormant
├── duplex
├── flags
├── gro_flush_timeout
├── ifalias
├── ifindex
├── iflink
├── link_mode
├── lower_wlan0 ->
../../../platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1/net/wlan0
├── mtu
├── name_assign_type
├── napi_defer_hard_irqs
├── netdev_group
├── operstate
├── phys_port_id
├── phys_port_name
├── phys_switch_id
├── power
│ ├── autosuspend_delay_ms
│ ├── control
│ ├── runtime_active_time
│ ├── runtime_status
│ └── runtime_suspended_time
├── proto_down
├── queues
│ ├── rx-0
│ │ ├── rps_cpus
│ │ └── rps_flow_cnt
│ └── tx-0
│ ├── byte_queue_limits
│ │ ├── hold_time
│ │ ├── inflight
│ │ ├── limit
│ │ ├── limit_max
│ │ └── limit_min
│ ├── traffic_class
│ ├── tx_maxrate
│ ├── tx_timeout
│ ├── xps_cpus
│ └── xps_rxqs
├── speed
├── statistics
│ ├── collisions
│ ├── multicast
│ ├── rx_bytes
│ ├── rx_compressed
│ ├── rx_crc_errors
│ ├── rx_dropped
│ ├── rx_errors
│ ├── rx_fifo_errors
│ ├── rx_frame_errors
│ ├── rx_length_errors
│ ├── rx_missed_errors
│ ├── rx_nohandler
│ ├── rx_over_errors
│ ├── rx_packets
│ ├── tx_aborted_errors
│ ├── tx_bytes
│ ├── tx_carrier_errors
│ ├── tx_compressed
│ ├── tx_dropped
│ ├── tx_errors
│ ├── tx_fifo_errors
│ ├── tx_heartbeat_errors
│ ├── tx_packets
│ └── tx_window_errors
├── subsystem -> ../../../../class/net
├── testing
├── tx_queue_len
├── type
└── uevent
8 directories, 73 files
Looking forward to hearing from you and have a good day!
Best Regards
Dweb
1 year, 2 months
[PATCHv3] batman-adv: allow netlink usage in unprivileged containers
by Linus Lüssing
Currently, creating a batman-adv interface in an unprivileged LXD
container and attaching secondary interfaces to it with "ip" or "batctl"
works fine. However all batctl debug and configuration commands
fail:
root@container:~# batctl originators
Error received: Operation not permitted
root@container:~# batctl orig_interval
1000
root@container:~# batctl orig_interval 2000
root@container:~# batctl orig_interval
1000
To fix this change the generic netlink permissions from GENL_ADMIN_PERM
to GENL_UNS_ADMIN_PERM. This way a batman-adv interface is fully
maintainable as root from within a user namespace, from an unprivileged
container.
All except one batman-adv netlink setting are per interface and do not
leak information or change settings from the host system and are
therefore save to retrieve or modify as root from within an unprivileged
container.
"batctl routing_algo" / BATADV_CMD_GET_ROUTING_ALGOS is the only
exception: It provides the batman-adv kernel module wide default routing
algorithm. However it is read-only from netlink and an unprivileged
container is still not allowed to modify
/sys/module/batman_adv/parameters/routing_algo. Instead it is advised to
use the newly introduced "batctl if create routing_algo RA_NAME" /
IFLA_BATADV_ALGO_NAME to set the routing algorithm on interface
creation, which already works fine in an unprivileged container.
Cc: Tycho Andersen <tycho(a)tycho.pizza>
Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue>
---
Changelog v3:
* adding compatibility code for Linux < 4.6
Changelog v2:
* updating Tycho Andersen's email in Cc as @canonical.com returned an
"Undelivered Mail Returned to Sender"
Cc'ing Tycho Andersen as he introduced the GENL_UNS_ADMIN_PERM in the
following commit:
4a92602aa1cd ("openvswitch: allow management from inside user namespaces")
compat-include/uapi/linux/genetlink.h | 22 ++++++++++++++++++++
net/batman-adv/netlink.c | 30 +++++++++++++--------------
2 files changed, 37 insertions(+), 15 deletions(-)
create mode 100644 compat-include/uapi/linux/genetlink.h
diff --git a/compat-include/uapi/linux/genetlink.h b/compat-include/uapi/linux/genetlink.h
new file mode 100644
index 00000000..5fd58e22
--- /dev/null
+++ b/compat-include/uapi/linux/genetlink.h
@@ -0,0 +1,22 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/* Copyright (C) B.A.T.M.A.N. contributors:
+ *
+ * Marek Lindner, Simon Wunderlich
+ *
+ * This file contains macros for maintaining compatibility with older versions
+ * of the Linux kernel.
+ */
+
+#ifndef _NET_BATMAN_ADV_COMPAT_UAPI_LINUX_GENETLINK_H_
+#define _NET_BATMAN_ADV_COMPAT_UAPI_LINUX_GENETLINK_H_
+
+#include <linux/version.h>
+#include_next <uapi/linux/genetlink.h>
+
+#if LINUX_VERSION_IS_LESS(4, 6, 0)
+
+#define GENL_UNS_ADMIN_PERM GENL_ADMIN_PERM
+
+#endif /* LINUX_VERSION_IS_LESS(4, 6, 0) */
+
+#endif /* _NET_BATMAN_ADV_COMPAT_UAPI_LINUX_GENETLINK_H_ */
diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c
index 29276284..00875e1d 100644
--- a/net/batman-adv/netlink.c
+++ b/net/batman-adv/netlink.c
@@ -1368,21 +1368,21 @@ static const struct genl_small_ops batadv_netlink_ops[] = {
{
.cmd = BATADV_CMD_TP_METER,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_tp_meter_start,
.internal_flags = BATADV_FLAG_NEED_MESH,
},
{
.cmd = BATADV_CMD_TP_METER_CANCEL,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_tp_meter_cancel,
.internal_flags = BATADV_FLAG_NEED_MESH,
},
{
.cmd = BATADV_CMD_GET_ROUTING_ALGOS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_algo_dump,
},
{
@@ -1397,68 +1397,68 @@ static const struct genl_small_ops batadv_netlink_ops[] = {
{
.cmd = BATADV_CMD_GET_TRANSTABLE_LOCAL,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_tt_local_dump,
},
{
.cmd = BATADV_CMD_GET_TRANSTABLE_GLOBAL,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_tt_global_dump,
},
{
.cmd = BATADV_CMD_GET_ORIGINATORS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_orig_dump,
},
{
.cmd = BATADV_CMD_GET_NEIGHBORS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_hardif_neigh_dump,
},
{
.cmd = BATADV_CMD_GET_GATEWAYS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_gw_dump,
},
{
.cmd = BATADV_CMD_GET_BLA_CLAIM,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_bla_claim_dump,
},
{
.cmd = BATADV_CMD_GET_BLA_BACKBONE,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_bla_backbone_dump,
},
{
.cmd = BATADV_CMD_GET_DAT_CACHE,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_dat_cache_dump,
},
{
.cmd = BATADV_CMD_GET_MCAST_FLAGS,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.dumpit = batadv_mcast_flags_dump,
},
{
.cmd = BATADV_CMD_SET_MESH,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_set_mesh,
.internal_flags = BATADV_FLAG_NEED_MESH,
},
{
.cmd = BATADV_CMD_SET_HARDIF,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_set_hardif,
.internal_flags = BATADV_FLAG_NEED_MESH |
BATADV_FLAG_NEED_HARDIF,
@@ -1474,7 +1474,7 @@ static const struct genl_small_ops batadv_netlink_ops[] = {
{
.cmd = BATADV_CMD_SET_VLAN,
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
- .flags = GENL_ADMIN_PERM,
+ .flags = GENL_UNS_ADMIN_PERM,
.doit = batadv_netlink_set_vlan,
.internal_flags = BATADV_FLAG_NEED_MESH |
BATADV_FLAG_NEED_VLAN,
--
2.31.0
1 year, 3 months