[Devel] [PATCH 0/5] Replace vzethdev on veth
Andrew Vagin
avagin at odin.com
Fri Jun 5 05:34:22 PDT 2015
On Thu, Jun 04, 2015 at 08:40:07PM +0300, Konstantin Khorenko wrote:
> Andrey, Kirill,
>
> as patchset lacks the feature/usage description i've made a draft of it.
> Please, review and correct it, i'll put it into commit message as well.
>
> ============================================================================
> VZ veth features:
>
> 1) vzctl creates a pair of veth interfaces CT 0 <-> CT N
>
> 2) vzctl in CT0 calls ioctl SIOCSVENET (in include/uapi/linux/veth.h) on one of veth interfaces,
> it will enable Virtuozzo features for veth pair.
> This ioctl automatically enables skb marks saving on going out of a net namespace, which can be used
> for CT traffic accounting on CT0.
>
> Notes:
> a) no need to call this ioctl for 2 interfaces
> b) CT owner cannot call this ioctl because it's guarded by capable(CAP_NET_ADMIN), available on CT0 only
> c) it's impossible to disable VZ features on veth pair once enabled
>
> 3) after veth pair is created, MAC change functionality is enabled both from CT0 and from inside a CT
>
> 4) vzctl can set appropriate MAC addresses for both veth interfaces
>
> 5) vzctl can call SIOCSFIXEDADDR ioctl (in include/uapi/linux/veth.h) on veth interface with ifr_ifru.ifru_flags set to 1,
> which disables ability to change MAC addresses on both ends.
> The possibility to change MAC can be re-enabled by calling SIOCSFIXEDADDR ioctl with ifr_ifru.ifru_flags set to 0.
>
> Note: MAC change prevention will work _only_ after ioctl SIOCSVENET is called on a veth interface.
>
Here is an example how to call ioctl-s.
#include <string.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <linux/if.h>
#include <sys/ioctl.h>
#ifndef SIOCSFIXEDADDR
#define SIOCSVENET (SIOCDEVPRIVATE + 0xf)
#define SIOCSFIXEDADDR (SIOCDEVPRIVATE + 0xe)
#endif
int main(int argc, char **argv)
{
struct ifreq req;
int sk;
sk = socket(AF_UNIX, SOCK_DGRAM, 0);
strcpy(req.ifr_ifrn.ifrn_name, argv[1]);
req.ifr_ifru.ifru_flags = 1;
if (ioctl(sk, SIOCSVENET, &req)) {
printf("SIOCSVENET: %m");
return 1;
}
if (ioctl(sk, SIOCSFIXEDADDR, &req)) {
printf("SIOCSFIXEDADDR: %m");
return 1;
}
return 0;
}
> --
> Best regards,
>
> Konstantin Khorenko,
> Virtuozzo Linux Kernel Team
>
> On 05/28/2015 02:06 PM, Andrew Vagin wrote:
> > Add two ioctls to enable vz specific features and to control changing of mac addresses.
> >
> > https://jira.sw.ru/browse/PSBM-32276
> > https://jira.sw.ru/browse/PSBM-26974
> >
> > Andrew Vagin (5):
> > vz: remove vzethdev
> > veth: add ability to enable vz-specific features
> > veth: filter packages accoding with mac addresses
> > veth: add ability to prevent changing of a mac address from a
> > container
> > veth: don't drop skb->mark if NETIF_F_VENET is set
> >
> > config.OpenVZ | 1 -
> > drivers/net/Makefile | 1 -
> > drivers/net/veth.c | 71 ++++-
> > drivers/net/vzethdev.c | 697 ---------------------------------------
> > include/linux/netdev_features.h | 2 +
> > include/uapi/linux/veth.h | 26 +--
> > kernel/Kconfig.openvz | 8 -
> > net/core/skbuff.c | 3 +-
> > 8 files changed, 76 insertions(+), 733 deletions(-)
> > delete mode 100644 drivers/net/vzethdev.c
> >
> > _______________________________________________
> > Devel mailing list
> > Devel at openvz.org
> > https://lists.openvz.org/mailman/listinfo/devel
> >
More information about the Devel
mailing list