Re: [PATCH net-next v8 03/24] ovpn: add basic netlink support
From: Jiri Pirko
Date: Tue Oct 08 2024 - 08:52:39 EST
Tue, Oct 08, 2024 at 11:16:01AM CEST, antonio@xxxxxxxxxxx wrote:
>On 08/10/2024 10:58, Jiri Pirko wrote:
>> Tue, Oct 08, 2024 at 10:01:40AM CEST, antonio@xxxxxxxxxxx wrote:
>> > Hi,
>> >
>> > On 07/10/24 17:32, Jiri Pirko wrote:
>> > > Wed, Oct 02, 2024 at 11:02:17AM CEST, antonio@xxxxxxxxxxx wrote:
>> > >
>> > > [...]
>> > >
>> > >
>> > > > +operations:
>> > > > + list:
>> > > > + -
>> > > > + name: dev-new
>> > > > + attribute-set: ovpn
>> > > > + flags: [ admin-perm ]
>> > > > + doc: Create a new interface of type ovpn
>> > > > + do:
>> > > > + request:
>> > > > + attributes:
>> > > > + - ifname
>> > > > + - mode
>> > > > + reply:
>> > > > + attributes:
>> > > > + - ifname
>> > > > + - ifindex
>> > > > + -
>> > > > + name: dev-del
>> > >
>> > > Why you expose new and del here in ovn specific generic netlink iface?
>> > > Why can't you use the exising RTNL api which is used for creation and
>> > > destruction of other types of devices?
>> >
>> > That was my original approach in v1, but it was argued that an ovpn interface
>> > needs a userspace program to be configured and used in a meaningful way,
>> > therefore it was decided to concentrate all iface mgmt APIs along with the
>> > others in the netlink family and to not expose any RTNL ops.
>>
>> Can you please point me to the message id?
>
><CAHNKnsQnHAdxC-XhC9RP-cFp0d-E4YGb+7ie3WymXVL9N-QS6A@xxxxxxxxxxxxxx> from
>Sergey and subsequent replies.
>RTNL vs NL topic starts right after the definition of 'ovpn_link_ops'
Yeah, does not make sense to me. All devices should implement common
rtnl ops, the extra-config, if needed, could be on a separate channel.
I don't find Sergey's argumentation valid.
>
>Recently Kuniyuki commented on this topic as well in:
><20240919055259.17622-1-kuniyu@xxxxxxxxxx>
>and that is why I added a default dellink implemetation.
Having dellink without newlink implemented is just wrong.
>
>>
>>
>> >
>> > However, recently we decided to add a dellink implementation for better
>> > integration with network namespaces and to allow the user to wipe a dangling
>> > interface.
>>
>> Hmm, one more argument to have symmetric add/del impletentation in RTNL
>>
>>
>> >
>> > In the future we are planning to also add the possibility to create a
>> > "persistent interface", that is an interface created before launching any
>> > userspace program and that survives when the latter is stopped.
>> > I can guess this functionality may be better suited for RTNL, but I am not
>> > sure yet.
>>
>> That would be quite confusing to have RTNL and genetlink iface to
>> add/del device. From what you described above, makes more sent to have
>> it just in RTNL
>
>All in all I tend to agree.
>
>>
>> >
>> > @Jiri: do you have any particular opinion why we should use RTNL ops and not
>> > netlink for creating/destroying interfaces? I feel this is mostly a matter of
>> > taste, but maybe there are technical reasons we should consider.
>>
>> Well. technically, you can probabaly do both. But it is quite common
>> that you can add/delete these kind of devices over RTNL. Lots of
>> examples. People are used to it, aligns with existing flows.
>
>The only counterargument I see is the one brought by Sergey: "the ovpn
>interface is not usable after creation, if no openvpn process is running".
>
>However, allowing to create "persistent interfaces" will define a use-case
>for having an ovpn device without any userspace process.
>
>@Sergey what is your opinion here? I am not sure persistent interfaces were
>discussed at the time you brought your point about RTNL vs NL.
>
>
>Regards,
>
>
>>
>> >
>> > Thanks a lot for your contribution.
>> >
>> > Regards,
>> >
>> >
>> > >
>> > >
>> > > ip link add [link DEV | parentdev NAME] [ name ] NAME
>> > > [ txqueuelen PACKETS ]
>> > > [ address LLADDR ]
>> > > [ broadcast LLADDR ]
>> > > [ mtu MTU ] [index IDX ]
>> > > [ numtxqueues QUEUE_COUNT ]
>> > > [ numrxqueues QUEUE_COUNT ]
>> > > [ netns { PID | NETNSNAME | NETNSFILE } ]
>> > > type TYPE [ ARGS ]
>> > >
>> > > ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]
>> > >
>> > > Lots of examples of existing types creation is for example here:
>> > > https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking
>> > >
>> > >
>> > >
>> > > > + attribute-set: ovpn
>> > > > + flags: [ admin-perm ]
>> > > > + doc: Delete existing interface of type ovpn
>> > > > + do:
>> > > > + pre: ovpn-nl-pre-doit
>> > > > + post: ovpn-nl-post-doit
>> > > > + request:
>> > > > + attributes:
>> > > > + - ifindex
>> > >
>> > > [...]
>> >
>> > --
>> > Antonio Quartulli
>> > OpenVPN Inc.
>
>--
>Antonio Quartulli
>OpenVPN Inc.