* network interfaces called "all", "default" or "config"
@ 2014-07-23 11:33 Stephane Chazelas
2014-07-23 14:56 ` Randy Dunlap
0 siblings, 1 reply; 7+ messages in thread
From: Stephane Chazelas @ 2014-07-23 11:33 UTC (permalink / raw)
To: linux-kernel
Hiya,
you may want to forbid the creation of interfaces whose name is
one of the special files in /proc/net and /proc/sys.
I can see some characters (like space, tab, newline, slash,
dot...) are alread forbidden in interface names (EINVAL), but
one can do for instance:
sudo ip link add link eth0 all type vlan id 2
sudo ip link add link eth0 default type vlan id 3
sudo ip link add link eth0 config type vlan id 4
Interestingly, after you add a "all" or "default", the
corresponding /proc/sys/net/ipv[46]/conf/(all|default) become
empty, and remain so even after you've removed the interface.
Adding an interface called "config" masks /proc/net/vlan/config
(tested with 3.14-1-amd64 on debian)
--
Stephane
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: network interfaces called "all", "default" or "config"
2014-07-23 11:33 network interfaces called "all", "default" or "config" Stephane Chazelas
@ 2014-07-23 14:56 ` Randy Dunlap
2014-08-14 9:41 ` Stephane Chazelas
0 siblings, 1 reply; 7+ messages in thread
From: Randy Dunlap @ 2014-07-23 14:56 UTC (permalink / raw)
To: Stephane Chazelas, linux-kernel, netdev
[adding netdev]
On 07/23/2014 04:33 AM, Stephane Chazelas wrote:
> Hiya,
>
> you may want to forbid the creation of interfaces whose name is
> one of the special files in /proc/net and /proc/sys.
>
> I can see some characters (like space, tab, newline, slash,
> dot...) are alread forbidden in interface names (EINVAL), but
> one can do for instance:
>
> sudo ip link add link eth0 all type vlan id 2
> sudo ip link add link eth0 default type vlan id 3
> sudo ip link add link eth0 config type vlan id 4
>
> Interestingly, after you add a "all" or "default", the
> corresponding /proc/sys/net/ipv[46]/conf/(all|default) become
> empty, and remain so even after you've removed the interface.
>
> Adding an interface called "config" masks /proc/net/vlan/config
>
> (tested with 3.14-1-amd64 on debian)
>
--
~Randy
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: network interfaces called "all", "default" or "config"
2014-07-23 14:56 ` Randy Dunlap
@ 2014-08-14 9:41 ` Stephane Chazelas
2014-08-14 18:28 ` Stephen Hemminger
2014-08-14 18:37 ` Cong Wang
0 siblings, 2 replies; 7+ messages in thread
From: Stephane Chazelas @ 2014-08-14 9:41 UTC (permalink / raw)
To: Randy Dunlap; +Cc: linux-kernel, netdev
By the way, this is related:
$ ip link add link eth0 eth0:123 type vlan id 123
$ ip link del link eth0 eth0:123
RTNETLINK answers: Operation not supported
vconfig rem eth0:123
using a different API, is OK.
ip link del:
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=22135, groups=00000000}, [12]) = 0
sendto(3, " \0\0\0\20\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0",
32, 0, NULL, 0) = 32
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000},
msg_iov(1)=[{"4\0\0\0\2\0\0\0\0\0\0\0wV\0\0\355\377\377\377
\0\0\0\20\0\5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0",
8192}], msg_controllen=0, msg_flags=0}, 0) = 52
access("/proc/net", R_OK) = 0
access("/proc/net/unix", R_OK) = 0
socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
ioctl(4, SIOCGIFINDEX, {ifr_name="eth0:123", ifr_index=2}) = 0
close(4) = 0
sendmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000}, msg_iov(1)=[{"
\0\0\0\21\0\5\0\305\202\354S\0\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0",
32}], msg_controllen=0, msg_flags=0}, 0) = 32
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000},
msg_iov(1)=[{"4\0\0\0\2\0\0\0\305\202\354SwV\0\0\241\377\377\377
\0\0\0\21\0\5\0\305\202\354S\0\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0",
16384}], msg_controllen=0, msg_flags=0}, 0) = 52
write(2, "RTNETLINK answers: Operation not supported\n", 43) = 43
exit_group(2) = ?
vconfig rem:
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
ioctl(3, SIOCSIFVLAN, 0x7fff67a00110) = 0
Cheers,
Stephane
On 23 July 2014 15:56, Randy Dunlap <rdunlap@infradead.org> wrote:
>
> [adding netdev]
>
> On 07/23/2014 04:33 AM, Stephane Chazelas wrote:
> > Hiya,
> >
> > you may want to forbid the creation of interfaces whose name is
> > one of the special files in /proc/net and /proc/sys.
> >
> > I can see some characters (like space, tab, newline, slash,
> > dot...) are alread forbidden in interface names (EINVAL), but
> > one can do for instance:
> >
> > sudo ip link add link eth0 all type vlan id 2
> > sudo ip link add link eth0 default type vlan id 3
> > sudo ip link add link eth0 config type vlan id 4
> >
> > Interestingly, after you add a "all" or "default", the
> > corresponding /proc/sys/net/ipv[46]/conf/(all|default) become
> > empty, and remain so even after you've removed the interface.
> >
> > Adding an interface called "config" masks /proc/net/vlan/config
> >
> > (tested with 3.14-1-amd64 on debian)
> >
>
>
> --
> ~Randy
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: network interfaces called "all", "default" or "config"
2014-08-14 9:41 ` Stephane Chazelas
@ 2014-08-14 18:28 ` Stephen Hemminger
2014-08-14 18:37 ` Cong Wang
1 sibling, 0 replies; 7+ messages in thread
From: Stephen Hemminger @ 2014-08-14 18:28 UTC (permalink / raw)
To: Stephane Chazelas; +Cc: Randy Dunlap, linux-kernel, netdev
On Thu, 14 Aug 2014 10:41:39 +0100
Stephane Chazelas <stephane.chazelas@gmail.com> wrote:
> $ ip link add link eth0 eth0:123 type vlan id 123
> $ ip link del link eth0 eth0:123
> RTNETLINK answers: Operation not supported
eth0:123 is one of the old style interface names.
Kernel and iproute treat these specially.
Don't use them. They exist only for compatibility with the
dark ages.
You should use period (ie eth0.123) for VLAN's
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: network interfaces called "all", "default" or "config"
2014-08-14 9:41 ` Stephane Chazelas
2014-08-14 18:28 ` Stephen Hemminger
@ 2014-08-14 18:37 ` Cong Wang
2014-08-15 8:33 ` Stephane Chazelas
1 sibling, 1 reply; 7+ messages in thread
From: Cong Wang @ 2014-08-14 18:37 UTC (permalink / raw)
To: Stephane Chazelas; +Cc: Randy Dunlap, linux-kernel, netdev
On Thu, Aug 14, 2014 at 2:41 AM, Stephane Chazelas
<stephane.chazelas@gmail.com> wrote:
> By the way, this is related:
>
> $ ip link add link eth0 eth0:123 type vlan id 123
> $ ip link del link eth0 eth0:123
> RTNETLINK answers: Operation not supported
Kernel reads "eth0:123" as an alias of "eth0", so it will just
truncate the dev name into "eth0":
ifr.ifr_name[IFNAMSIZ-1] = 0;
colon = strchr(ifr.ifr_name, ':');
if (colon)
*colon = 0;
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: network interfaces called "all", "default" or "config"
2014-08-14 18:37 ` Cong Wang
@ 2014-08-15 8:33 ` Stephane Chazelas
2014-08-15 17:32 ` Cong Wang
0 siblings, 1 reply; 7+ messages in thread
From: Stephane Chazelas @ 2014-08-15 8:33 UTC (permalink / raw)
To: Cong Wang; +Cc: Randy Dunlap, linux-kernel, netdev
Yes, I know those are also used for the eth0:1 "aliases", but the bug
is, since it is allowed to do
ip link add link eth0 eth0:123 type vlan id 123
Then the
ip link del link eth0 eth0:123
should be allowed as well. Or probably better to avoid confusion
ip link add link eth0 foo:bar type vlan id 123
should not be allowed.
Worse:
ip link add link eth0 foo:bar type vlan id 1
ip link add link eth0 foo type vlan id 2
ip link del foo:bar
deletes foo instead of foo:bar.
On 14 August 2014 19:37, Cong Wang <cwang@twopensource.com> wrote:
> On Thu, Aug 14, 2014 at 2:41 AM, Stephane Chazelas
> <stephane.chazelas@gmail.com> wrote:
>> By the way, this is related:
>>
>> $ ip link add link eth0 eth0:123 type vlan id 123
>> $ ip link del link eth0 eth0:123
>> RTNETLINK answers: Operation not supported
>
> Kernel reads "eth0:123" as an alias of "eth0", so it will just
> truncate the dev name into "eth0":
>
>
> ifr.ifr_name[IFNAMSIZ-1] = 0;
>
> colon = strchr(ifr.ifr_name, ':');
> if (colon)
> *colon = 0;
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: network interfaces called "all", "default" or "config"
2014-08-15 8:33 ` Stephane Chazelas
@ 2014-08-15 17:32 ` Cong Wang
0 siblings, 0 replies; 7+ messages in thread
From: Cong Wang @ 2014-08-15 17:32 UTC (permalink / raw)
To: Stephane Chazelas; +Cc: Randy Dunlap, linux-kernel, netdev
On Fri, Aug 15, 2014 at 1:33 AM, Stephane Chazelas
<stephane.chazelas@gmail.com> wrote:
> Yes, I know those are also used for the eth0:1 "aliases", but the bug
> is, since it is allowed to do
>
> ip link add link eth0 eth0:123 type vlan id 123
>
> Then the
>
> ip link del link eth0 eth0:123
>
> should be allowed as well. Or probably better to avoid confusion
>
> ip link add link eth0 foo:bar type vlan id 123
>
> should not be allowed.
>
Good point! I think the reason is that in the past we used ioctl()
to add or remove network interface so kernel just checks that
code path for name alias, so we probably need to check netlink
path as well since it makes really little sense that we allow create
names with a colon but disallow to delete them.
Stephen should know better than me.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2014-08-15 17:32 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-23 11:33 network interfaces called "all", "default" or "config" Stephane Chazelas
2014-07-23 14:56 ` Randy Dunlap
2014-08-14 9:41 ` Stephane Chazelas
2014-08-14 18:28 ` Stephen Hemminger
2014-08-14 18:37 ` Cong Wang
2014-08-15 8:33 ` Stephane Chazelas
2014-08-15 17:32 ` Cong Wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).