cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

operstates.rst (6659B)

      1.. SPDX-License-Identifier: GPL-2.0
      2
      3==================
      4Operational States
      5==================
      6
      7
      81. Introduction
      9===============
     10
     11Linux distinguishes between administrative and operational state of an
     12interface. Administrative state is the result of "ip link set dev
     13<dev> up or down" and reflects whether the administrator wants to use
     14the device for traffic.
     15
     16However, an interface is not usable just because the admin enabled it
     17- ethernet requires to be plugged into the switch and, depending on
     18a site's networking policy and configuration, an 802.1X authentication
     19to be performed before user data can be transferred. Operational state
     20shows the ability of an interface to transmit this user data.
     21
     22Thanks to 802.1X, userspace must be granted the possibility to
     23influence operational state. To accommodate this, operational state is
     24split into two parts: Two flags that can be set by the driver only, and
     25a RFC2863 compatible state that is derived from these flags, a policy,
     26and changeable from userspace under certain rules.
     27
     28
     292. Querying from userspace
     30==========================
     31
     32Both admin and operational state can be queried via the netlink
     33operation RTM_GETLINK. It is also possible to subscribe to RTNLGRP_LINK
     34to be notified of updates while the interface is admin up. This is
     35important for setting from userspace.
     36
     37These values contain interface state:
     38
     39ifinfomsg::if_flags & IFF_UP:
     40 Interface is admin up
     41
     42ifinfomsg::if_flags & IFF_RUNNING:
     43 Interface is in RFC2863 operational state UP or UNKNOWN. This is for
     44 backward compatibility, routing daemons, dhcp clients can use this
     45 flag to determine whether they should use the interface.
     46
     47ifinfomsg::if_flags & IFF_LOWER_UP:
     48 Driver has signaled netif_carrier_on()
     49
     50ifinfomsg::if_flags & IFF_DORMANT:
     51 Driver has signaled netif_dormant_on()
     52
     53TLV IFLA_OPERSTATE
     54------------------
     55
     56contains RFC2863 state of the interface in numeric representation:
     57
     58IF_OPER_UNKNOWN (0):
     59 Interface is in unknown state, neither driver nor userspace has set
     60 operational state. Interface must be considered for user data as
     61 setting operational state has not been implemented in every driver.
     62
     63IF_OPER_NOTPRESENT (1):
     64 Unused in current kernel (notpresent interfaces normally disappear),
     65 just a numerical placeholder.
     66
     67IF_OPER_DOWN (2):
     68 Interface is unable to transfer data on L1, f.e. ethernet is not
     69 plugged or interface is ADMIN down.
     70
     71IF_OPER_LOWERLAYERDOWN (3):
     72 Interfaces stacked on an interface that is IF_OPER_DOWN show this
     73 state (f.e. VLAN).
     74
     75IF_OPER_TESTING (4):
     76 Interface is in testing mode, for example executing driver self-tests
     77 or media (cable) test. It can't be used for normal traffic until tests
     78 complete.
     79
     80IF_OPER_DORMANT (5):
     81 Interface is L1 up, but waiting for an external event, f.e. for a
     82 protocol to establish. (802.1X)
     83
     84IF_OPER_UP (6):
     85 Interface is operational up and can be used.
     86
     87This TLV can also be queried via sysfs.
     88
     89TLV IFLA_LINKMODE
     90-----------------
     91
     92contains link policy. This is needed for userspace interaction
     93described below.
     94
     95This TLV can also be queried via sysfs.
     96
     97
     983. Kernel driver API
     99====================
    100
    101Kernel drivers have access to two flags that map to IFF_LOWER_UP and
    102IFF_DORMANT. These flags can be set from everywhere, even from
    103interrupts. It is guaranteed that only the driver has write access,
    104however, if different layers of the driver manipulate the same flag,
    105the driver has to provide the synchronisation needed.
    106
    107__LINK_STATE_NOCARRIER, maps to !IFF_LOWER_UP:
    108
    109The driver uses netif_carrier_on() to clear and netif_carrier_off() to
    110set this flag. On netif_carrier_off(), the scheduler stops sending
    111packets. The name 'carrier' and the inversion are historical, think of
    112it as lower layer.
    113
    114Note that for certain kind of soft-devices, which are not managing any
    115real hardware, it is possible to set this bit from userspace.  One
    116should use TLV IFLA_CARRIER to do so.
    117
    118netif_carrier_ok() can be used to query that bit.
    119
    120__LINK_STATE_DORMANT, maps to IFF_DORMANT:
    121
    122Set by the driver to express that the device cannot yet be used
    123because some driver controlled protocol establishment has to
    124complete. Corresponding functions are netif_dormant_on() to set the
    125flag, netif_dormant_off() to clear it and netif_dormant() to query.
    126
    127On device allocation, both flags __LINK_STATE_NOCARRIER and
    128__LINK_STATE_DORMANT are cleared, so the effective state is equivalent
    129to netif_carrier_ok() and !netif_dormant().
    130
    131
    132Whenever the driver CHANGES one of these flags, a workqueue event is
    133scheduled to translate the flag combination to IFLA_OPERSTATE as
    134follows:
    135
    136!netif_carrier_ok():
    137 IF_OPER_LOWERLAYERDOWN if the interface is stacked, IF_OPER_DOWN
    138 otherwise. Kernel can recognise stacked interfaces because their
    139 ifindex != iflink.
    140
    141netif_carrier_ok() && netif_dormant():
    142 IF_OPER_DORMANT
    143
    144netif_carrier_ok() && !netif_dormant():
    145 IF_OPER_UP if userspace interaction is disabled. Otherwise
    146 IF_OPER_DORMANT with the possibility for userspace to initiate the
    147 IF_OPER_UP transition afterwards.
    148
    149
    1504. Setting from userspace
    151=========================
    152
    153Applications have to use the netlink interface to influence the
    154RFC2863 operational state of an interface. Setting IFLA_LINKMODE to 1
    155via RTM_SETLINK instructs the kernel that an interface should go to
    156IF_OPER_DORMANT instead of IF_OPER_UP when the combination
    157netif_carrier_ok() && !netif_dormant() is set by the
    158driver. Afterwards, the userspace application can set IFLA_OPERSTATE
    159to IF_OPER_DORMANT or IF_OPER_UP as long as the driver does not set
    160netif_carrier_off() or netif_dormant_on(). Changes made by userspace
    161are multicasted on the netlink group RTNLGRP_LINK.
    162
    163So basically a 802.1X supplicant interacts with the kernel like this:
    164
    165- subscribe to RTNLGRP_LINK
    166- set IFLA_LINKMODE to 1 via RTM_SETLINK
    167- query RTM_GETLINK once to get initial state
    168- if initial flags are not (IFF_LOWER_UP && !IFF_DORMANT), wait until
    169  netlink multicast signals this state
    170- do 802.1X, eventually abort if flags go down again
    171- send RTM_SETLINK to set operstate to IF_OPER_UP if authentication
    172  succeeds, IF_OPER_DORMANT otherwise
    173- see how operstate and IFF_RUNNING is echoed via netlink multicast
    174- set interface back to IF_OPER_DORMANT if 802.1X reauthentication
    175  fails
    176- restart if kernel changes IFF_LOWER_UP or IFF_DORMANT flag
    177
    178if supplicant goes down, bring back IFLA_LINKMODE to 0 and
    179IFLA_OPERSTATE to a sane value.
    180
    181A routing daemon or dhcp client just needs to care for IFF_RUNNING or
    182waiting for operstate to go IF_OPER_UP/IF_OPER_UNKNOWN before
    183considering the interface / querying a DHCP address.
    184
    185
    186For technical questions and/or comments please e-mail to Stefan Rompf
    187(stefan at loplof.de).