ip link set master recursively put devices into promiscuous mode?

Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed

From: Tom Yan <tom.ty89@gmail.com>
To: stephen@networkplumber.org, netdev@vger.kernel.org
Subject: ip link set master recursively put devices into promiscuous mode?
Date: Mon, 16 Aug 2021 18:28:48 +0800	[thread overview]
Message-ID: <CAGnHSE=0ZQK=e4kV3CgycM1xTE+woT607ZHRP_EZtngwVvVB-w@mail.gmail.com> (raw)

Hi,

I've bumped into a weird / bad behavior of ip link when I use it to
enslave a passthru macvlan to a bridge:

# grep . /etc/systemd/network/*.net*
[NetDev]
Name=bridge1
Kind=bridge
# ip l add macvl0 link wlan0 type macvlan mode passthru
# date; ip l set macvl0 up
Mon Aug 16 05:31:02 PM HKT 2021
# date; ip l delete macvl0
Mon Aug 16 05:31:12 PM HKT 2021
# ip l add macvl0 link wlan0 type macvlan mode passthru
# date; ip l set macvl0 up
Mon Aug 16 05:31:35 PM HKT 2021
# date; ip l set macvl0 master bridge1
Mon Aug 16 05:31:42 PM HKT 2021
# date; ip l delete macvl0
Mon Aug 16 05:31:47 PM HKT 2021
# journalctl -k | grep promisc
Aug 16 17:31:02 ideapad kernel: device wlan0 entered promiscuous mode
Aug 16 17:31:12 ideapad kernel: device wlan0 left promiscuous mode
Aug 16 17:31:35 ideapad kernel: device wlan0 entered promiscuous mode
Aug 16 17:31:42 ideapad kernel: device macvl0 entered promiscuous mode
Aug 16 17:31:47 ideapad kernel: device macvl0 left promiscuous mode

The cause became clear when I use the nopromisc flag:

# ip l add macvl0 link wlan0 type macvlan mode passthru nopromisc
# date; ip l set macvl0 up
Mon Aug 16 05:35:27 PM HKT 2021
# date; ip l set macvl0 master bridge1
Mon Aug 16 05:35:36 PM HKT 2021
# date; ip l delete macvl0
Mon Aug 16 05:35:47 PM HKT 2021
# journalctl -k | grep promisc
Aug 16 17:35:36 ideapad kernel: device macvl0 entered promiscuous mode
Aug 16 17:35:36 ideapad kernel: device wlan0 entered promiscuous mode
Aug 16 17:35:47 ideapad kernel: device macvl0 left promiscuous mode

For some reason it causes the underlying device of the macvlan to also
enter promiscuous mode. In addition to the fact that the behavior
causes the underlying device *stay* in promiscuous mode (which shows
why it is *bad*), it does not seem to be a kernel-side problem either,
as when I use systemd-networkd to enslave the macvlan, it works as
expected / desired:

# grep . /etc/systemd/network/*.net*
/etc/systemd/network/bridge1.netdev:[NetDev]
/etc/systemd/network/bridge1.netdev:Name=bridge1
/etc/systemd/network/bridge1.netdev:Kind=bridge
/etc/systemd/network/macvl0.network:[Match]
/etc/systemd/network/macvl0.network:Name=macvl0
/etc/systemd/network/macvl0.network:[Network]
/etc/systemd/network/macvl0.network:Bridge=bridge1
# date; ip l add macvl0 link wlan0 type macvlan mode passthru
Mon Aug 16 05:21:50 PM HKT 2021
# date; ip l delete macvl0
Mon Aug 16 05:22:01 PM HKT 2021
# date; ip l add macvl0 link wlan0 type macvlan mode passthru nopromisc
Mon Aug 16 05:22:09 PM HKT 2021
# date; ip l delete macvl0
Mon Aug 16 05:22:15 PM HKT 2021
# journalctl -k | grep -i promisc
Aug 16 17:21:50 ideapad kernel: device macvl0 entered promiscuous mode
Aug 16 17:21:50 ideapad kernel: device wlan0 entered promiscuous mode
Aug 16 17:22:01 ideapad kernel: device wlan0 left promiscuous mode
Aug 16 17:22:01 ideapad kernel: device macvl0 left promiscuous mode
Aug 16 17:22:09 ideapad kernel: device macvl0 entered promiscuous mode
Aug 16 17:22:15 ideapad kernel: device macvl0 left promiscuous mode

Any ideas?

Regards,
Tom

                 reply	other threads:[~2021-08-16 10:29 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGnHSE=0ZQK=e4kV3CgycM1xTE+woT607ZHRP_EZtngwVvVB-w@mail.gmail.com' \
    --to=tom.ty89@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=stephen@networkplumber.org \
    --subject='Re: ip link set master recursively put devices into promiscuous mode?' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).