Re: [PATCH] iproute2: hide devices starting with period by default

2017-05-05 Thread Nicolas Dichtel 
Le 04/05/2017 à 21:47, David Ahern a écrit :
> On 5/4/17 1:10 PM, Florian Fainelli wrote:
>> On 05/04/2017 09:37 AM, David Ahern wrote:
>>> On 5/4/17 9:15 AM, Nicolas Dichtel wrote:
 Le 24/02/2017 à 16:52, David Ahern a écrit :
> On 2/23/17 8:12 PM, David Miller wrote:
>> This really need to be a fundamental facility, so that it transparently
>> works for NetworkManager, router daemons, everything.  Not just iproute2
>> and "ls".
>
> I'll rebase my patch and send out as RFC.
>
 David, did you finally send those patches?

>>>
>>> No, but for a few reasons.
>>>
>>> It is easy to hide devices in a dump:
>>>
>>> https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00
>>>
>>>
>>> But I think those devices should also not exist in sysfs or procfs which
>>> overlaps what I would like to see for lightweight netdevices:
>>>
>>> https://github.com/dsahern/linux/commit/70574be699cf252e77f71e3df11192438689f976
>>
>> Interesting that does indeed solve the same problems as the L2 only
>> patch set intended. I am not exactly sure if hiding the devices from
>> procfs/sysfs would be appropriate in my case (dumb L2 only switch that
>> only does 802.1q for instance), but why not.
>>
>>
>>>
>>>
>>> and to be complete, hidden devices should not be allowed to have a
>>> network address or transmit packets which is the L2 only intent from
>>> Florian:
>>> https://www.spinics.net/lists/netdev/msg340808.html
>>>
>>
>> Do you plan on submitting the LWT patch set at some point?
> 
> Definitely. Maybe I can find some time this weekend.
> 
Ok, thank you for the details.

I agree with Jiri that the name should be something different than lwt.


Regards,
Nicolas

Re: [PATCH] iproute2: hide devices starting with period by default

2017-05-05 Thread Jiri Benc 
On Thu, 4 May 2017 13:47:36 -0600, David Ahern wrote:
> On 5/4/17 1:10 PM, Florian Fainelli wrote:
> > On 05/04/2017 09:37 AM, David Ahern wrote:
> > Do you plan on submitting the LWT patch set at some point?
> 
> Definitely. Maybe I can find some time this weekend.

I suggest to change the name to "lwd" or so. "lwt" name is too similar
to the existing "lwtunnel" infrastructure and would be very confusing.

Thanks,

 Jiri

Re: [PATCH] iproute2: hide devices starting with period by default

2017-05-04 Thread David Ahern 
On 5/4/17 1:10 PM, Florian Fainelli wrote:
> On 05/04/2017 09:37 AM, David Ahern wrote:
>> On 5/4/17 9:15 AM, Nicolas Dichtel wrote:
>>> Le 24/02/2017 à 16:52, David Ahern a écrit :
 On 2/23/17 8:12 PM, David Miller wrote:
> This really need to be a fundamental facility, so that it transparently
> works for NetworkManager, router daemons, everything.  Not just iproute2
> and "ls".

 I'll rebase my patch and send out as RFC.

>>> David, did you finally send those patches?
>>>
>>
>> No, but for a few reasons.
>>
>> It is easy to hide devices in a dump:
>>
>> https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00
>>
>>
>> But I think those devices should also not exist in sysfs or procfs which
>> overlaps what I would like to see for lightweight netdevices:
>>
>> https://github.com/dsahern/linux/commit/70574be699cf252e77f71e3df11192438689f976
> 
> Interesting that does indeed solve the same problems as the L2 only
> patch set intended. I am not exactly sure if hiding the devices from
> procfs/sysfs would be appropriate in my case (dumb L2 only switch that
> only does 802.1q for instance), but why not.
> 
> 
>>
>>
>> and to be complete, hidden devices should not be allowed to have a
>> network address or transmit packets which is the L2 only intent from
>> Florian:
>> https://www.spinics.net/lists/netdev/msg340808.html
>>
> 
> Do you plan on submitting the LWT patch set at some point?

Definitely. Maybe I can find some time this weekend.

Re: [PATCH] iproute2: hide devices starting with period by default

2017-05-04 Thread Florian Fainelli 
On 05/04/2017 09:37 AM, David Ahern wrote:
> On 5/4/17 9:15 AM, Nicolas Dichtel wrote:
>> Le 24/02/2017 à 16:52, David Ahern a écrit :
>>> On 2/23/17 8:12 PM, David Miller wrote:
 This really need to be a fundamental facility, so that it transparently
 works for NetworkManager, router daemons, everything.  Not just iproute2
 and "ls".
>>>
>>> I'll rebase my patch and send out as RFC.
>>>
>> David, did you finally send those patches?
>>
> 
> No, but for a few reasons.
> 
> It is easy to hide devices in a dump:
> 
> https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00
> 
> 
> But I think those devices should also not exist in sysfs or procfs which
> overlaps what I would like to see for lightweight netdevices:
> 
> https://github.com/dsahern/linux/commit/70574be699cf252e77f71e3df11192438689f976

Interesting that does indeed solve the same problems as the L2 only
patch set intended. I am not exactly sure if hiding the devices from
procfs/sysfs would be appropriate in my case (dumb L2 only switch that
only does 802.1q for instance), but why not.


> 
> 
> and to be complete, hidden devices should not be allowed to have a
> network address or transmit packets which is the L2 only intent from
> Florian:
> https://www.spinics.net/lists/netdev/msg340808.html
> 

Do you plan on submitting the LWT patch set at some point?
-- 
Florian

Re: [PATCH] iproute2: hide devices starting with period by default

2017-05-04 Thread David Ahern 
On 5/4/17 9:15 AM, Nicolas Dichtel wrote:
> Le 24/02/2017 à 16:52, David Ahern a écrit :
>> On 2/23/17 8:12 PM, David Miller wrote:
>>> This really need to be a fundamental facility, so that it transparently
>>> works for NetworkManager, router daemons, everything.  Not just iproute2
>>> and "ls".
>>
>> I'll rebase my patch and send out as RFC.
>>
> David, did you finally send those patches?
> 

No, but for a few reasons.

It is easy to hide devices in a dump:

https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00


But I think those devices should also not exist in sysfs or procfs which
overlaps what I would like to see for lightweight netdevices:

https://github.com/dsahern/linux/commit/70574be699cf252e77f71e3df11192438689f976


and to be complete, hidden devices should not be allowed to have a
network address or transmit packets which is the L2 only intent from
Florian:
https://www.spinics.net/lists/netdev/msg340808.html

Re: [PATCH] iproute2: hide devices starting with period by default

2017-05-04 Thread Nicolas Dichtel 
Le 24/02/2017 à 16:52, David Ahern a écrit :
> On 2/23/17 8:12 PM, David Miller wrote:
>> This really need to be a fundamental facility, so that it transparently
>> works for NetworkManager, router daemons, everything.  Not just iproute2
>> and "ls".
> 
> I'll rebase my patch and send out as RFC.
> 
David, did you finally send those patches?


Thank you,
Nicolas

Re: [PATCH] iproute2: hide devices starting with period by default

2017-02-24 Thread David Ahern 
On 2/23/17 8:12 PM, David Miller wrote:
> This really need to be a fundamental facility, so that it transparently
> works for NetworkManager, router daemons, everything.  Not just iproute2
> and "ls".

I'll rebase my patch and send out as RFC.

Re: [PATCH] iproute2: hide devices starting with period by default

2017-02-24 Thread Phil Sutter 
On Thu, Feb 23, 2017 at 05:31:14PM -0800, Stephen Hemminger wrote:
> On Thu, 23 Feb 2017 18:07:07 -0700
> David Ahern  wrote:
> 
> > On 2/23/17 5:30 PM, Stephen Hemminger wrote:
> > > On Thu, 23 Feb 2017 16:39:52 -0700
> > > David Ahern  wrote:
> > >   
> > >> On 2/23/17 12:50 PM, Stephen Hemminger wrote:  
> > >>> Some use cases create Linux networking devices which are not intended 
> > >>> for use
> > >>> by normal networking. This is an enhancement to ip command to hide 
> > >>> network
> > >>> devices starting with period (like files in normal directory).  
> > >>> Interfaces whose
> > >>> name start with "." are not shown by default, and the -a (or -all) flag 
> > >>> must
> > >>> be used to show these devices.
> > >>
> > >> Agree that some devices need to be hidden by default -- not just from
> > >> users but also other processes.
> > >>
> > >> This solution is very narrow, only affecting iproute2 users. Any other
> > >> programs that use netlink or /proc files will continue to see those 
> > >> devices.  
> > > 
> > > I want solution that works broadly. And this works for sysfs already.  
> > 
> > for 'ls' maybe, but not general walking of /sys. It does not hide
> > devices from snmpd, from ifconfig, etc., etc.
> > 
> > 
> > >> I started a patch a year ago that allows devices to marked as invisible
> > >> (attribute can be toggled at any time). Invisible devices do not show up
> > >> in netlink dumps, proc files or notifications. Netlink dumps can request
> > >> invisible devices to be included in a link dump. While it is more
> > >> intrusive, it is also more complete covering all of the paths in which
> > >> the device is shows up.
> > >>
> > >> Also, changing the default behavior for iproute2 could break existing
> > >> users that have such device names.  
> > > 
> > > I am less worried about this. The only people using . in name already
> > > are probably Brocade, and they have similar thing in CLI to hide these
> > > devices.  
> > 
> > 
> > seems like a big assumption.
> 
> Need a solution now, not something that requires kernel and command changes.

Why the haste? This doesn't seem like an urgent thing to fix and given
the mixed feelings this provoked giving it a second thought might not be
the worst idea, no?

Cheers, Phil

Re: [PATCH] iproute2: hide devices starting with period by default

2017-02-23 Thread David Miller 
From: David Ahern 
Date: Thu, 23 Feb 2017 18:07:07 -0700

> On 2/23/17 5:30 PM, Stephen Hemminger wrote:
>> On Thu, 23 Feb 2017 16:39:52 -0700
>> David Ahern  wrote:
>> 
>>> On 2/23/17 12:50 PM, Stephen Hemminger wrote:
 Some use cases create Linux networking devices which are not intended for 
 use
 by normal networking. This is an enhancement to ip command to hide network
 devices starting with period (like files in normal directory).  Interfaces 
 whose
 name start with "." are not shown by default, and the -a (or -all) flag 
 must
 be used to show these devices.  
>>>
>>> Agree that some devices need to be hidden by default -- not just from
>>> users but also other processes.
>>>
>>> This solution is very narrow, only affecting iproute2 users. Any other
>>> programs that use netlink or /proc files will continue to see those devices.
>> 
>> I want solution that works broadly. And this works for sysfs already.
> 
> for 'ls' maybe, but not general walking of /sys. It does not hide
> devices from snmpd, from ifconfig, etc., etc.

I agree, that this is a pretty poor assumption.

And relying upon tool specific behavior to provide this facility
is even more special purpose.

This really need to be a fundamental facility, so that it transparently
works for NetworkManager, router daemons, everything.  Not just iproute2
and "ls".

Re: [PATCH] iproute2: hide devices starting with period by default

2017-02-23 Thread Stephen Hemminger 
On Thu, 23 Feb 2017 18:07:07 -0700
David Ahern  wrote:

> On 2/23/17 5:30 PM, Stephen Hemminger wrote:
> > On Thu, 23 Feb 2017 16:39:52 -0700
> > David Ahern  wrote:
> >   
> >> On 2/23/17 12:50 PM, Stephen Hemminger wrote:  
> >>> Some use cases create Linux networking devices which are not intended for 
> >>> use
> >>> by normal networking. This is an enhancement to ip command to hide network
> >>> devices starting with period (like files in normal directory).  
> >>> Interfaces whose
> >>> name start with "." are not shown by default, and the -a (or -all) flag 
> >>> must
> >>> be used to show these devices.
> >>
> >> Agree that some devices need to be hidden by default -- not just from
> >> users but also other processes.
> >>
> >> This solution is very narrow, only affecting iproute2 users. Any other
> >> programs that use netlink or /proc files will continue to see those 
> >> devices.  
> > 
> > I want solution that works broadly. And this works for sysfs already.  
> 
> for 'ls' maybe, but not general walking of /sys. It does not hide
> devices from snmpd, from ifconfig, etc., etc.
> 
> 
> >> I started a patch a year ago that allows devices to marked as invisible
> >> (attribute can be toggled at any time). Invisible devices do not show up
> >> in netlink dumps, proc files or notifications. Netlink dumps can request
> >> invisible devices to be included in a link dump. While it is more
> >> intrusive, it is also more complete covering all of the paths in which
> >> the device is shows up.
> >>
> >> Also, changing the default behavior for iproute2 could break existing
> >> users that have such device names.  
> > 
> > I am less worried about this. The only people using . in name already
> > are probably Brocade, and they have similar thing in CLI to hide these
> > devices.  
> 
> 
> seems like a big assumption.

Need a solution now, not something that requires kernel and command changes.

Re: [PATCH] iproute2: hide devices starting with period by default

2017-02-23 Thread David Ahern 
On 2/23/17 5:30 PM, Stephen Hemminger wrote:
> On Thu, 23 Feb 2017 16:39:52 -0700
> David Ahern  wrote:
> 
>> On 2/23/17 12:50 PM, Stephen Hemminger wrote:
>>> Some use cases create Linux networking devices which are not intended for 
>>> use
>>> by normal networking. This is an enhancement to ip command to hide network
>>> devices starting with period (like files in normal directory).  Interfaces 
>>> whose
>>> name start with "." are not shown by default, and the -a (or -all) flag must
>>> be used to show these devices.  
>>
>> Agree that some devices need to be hidden by default -- not just from
>> users but also other processes.
>>
>> This solution is very narrow, only affecting iproute2 users. Any other
>> programs that use netlink or /proc files will continue to see those devices.
> 
> I want solution that works broadly. And this works for sysfs already.

for 'ls' maybe, but not general walking of /sys. It does not hide
devices from snmpd, from ifconfig, etc., etc.


>> I started a patch a year ago that allows devices to marked as invisible
>> (attribute can be toggled at any time). Invisible devices do not show up
>> in netlink dumps, proc files or notifications. Netlink dumps can request
>> invisible devices to be included in a link dump. While it is more
>> intrusive, it is also more complete covering all of the paths in which
>> the device is shows up.
>>
>> Also, changing the default behavior for iproute2 could break existing
>> users that have such device names.
> 
> I am less worried about this. The only people using . in name already
> are probably Brocade, and they have similar thing in CLI to hide these
> devices.


seems like a big assumption.

Re: [PATCH] iproute2: hide devices starting with period by default

2017-02-23 Thread Stephen Hemminger 
On Thu, 23 Feb 2017 16:39:52 -0700
David Ahern  wrote:

> On 2/23/17 12:50 PM, Stephen Hemminger wrote:
> > Some use cases create Linux networking devices which are not intended for 
> > use
> > by normal networking. This is an enhancement to ip command to hide network
> > devices starting with period (like files in normal directory).  Interfaces 
> > whose
> > name start with "." are not shown by default, and the -a (or -all) flag must
> > be used to show these devices.  
> 
> Agree that some devices need to be hidden by default -- not just from
> users but also other processes.
> 
> This solution is very narrow, only affecting iproute2 users. Any other
> programs that use netlink or /proc files will continue to see those devices.

I want solution that works broadly. And this works for sysfs already.


> I started a patch a year ago that allows devices to marked as invisible
> (attribute can be toggled at any time). Invisible devices do not show up
> in netlink dumps, proc files or notifications. Netlink dumps can request
> invisible devices to be included in a link dump. While it is more
> intrusive, it is also more complete covering all of the paths in which
> the device is shows up.
> 
> Also, changing the default behavior for iproute2 could break existing
> users that have such device names.

I am less worried about this. The only people using . in name already
are probably Brocade, and they have similar thing in CLI to hide these
devices.

Re: [PATCH] iproute2: hide devices starting with period by default

2017-02-23 Thread David Ahern 
On 2/23/17 12:50 PM, Stephen Hemminger wrote:
> Some use cases create Linux networking devices which are not intended for use
> by normal networking. This is an enhancement to ip command to hide network
> devices starting with period (like files in normal directory).  Interfaces 
> whose
> name start with "." are not shown by default, and the -a (or -all) flag must
> be used to show these devices.

Agree that some devices need to be hidden by default -- not just from
users but also other processes.

This solution is very narrow, only affecting iproute2 users. Any other
programs that use netlink or /proc files will continue to see those devices.

I started a patch a year ago that allows devices to marked as invisible
(attribute can be toggled at any time). Invisible devices do not show up
in netlink dumps, proc files or notifications. Netlink dumps can request
invisible devices to be included in a link dump. While it is more
intrusive, it is also more complete covering all of the paths in which
the device is shows up.

Also, changing the default behavior for iproute2 could break existing
users that have such device names.