net-loopback: allow lo dev initial state to be controlled

Traditionally loopback devices comes up with initial state as DOWN for any new network-namespace. This would mean that anyone needing this device (which is mostly true except sandboxes where networking in not needed at all), would have to bring this UP by issuing something like 'ip link set lo up' which can be avoided if the initial state can be set as UP. Also ICMP error propagation needs loopback to be UP. The default value for this sysctl is set to ZERO which will preserve the backward compatible behavior for the root-netns while changing the sysctl will only alter the behavior of the newer network namespaces. Signed-off-by: Mahesh Bandewar <maheshb@google.com> Signed-off-by: Jian Yang <jianyang@google.com>
0day-ci · Nov 11, 2020 · f1167177eeca028a046726f582c332d4c638a0c8 · f116717
1 parent 7040894
commit f1167177eeca028a046726f582c332d4c638a0c8
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 0 deletions.
diff --git a/Documentation/admin-guide/sysctl/net.rst b/Documentation/admin-guide/sysctl/net.rst
@@ -268,6 +268,17 @@ Maximum number of microseconds in one NAPI polling cycle. Polling
 will exit when either netdev_budget_usecs have elapsed during the
 poll cycle or the number of packets processed reaches netdev_budget.
 
+netdev_loopback_state
+---------------------
+
+Controls the loopback device initial state for any new network namespaces. By
+default, we keep the initial state as DOWN.
+
+If set to 1, the loopback device will be brought UP during namespace creation.
+This will only apply to all new network namespaces.
+
+Default : 0  (for compatibility reasons)
+
 netdev_max_backlog
 ------------------
 

diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c
@@ -219,6 +219,13 @@ static __net_init int loopback_net_init(struct net *net)
 
 	BUG_ON(dev->ifindex != LOOPBACK_IFINDEX);
 	net->loopback_dev = dev;
+
+	if (sysctl_netdev_loopback_state) {
+		/* Bring loopback device UP */
+		rtnl_lock();
+		dev_open(dev, NULL);
+		rtnl_unlock();
+	}
 	return 0;
 
 out_free_netdev:

diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
@@ -625,6 +625,7 @@ struct netdev_queue {
 
 extern int sysctl_fb_tunnels_only_for_init_net;
 extern int sysctl_devconf_inherit_init_net;
+extern int sysctl_netdev_loopback_state;
 
 /*
  * sysctl_fb_tunnels_only_for_init_net == 0 : For all netns

diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
@@ -35,6 +35,11 @@ static int net_msg_warn;	/* Unused, but still a sysctl */
 int sysctl_fb_tunnels_only_for_init_net __read_mostly = 0;
 EXPORT_SYMBOL(sysctl_fb_tunnels_only_for_init_net);
 
+/* 0 - default (backward compatible) state: DOWN by default
+ * 1 - UP by default (for all new network namespaces)
+ */
+int sysctl_netdev_loopback_state __read_mostly;
+
 /* 0 - Keep current behavior:
  *     IPv4: inherit all current settings from init_net
  *     IPv6: reset all settings to default
@@ -507,6 +512,15 @@ static struct ctl_table net_core_table[] = {
 		.proc_handler	= set_default_qdisc
 	},
 #endif
+	{
+		.procname	= "netdev_loopback_state",
+		.data		= &sysctl_netdev_loopback_state,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec_minmax,
+		.extra1		= SYSCTL_ZERO,
+		.extra2		= SYSCTL_ONE
+	},
 #endif /* CONFIG_NET */
 	{
 		.procname	= "netdev_budget",