Based on kernel version 3.19. Page generated on 2015-02-13 21:22 EST.
1 2 1. Introduction 3 4 Linux distinguishes between administrative and operational state of an 5 interface. Administrative state is the result of "ip link set dev 6 <dev> up or down" and reflects whether the administrator wants to use 7 the device for traffic. 8 9 However, an interface is not usable just because the admin enabled it 10 - ethernet requires to be plugged into the switch and, depending on 11 a site's networking policy and configuration, an 802.1X authentication 12 to be performed before user data can be transferred. Operational state 13 shows the ability of an interface to transmit this user data. 14 15 Thanks to 802.1X, userspace must be granted the possibility to 16 influence operational state. To accommodate this, operational state is 17 split into two parts: Two flags that can be set by the driver only, and 18 a RFC2863 compatible state that is derived from these flags, a policy, 19 and changeable from userspace under certain rules. 20 21 22 2. Querying from userspace 23 24 Both admin and operational state can be queried via the netlink 25 operation RTM_GETLINK. It is also possible to subscribe to RTMGRP_LINK 26 to be notified of updates. This is important for setting from userspace. 27 28 These values contain interface state: 29 30 ifinfomsg::if_flags & IFF_UP: 31 Interface is admin up 32 ifinfomsg::if_flags & IFF_RUNNING: 33 Interface is in RFC2863 operational state UP or UNKNOWN. This is for 34 backward compatibility, routing daemons, dhcp clients can use this 35 flag to determine whether they should use the interface. 36 ifinfomsg::if_flags & IFF_LOWER_UP: 37 Driver has signaled netif_carrier_on() 38 ifinfomsg::if_flags & IFF_DORMANT: 39 Driver has signaled netif_dormant_on() 40 41 TLV IFLA_OPERSTATE 42 43 contains RFC2863 state of the interface in numeric representation: 44 45 IF_OPER_UNKNOWN (0): 46 Interface is in unknown state, neither driver nor userspace has set 47 operational state. Interface must be considered for user data as 48 setting operational state has not been implemented in every driver. 49 IF_OPER_NOTPRESENT (1): 50 Unused in current kernel (notpresent interfaces normally disappear), 51 just a numerical placeholder. 52 IF_OPER_DOWN (2): 53 Interface is unable to transfer data on L1, f.e. ethernet is not 54 plugged or interface is ADMIN down. 55 IF_OPER_LOWERLAYERDOWN (3): 56 Interfaces stacked on an interface that is IF_OPER_DOWN show this 57 state (f.e. VLAN). 58 IF_OPER_TESTING (4): 59 Unused in current kernel. 60 IF_OPER_DORMANT (5): 61 Interface is L1 up, but waiting for an external event, f.e. for a 62 protocol to establish. (802.1X) 63 IF_OPER_UP (6): 64 Interface is operational up and can be used. 65 66 This TLV can also be queried via sysfs. 67 68 TLV IFLA_LINKMODE 69 70 contains link policy. This is needed for userspace interaction 71 described below. 72 73 This TLV can also be queried via sysfs. 74 75 76 3. Kernel driver API 77 78 Kernel drivers have access to two flags that map to IFF_LOWER_UP and 79 IFF_DORMANT. These flags can be set from everywhere, even from 80 interrupts. It is guaranteed that only the driver has write access, 81 however, if different layers of the driver manipulate the same flag, 82 the driver has to provide the synchronisation needed. 83 84 __LINK_STATE_NOCARRIER, maps to !IFF_LOWER_UP: 85 86 The driver uses netif_carrier_on() to clear and netif_carrier_off() to 87 set this flag. On netif_carrier_off(), the scheduler stops sending 88 packets. The name 'carrier' and the inversion are historical, think of 89 it as lower layer. 90 91 Note that for certain kind of soft-devices, which are not managing any 92 real hardware, it is possible to set this bit from userspace. One 93 should use TVL IFLA_CARRIER to do so. 94 95 netif_carrier_ok() can be used to query that bit. 96 97 __LINK_STATE_DORMANT, maps to IFF_DORMANT: 98 99 Set by the driver to express that the device cannot yet be used 100 because some driver controlled protocol establishment has to 101 complete. Corresponding functions are netif_dormant_on() to set the 102 flag, netif_dormant_off() to clear it and netif_dormant() to query. 103 104 On device allocation, networking core sets the flags equivalent to 105 netif_carrier_ok() and !netif_dormant(). 106 107 108 Whenever the driver CHANGES one of these flags, a workqueue event is 109 scheduled to translate the flag combination to IFLA_OPERSTATE as 110 follows: 111 112 !netif_carrier_ok(): 113 IF_OPER_LOWERLAYERDOWN if the interface is stacked, IF_OPER_DOWN 114 otherwise. Kernel can recognise stacked interfaces because their 115 ifindex != iflink. 116 117 netif_carrier_ok() && netif_dormant(): 118 IF_OPER_DORMANT 119 120 netif_carrier_ok() && !netif_dormant(): 121 IF_OPER_UP if userspace interaction is disabled. Otherwise 122 IF_OPER_DORMANT with the possibility for userspace to initiate the 123 IF_OPER_UP transition afterwards. 124 125 126 4. Setting from userspace 127 128 Applications have to use the netlink interface to influence the 129 RFC2863 operational state of an interface. Setting IFLA_LINKMODE to 1 130 via RTM_SETLINK instructs the kernel that an interface should go to 131 IF_OPER_DORMANT instead of IF_OPER_UP when the combination 132 netif_carrier_ok() && !netif_dormant() is set by the 133 driver. Afterwards, the userspace application can set IFLA_OPERSTATE 134 to IF_OPER_DORMANT or IF_OPER_UP as long as the driver does not set 135 netif_carrier_off() or netif_dormant_on(). Changes made by userspace 136 are multicasted on the netlink group RTMGRP_LINK. 137 138 So basically a 802.1X supplicant interacts with the kernel like this: 139 140 -subscribe to RTMGRP_LINK 141 -set IFLA_LINKMODE to 1 via RTM_SETLINK 142 -query RTM_GETLINK once to get initial state 143 -if initial flags are not (IFF_LOWER_UP && !IFF_DORMANT), wait until 144 netlink multicast signals this state 145 -do 802.1X, eventually abort if flags go down again 146 -send RTM_SETLINK to set operstate to IF_OPER_UP if authentication 147 succeeds, IF_OPER_DORMANT otherwise 148 -see how operstate and IFF_RUNNING is echoed via netlink multicast 149 -set interface back to IF_OPER_DORMANT if 802.1X reauthentication 150 fails 151 -restart if kernel changes IFF_LOWER_UP or IFF_DORMANT flag 152 153 if supplicant goes down, bring back IFLA_LINKMODE to 0 and 154 IFLA_OPERSTATE to a sane value. 155 156 A routing daemon or dhcp client just needs to care for IFF_RUNNING or 157 waiting for operstate to go IF_OPER_UP/IF_OPER_UNKNOWN before 158 considering the interface / querying a DHCP address. 159 160 161 For technical questions and/or comments please e-mail to Stefan Rompf 162 (stefan at loplof.de).