On Mon, 1 Jun 2015 13:46:26 +0200
Guilhem Moulin <guil...@guilhem.org> wrote:
> On Sun, 31 May 2015 at 21:30:25 -0500, Karl O. Pinc wrote:
> > On Mon, 1 Jun 2015 03:30:36 +0200 Guilhem Moulin
> > <guil...@guilhem.org> wrote:
> I'd rather not having to manually edit these scripts, and follow your
> original patch to add a new configuration variable DROPBEAR_IFDOWN.
> (Perhaps unset by default for NFS mounts, and set to “all” otherwise.)
You're right, a configuration variable is the way to go.
My thoughts are
in order to support nfs mounts it should not bring down
and flush everything, but instead work only on
specific addresses of specific interfaces. This means
using "ip addr flush dev <ethX> to <address>".
Alternately, labels could be useful.
>
> > But all this raises a question in my mind.
> > If ip is available then why does ipconfig
> > exist at all and why is it used? Why would
> > it even be necessary to patch klibc/ipconfig?
>
> /sbin/ip is provided by busybox, which is not required. However it is
> for remote rootfs unlocking, since a shell is needed to type in the
> command or execute the SSH_COMMAND.
Yes. Very good point.
>
> > Patching ipconfig would only be useful in those
> > environments where ip is not available, and in
> > those environments the "ip flush" functionality
> > would need to be built into ipconfig. In this
> > case the right thing to do is not to add
> > a function to linux-intramfs-tool but to
> > dig around in the ip code and port the flush
> > part back into ipconfig. With luck this won't be that
> > hard now that we know where to look.
> > (I think the "down" part is already done.)
>
> It's true that the l maintainers might be reluctant
> to use ip in ‘unconfigure_networking’ while ‘configure_networking’
> uses ipconfig. And using only ip is probably not acceptable since
> it's not guaranteed to be present. However I doubt I have the skills
> to patch klibc :-/ I'd say using ip in dropbear's init-bottom script
> is fine in the meantime.
I've been thinking more deeply. To answer
my own question, ipconfig is required to support
the various configuration protocols, like dhcp.
But it does not need to support bringing the
interface down, the klibc patch is unnecessary.
Regards having a linux-initramfs-tools function: I've not
looked at the code, but the abstractions needed
would seem to be 2: bring down an interface,
deconfigure the interface. However the ip
command already provides these abstractions
so I'm not sure I see the advantage in having
a function in inux-initramfs-tools. It would make
sense if the abstraction were to do both of these
things, but I'm not convinced of the need. So,
perhaps just frobbing the dropbear scripts so that
they can clean up the temporary IP is enough.
(At least if the config variable is DROPBEAR_IFDOWN.
If it's a more generic config for the whole
initramfs then perhaps the changes do need to
be made in the *-tools scripts. You seem more
familiar with the code and may have a better
feel for the right way forward here.)
Regards using ip to bring down and de-configure the
interface: I think the scripts need to first bring the
interface down then flush them. After poking around
the flush code I see that it first empties the buffers
and then does something to de-configure the interface
(I think). So if you don't bring the interface
down first you'll have a race condition where you
empty the buffers but more arrives before the
configuration is removed. (Maybe.)
Regards,
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
