[Devel] [PATCH 0/5] Replace vzethdev on veth

Konstantin Khorenko khorenko at virtuozzo.com
Thu Jun 4 10:40:07 PDT 2015


Andrey, Kirill,

as patchset lacks the feature/usage description i've made a draft of it.
Please, review and correct it, i'll put it into commit message as well.

============================================================================
VZ veth features:

1) vzctl creates a pair of veth interfaces CT 0 <-> CT N

2) vzctl in CT0 calls ioctl SIOCSVENET (in include/uapi/linux/veth.h) on one of veth interfaces,
   it will enable Virtuozzo features for veth pair.
   This ioctl automatically enables skb marks saving on going out of a net namespace, which can be used
   for CT traffic accounting on CT0.

   Notes:
   a) no need to call this ioctl for 2 interfaces
   b) CT owner cannot call this ioctl because it's guarded by capable(CAP_NET_ADMIN), available on CT0 only
   c) it's impossible to disable VZ features on veth pair once enabled

3) after veth pair is created, MAC change functionality is enabled both from CT0 and from inside a CT

4) vzctl can set appropriate MAC addresses for both veth interfaces

5) vzctl can call SIOCSFIXEDADDR ioctl (in include/uapi/linux/veth.h) on veth interface with ifr_ifru.ifru_flags set to 1,
   which disables ability to change MAC addresses on both ends.
   The possibility to change MAC can be re-enabled by calling SIOCSFIXEDADDR ioctl with ifr_ifru.ifru_flags set to 0.

   Note: MAC change prevention will work _only_ after ioctl SIOCSVENET is called on a veth interface.

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 05/28/2015 02:06 PM, Andrew Vagin wrote:
> Add two ioctls to enable vz specific features and to control changing of mac addresses.
> 
> https://jira.sw.ru/browse/PSBM-32276
> https://jira.sw.ru/browse/PSBM-26974
> 
> Andrew Vagin (5):
>   vz: remove vzethdev
>   veth: add ability to enable vz-specific features
>   veth: filter packages accoding with mac addresses
>   veth: add ability to prevent changing of a mac address from a
>     container
>   veth: don't drop skb->mark if NETIF_F_VENET is set
> 
>  config.OpenVZ                   |    1 -
>  drivers/net/Makefile            |    1 -
>  drivers/net/veth.c              |   71 ++++-
>  drivers/net/vzethdev.c          |  697 ---------------------------------------
>  include/linux/netdev_features.h |    2 +
>  include/uapi/linux/veth.h       |   26 +--
>  kernel/Kconfig.openvz           |    8 -
>  net/core/skbuff.c               |    3 +-
>  8 files changed, 76 insertions(+), 733 deletions(-)
>  delete mode 100644 drivers/net/vzethdev.c
> 
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
> 



More information about the Devel mailing list