Re: [PATCH] iproute2: hide devices starting with period by default
Le 04/05/2017 à 21:47, David Ahern a écrit : > On 5/4/17 1:10 PM, Florian Fainelli wrote: >> On 05/04/2017 09:37 AM, David Ahern wrote: >>> On 5/4/17 9:15 AM, Nicolas Dichtel wrote: Le 24/02/2017 à 16:52, David Ahern a écrit : > On 2/23/17 8:12 PM, David Miller wrote: >> This really need to be a fundamental facility, so that it transparently >> works for NetworkManager, router daemons, everything. Not just iproute2 >> and "ls". > > I'll rebase my patch and send out as RFC. > David, did you finally send those patches? >>> >>> No, but for a few reasons. >>> >>> It is easy to hide devices in a dump: >>> >>> https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00 >>> >>> >>> But I think those devices should also not exist in sysfs or procfs which >>> overlaps what I would like to see for lightweight netdevices: >>> >>> https://github.com/dsahern/linux/commit/70574be699cf252e77f71e3df11192438689f976 >> >> Interesting that does indeed solve the same problems as the L2 only >> patch set intended. I am not exactly sure if hiding the devices from >> procfs/sysfs would be appropriate in my case (dumb L2 only switch that >> only does 802.1q for instance), but why not. >> >> >>> >>> >>> and to be complete, hidden devices should not be allowed to have a >>> network address or transmit packets which is the L2 only intent from >>> Florian: >>> https://www.spinics.net/lists/netdev/msg340808.html >>> >> >> Do you plan on submitting the LWT patch set at some point? > > Definitely. Maybe I can find some time this weekend. > Ok, thank you for the details. I agree with Jiri that the name should be something different than lwt. Regards, Nicolas
Re: [PATCH] iproute2: hide devices starting with period by default
On Thu, 4 May 2017 13:47:36 -0600, David Ahern wrote: > On 5/4/17 1:10 PM, Florian Fainelli wrote: > > On 05/04/2017 09:37 AM, David Ahern wrote: > > Do you plan on submitting the LWT patch set at some point? > > Definitely. Maybe I can find some time this weekend. I suggest to change the name to "lwd" or so. "lwt" name is too similar to the existing "lwtunnel" infrastructure and would be very confusing. Thanks, Jiri
Re: [PATCH] iproute2: hide devices starting with period by default
On 5/4/17 1:10 PM, Florian Fainelli wrote: > On 05/04/2017 09:37 AM, David Ahern wrote: >> On 5/4/17 9:15 AM, Nicolas Dichtel wrote: >>> Le 24/02/2017 à 16:52, David Ahern a écrit : On 2/23/17 8:12 PM, David Miller wrote: > This really need to be a fundamental facility, so that it transparently > works for NetworkManager, router daemons, everything. Not just iproute2 > and "ls". I'll rebase my patch and send out as RFC. >>> David, did you finally send those patches? >>> >> >> No, but for a few reasons. >> >> It is easy to hide devices in a dump: >> >> https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00 >> >> >> But I think those devices should also not exist in sysfs or procfs which >> overlaps what I would like to see for lightweight netdevices: >> >> https://github.com/dsahern/linux/commit/70574be699cf252e77f71e3df11192438689f976 > > Interesting that does indeed solve the same problems as the L2 only > patch set intended. I am not exactly sure if hiding the devices from > procfs/sysfs would be appropriate in my case (dumb L2 only switch that > only does 802.1q for instance), but why not. > > >> >> >> and to be complete, hidden devices should not be allowed to have a >> network address or transmit packets which is the L2 only intent from >> Florian: >> https://www.spinics.net/lists/netdev/msg340808.html >> > > Do you plan on submitting the LWT patch set at some point? Definitely. Maybe I can find some time this weekend.
Re: [PATCH] iproute2: hide devices starting with period by default
On 05/04/2017 09:37 AM, David Ahern wrote: > On 5/4/17 9:15 AM, Nicolas Dichtel wrote: >> Le 24/02/2017 à 16:52, David Ahern a écrit : >>> On 2/23/17 8:12 PM, David Miller wrote: This really need to be a fundamental facility, so that it transparently works for NetworkManager, router daemons, everything. Not just iproute2 and "ls". >>> >>> I'll rebase my patch and send out as RFC. >>> >> David, did you finally send those patches? >> > > No, but for a few reasons. > > It is easy to hide devices in a dump: > > https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00 > > > But I think those devices should also not exist in sysfs or procfs which > overlaps what I would like to see for lightweight netdevices: > > https://github.com/dsahern/linux/commit/70574be699cf252e77f71e3df11192438689f976 Interesting that does indeed solve the same problems as the L2 only patch set intended. I am not exactly sure if hiding the devices from procfs/sysfs would be appropriate in my case (dumb L2 only switch that only does 802.1q for instance), but why not. > > > and to be complete, hidden devices should not be allowed to have a > network address or transmit packets which is the L2 only intent from > Florian: > https://www.spinics.net/lists/netdev/msg340808.html > Do you plan on submitting the LWT patch set at some point? -- Florian
Re: [PATCH] iproute2: hide devices starting with period by default
On 5/4/17 9:15 AM, Nicolas Dichtel wrote: > Le 24/02/2017 à 16:52, David Ahern a écrit : >> On 2/23/17 8:12 PM, David Miller wrote: >>> This really need to be a fundamental facility, so that it transparently >>> works for NetworkManager, router daemons, everything. Not just iproute2 >>> and "ls". >> >> I'll rebase my patch and send out as RFC. >> > David, did you finally send those patches? > No, but for a few reasons. It is easy to hide devices in a dump: https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00 But I think those devices should also not exist in sysfs or procfs which overlaps what I would like to see for lightweight netdevices: https://github.com/dsahern/linux/commit/70574be699cf252e77f71e3df11192438689f976 and to be complete, hidden devices should not be allowed to have a network address or transmit packets which is the L2 only intent from Florian: https://www.spinics.net/lists/netdev/msg340808.html
Re: [PATCH] iproute2: hide devices starting with period by default
Le 24/02/2017 à 16:52, David Ahern a écrit : > On 2/23/17 8:12 PM, David Miller wrote: >> This really need to be a fundamental facility, so that it transparently >> works for NetworkManager, router daemons, everything. Not just iproute2 >> and "ls". > > I'll rebase my patch and send out as RFC. > David, did you finally send those patches? Thank you, Nicolas
Re: [PATCH] iproute2: hide devices starting with period by default
On 2/23/17 8:12 PM, David Miller wrote: > This really need to be a fundamental facility, so that it transparently > works for NetworkManager, router daemons, everything. Not just iproute2 > and "ls". I'll rebase my patch and send out as RFC.
Re: [PATCH] iproute2: hide devices starting with period by default
On Thu, Feb 23, 2017 at 05:31:14PM -0800, Stephen Hemminger wrote: > On Thu, 23 Feb 2017 18:07:07 -0700 > David Ahernwrote: > > > On 2/23/17 5:30 PM, Stephen Hemminger wrote: > > > On Thu, 23 Feb 2017 16:39:52 -0700 > > > David Ahern wrote: > > > > > >> On 2/23/17 12:50 PM, Stephen Hemminger wrote: > > >>> Some use cases create Linux networking devices which are not intended > > >>> for use > > >>> by normal networking. This is an enhancement to ip command to hide > > >>> network > > >>> devices starting with period (like files in normal directory). > > >>> Interfaces whose > > >>> name start with "." are not shown by default, and the -a (or -all) flag > > >>> must > > >>> be used to show these devices. > > >> > > >> Agree that some devices need to be hidden by default -- not just from > > >> users but also other processes. > > >> > > >> This solution is very narrow, only affecting iproute2 users. Any other > > >> programs that use netlink or /proc files will continue to see those > > >> devices. > > > > > > I want solution that works broadly. And this works for sysfs already. > > > > for 'ls' maybe, but not general walking of /sys. It does not hide > > devices from snmpd, from ifconfig, etc., etc. > > > > > > >> I started a patch a year ago that allows devices to marked as invisible > > >> (attribute can be toggled at any time). Invisible devices do not show up > > >> in netlink dumps, proc files or notifications. Netlink dumps can request > > >> invisible devices to be included in a link dump. While it is more > > >> intrusive, it is also more complete covering all of the paths in which > > >> the device is shows up. > > >> > > >> Also, changing the default behavior for iproute2 could break existing > > >> users that have such device names. > > > > > > I am less worried about this. The only people using . in name already > > > are probably Brocade, and they have similar thing in CLI to hide these > > > devices. > > > > > > seems like a big assumption. > > Need a solution now, not something that requires kernel and command changes. Why the haste? This doesn't seem like an urgent thing to fix and given the mixed feelings this provoked giving it a second thought might not be the worst idea, no? Cheers, Phil
Re: [PATCH] iproute2: hide devices starting with period by default
From: David AhernDate: Thu, 23 Feb 2017 18:07:07 -0700 > On 2/23/17 5:30 PM, Stephen Hemminger wrote: >> On Thu, 23 Feb 2017 16:39:52 -0700 >> David Ahern wrote: >> >>> On 2/23/17 12:50 PM, Stephen Hemminger wrote: Some use cases create Linux networking devices which are not intended for use by normal networking. This is an enhancement to ip command to hide network devices starting with period (like files in normal directory). Interfaces whose name start with "." are not shown by default, and the -a (or -all) flag must be used to show these devices. >>> >>> Agree that some devices need to be hidden by default -- not just from >>> users but also other processes. >>> >>> This solution is very narrow, only affecting iproute2 users. Any other >>> programs that use netlink or /proc files will continue to see those devices. >> >> I want solution that works broadly. And this works for sysfs already. > > for 'ls' maybe, but not general walking of /sys. It does not hide > devices from snmpd, from ifconfig, etc., etc. I agree, that this is a pretty poor assumption. And relying upon tool specific behavior to provide this facility is even more special purpose. This really need to be a fundamental facility, so that it transparently works for NetworkManager, router daemons, everything. Not just iproute2 and "ls".
Re: [PATCH] iproute2: hide devices starting with period by default
On Thu, 23 Feb 2017 18:07:07 -0700 David Ahernwrote: > On 2/23/17 5:30 PM, Stephen Hemminger wrote: > > On Thu, 23 Feb 2017 16:39:52 -0700 > > David Ahern wrote: > > > >> On 2/23/17 12:50 PM, Stephen Hemminger wrote: > >>> Some use cases create Linux networking devices which are not intended for > >>> use > >>> by normal networking. This is an enhancement to ip command to hide network > >>> devices starting with period (like files in normal directory). > >>> Interfaces whose > >>> name start with "." are not shown by default, and the -a (or -all) flag > >>> must > >>> be used to show these devices. > >> > >> Agree that some devices need to be hidden by default -- not just from > >> users but also other processes. > >> > >> This solution is very narrow, only affecting iproute2 users. Any other > >> programs that use netlink or /proc files will continue to see those > >> devices. > > > > I want solution that works broadly. And this works for sysfs already. > > for 'ls' maybe, but not general walking of /sys. It does not hide > devices from snmpd, from ifconfig, etc., etc. > > > >> I started a patch a year ago that allows devices to marked as invisible > >> (attribute can be toggled at any time). Invisible devices do not show up > >> in netlink dumps, proc files or notifications. Netlink dumps can request > >> invisible devices to be included in a link dump. While it is more > >> intrusive, it is also more complete covering all of the paths in which > >> the device is shows up. > >> > >> Also, changing the default behavior for iproute2 could break existing > >> users that have such device names. > > > > I am less worried about this. The only people using . in name already > > are probably Brocade, and they have similar thing in CLI to hide these > > devices. > > > seems like a big assumption. Need a solution now, not something that requires kernel and command changes.
Re: [PATCH] iproute2: hide devices starting with period by default
On 2/23/17 5:30 PM, Stephen Hemminger wrote: > On Thu, 23 Feb 2017 16:39:52 -0700 > David Ahernwrote: > >> On 2/23/17 12:50 PM, Stephen Hemminger wrote: >>> Some use cases create Linux networking devices which are not intended for >>> use >>> by normal networking. This is an enhancement to ip command to hide network >>> devices starting with period (like files in normal directory). Interfaces >>> whose >>> name start with "." are not shown by default, and the -a (or -all) flag must >>> be used to show these devices. >> >> Agree that some devices need to be hidden by default -- not just from >> users but also other processes. >> >> This solution is very narrow, only affecting iproute2 users. Any other >> programs that use netlink or /proc files will continue to see those devices. > > I want solution that works broadly. And this works for sysfs already. for 'ls' maybe, but not general walking of /sys. It does not hide devices from snmpd, from ifconfig, etc., etc. >> I started a patch a year ago that allows devices to marked as invisible >> (attribute can be toggled at any time). Invisible devices do not show up >> in netlink dumps, proc files or notifications. Netlink dumps can request >> invisible devices to be included in a link dump. While it is more >> intrusive, it is also more complete covering all of the paths in which >> the device is shows up. >> >> Also, changing the default behavior for iproute2 could break existing >> users that have such device names. > > I am less worried about this. The only people using . in name already > are probably Brocade, and they have similar thing in CLI to hide these > devices. seems like a big assumption.
Re: [PATCH] iproute2: hide devices starting with period by default
On Thu, 23 Feb 2017 16:39:52 -0700 David Ahernwrote: > On 2/23/17 12:50 PM, Stephen Hemminger wrote: > > Some use cases create Linux networking devices which are not intended for > > use > > by normal networking. This is an enhancement to ip command to hide network > > devices starting with period (like files in normal directory). Interfaces > > whose > > name start with "." are not shown by default, and the -a (or -all) flag must > > be used to show these devices. > > Agree that some devices need to be hidden by default -- not just from > users but also other processes. > > This solution is very narrow, only affecting iproute2 users. Any other > programs that use netlink or /proc files will continue to see those devices. I want solution that works broadly. And this works for sysfs already. > I started a patch a year ago that allows devices to marked as invisible > (attribute can be toggled at any time). Invisible devices do not show up > in netlink dumps, proc files or notifications. Netlink dumps can request > invisible devices to be included in a link dump. While it is more > intrusive, it is also more complete covering all of the paths in which > the device is shows up. > > Also, changing the default behavior for iproute2 could break existing > users that have such device names. I am less worried about this. The only people using . in name already are probably Brocade, and they have similar thing in CLI to hide these devices.
Re: [PATCH] iproute2: hide devices starting with period by default
On 2/23/17 12:50 PM, Stephen Hemminger wrote: > Some use cases create Linux networking devices which are not intended for use > by normal networking. This is an enhancement to ip command to hide network > devices starting with period (like files in normal directory). Interfaces > whose > name start with "." are not shown by default, and the -a (or -all) flag must > be used to show these devices. Agree that some devices need to be hidden by default -- not just from users but also other processes. This solution is very narrow, only affecting iproute2 users. Any other programs that use netlink or /proc files will continue to see those devices. I started a patch a year ago that allows devices to marked as invisible (attribute can be toggled at any time). Invisible devices do not show up in netlink dumps, proc files or notifications. Netlink dumps can request invisible devices to be included in a link dump. While it is more intrusive, it is also more complete covering all of the paths in which the device is shows up. Also, changing the default behavior for iproute2 could break existing users that have such device names.