本文主要是介绍禁止内核创建fallback设备,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
使用ip link命令查看接口的时候,会发现一些系统自动创建的隧道fallback设备,如:tunl0、gre0、gretap0、sit0、ip6tnl0和ip6gre0等。
/ # ip link
14: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1link/ipip 0.0.0.0 brd 0.0.0.0
15: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1link/gre 0.0.0.0 brd 0.0.0.0
16: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
17: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1link/sit 0.0.0.0 brd 0.0.0.0
18: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT group default qlen 1link/tunnel6 :: brd ::
19: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN mode DEFAULT group default qlen 1link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
PROC文件/proc/sys/net/core/fb_tunnels_only_for_init_net用于控制是否创建fallback隧道设备。默认值为0,即为所有的命名空间创建fallback设备。如下函数net_has_fallback_tunnels的实现,如果值等于1,只有init_net命名空间中创建fallback设备。如果值为2,所有命名空间都不创建fallback设备。
/* * sysctl_fb_tunnels_only_for_init_net == 0 : For all netns* == 1 : For initns only* == 2 : For none.*/
static inline bool net_has_fallback_tunnels(const struct net *net)
{ return !IS_ENABLED(CONFIG_SYSCTL) ||!sysctl_fb_tunnels_only_for_init_net ||(net == &init_net && sysctl_fb_tunnels_only_for_init_net == 1);
}
如下,在IPv4隧道的命名空间初始化时,如果net_has_fallback_tunnels返回0,fb_tunnel_dev设置为NULL。
int ip_tunnel_init_net(struct net *net, unsigned int ip_tnl_net_id,struct rtnl_link_ops *ops, char *devname)
{struct ip_tunnel_net *itn = net_generic(net, ip_tnl_net_id);...if (!ops || !net_has_fallback_tunnels(net)) {struct ip_tunnel_net *it_init_net;it_init_net = net_generic(&init_net, ip_tnl_net_id);itn->type = it_init_net->type;itn->fb_tunnel_dev = NULL;return 0;}
如果net_has_fallback_tunnels返回0,sit隧道命名空间初始化函数,将不会创建sit0设备。
static int __net_init sit_init_net(struct net *net)
{struct sit_net *sitn = net_generic(net, sit_net_id);struct ip_tunnel *t;...if (!net_has_fallback_tunnels(net))return 0;sitn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "sit0",NET_NAME_UNKNOWN, ipip6_tunnel_setup);
如果net_has_fallback_tunnels返回0,vti6隧道命名空间初始化函数,将不会创建ip6_vti0设备。
static int __net_init vti6_init_net(struct net *net)
{struct vti6_net *ip6n = net_generic(net, vti6_net_id);struct ip6_tnl *t = NULL;ip6n->tnls[0] = ip6n->tnls_wc;ip6n->tnls[1] = ip6n->tnls_r_l;if (!net_has_fallback_tunnels(net))return 0;err = -ENOMEM;ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0",NET_NAME_UNKNOWN, vti6_dev_setup);
如果net_has_fallback_tunnels返回0,ip6gre隧道命名空间初始化函数,将不会创建ip6gre0设备。
static int __net_init ip6gre_init_net(struct net *net)
{struct ip6gre_net *ign = net_generic(net, ip6gre_net_id);struct net_device *ndev;if (!net_has_fallback_tunnels(net))return 0;ndev = alloc_netdev(sizeof(struct ip6_tnl), "ip6gre0",NET_NAME_UNKNOWN, ip6gre_tunnel_setup);
如果net_has_fallback_tunnels返回0,ip6隧道命名空间初始化函数,将不会创建ip6tnl0设备。
static int __net_init ip6_tnl_init_net(struct net *net)
{struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);struct ip6_tnl *t = NULL;ip6n->tnls[0] = ip6n->tnls_wc;ip6n->tnls[1] = ip6n->tnls_r_l;if (!net_has_fallback_tunnels(net))return 0;err = -ENOMEM;ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6tnl0",NET_NAME_UNKNOWN, ip6_tnl_dev_setup);
内核版本 5.10
这篇关于禁止内核创建fallback设备的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
