klibc - Apr 2021 - VLAN support for ipconfig

On Tue, Apr 27, 2021 at 5:52 PM Ben Hutchings <ben at decadent.org.uk>
wrote:
> Apologies for the late response to this.
>
> On Thu, 2020-10-08 at 13:10 -0400, Kyle Rose wrote:
> > I've attached a patch to allow ipconfig to create and configure
VLAN
> > interfaces using the standard VLAN interface nomenclature
> > (physical_if.VLAN_ID). Happy to hear comments/criticism.
>
> ipconfig is only really meant to handle the "ip" kernel
parameter, so I
> think VLAN creation should be done by a separate command.  Ideally that
> would also use rtnetlink so that the VLAN device name is not restricted
> to use any particular format.  (I wonder if it is practical to get
> iproute2 running on klibc?)
>
My use-case for this is quite minimal: to permit SSH access to a machine
should something go wrong, particularly with filesystem mounting. (More
specifically, I'm developing a mechanism for TPM 2.0-based measured boot
that grants a pre-approved boot chain access to a LUKS passphrase for
decrypting the root filesystem. If this fails, I would like to be able to
investigate the problem remotely over a network segment that requires VLAN
tagging for connectivity to my desktop.) This interface is very short-lived
under normal circumstances: systemd will rename the underlying physical
interface shortly after it starts. So it feels like a lot of unnecessary
complexity to allow for arbitrary interface naming, much less making all of
iproute2 available, when my only requirement is minimal network
connectivity for diagnostic purposes. On the contrary, I intentionally kept
the change small to minimize the chances of upgrade disruption for ip
kernel parameter's primary use-case, root-on-NFS.

I'd rather not boil the ocean for something this basic. There's no
reason a
more complex use case can't motivate a bigger change in the future, but I
simply don't need anything that complex.

> There are some formatting issues with the code as well; you can use the
> kernel's checkpatch.pl script to find those.
>
Understood. Happy to fix the patch if you reconsider. Looks like I need to
figure out how to get vim to better intuit tabs vs. spaces in a particular
source file.

Thanks,
Kyle
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.zytor.com/archives/klibc/attachments/20210430/bf1b0cfc/attachment.htm>

On Fri, Apr 30, 2021 at 2:17 PM Kyle Rose <krose at krose.org>
wrote:
>
> On Tue, Apr 27, 2021 at 5:52 PM Ben Hutchings <ben at
decadent.org.uk> wrote:
>>
>> Apologies for the late response to this.
>>
>> On Thu, 2020-10-08 at 13:10 -0400, Kyle Rose wrote:
>> > I've attached a patch to allow ipconfig to create and
configure VLAN
>> > interfaces using the standard VLAN interface nomenclature
>> > (physical_if.VLAN_ID). Happy to hear comments/criticism.
>>
>> ipconfig is only really meant to handle the "ip" kernel
parameter, so I
>> think VLAN creation should be done by a separate command.  Ideally that
>> would also use rtnetlink so that the VLAN device name is not restricted
>> to use any particular format.  (I wonder if it is practical to get
>> iproute2 running on klibc?)
>
>
> My use-case for this is quite minimal: to permit SSH access to a machine
should something go wrong, particularly with filesystem mounting. (More
specifically, I'm developing a mechanism for TPM 2.0-based measured boot
that grants a pre-approved boot chain access to a LUKS passphrase for decrypting
the root filesystem. If this fails, I would like to be able to investigate the
problem remotely over a network segment that requires VLAN tagging for
connectivity to my desktop.) This interface is very short-lived under normal
circumstances: systemd will rename the underlying physical interface shortly
after it starts. So it feels like a lot of unnecessary complexity to allow for
arbitrary interface naming, much less making all of iproute2 available, when my
only requirement is minimal network connectivity for diagnostic purposes. On the
contrary, I intentionally kept the change small to minimize the chances of
upgrade disruption for ip kernel parameter's primary use-case, root-on-NFS.
>
> I'd rather not boil the ocean for something this basic. There's no
reason a more complex use case can't motivate a bigger change in the future,
but I simply don't need anything that complex.
>
Which distribution are you using? For example Fedora & Ubuntu
derivatives support in their default initramfs implementations to
bring up vlan networking with vlan= syntax. Whereas ip= syntax remains
unchanged and uses the vlan interface name that vlan= one created.

Also systemd-networked (if you have the rest of systemd in the initrd)
also support creating vlan networking.

This functionality already exists and is implemented without the need
of this feature in the ipconfig.

Have you considered using already existing vlan implementations in your initrd?
>>
>> There are some formatting issues with the code as well; you can use the
>> kernel's checkpatch.pl script to find those.
>
>
> Understood. Happy to fix the patch if you reconsider. Looks like I need to
figure out how to get vim to better intuit tabs vs. spaces in a particular
source file.
>
> Thanks,
> Kyle
>
> _______________________________________________
> klibc mailing list
> klibc at zytor.com
> https://lists.zytor.com/klibc


-- 
Regards,

Dimitri.