Hello Hangbin,
2025-04-03, 08:58:55 +0000, Hangbin Liu wrote:
> When setting the lower-layer link up/down, the ipvlan device synchronizes
> its state via netif_stacked_transfer_operstate(), which only checks the
> carrier state. However, setting the link down does not necessarily change
> the carrier state for virtual interfaces like bonding. This causes the
> ipvlan state to become out of sync with the lower-layer link state.
>
> If the lower link and ipvlan are in the same namespace, this issue is
> hidden because ip link show checks the link state in IFLA_LINK and has
> a m_flag to control the state, displaying M-DOWN in the flags. However,
> if the ipvlan and the lower link are in different namespaces, this
> information is not available, and the ipvlan link state remains unchanged.
Is the issue with the actual behavior (sending/receiving packets,
etc), or just in how it's displayed by iproute?
> For example:
>
> 1. Add an ipvlan over bond0.
> 2. Move the ipvlan to a separate namespace and bring it up.
> 3. Set bond0 link down.
> 4. The ipvlan remains up.
>
> This issue affects containers and pods, causing them to display an
> incorrect link state for ipvlan. Fix this by explicitly changing the
> IFF_UP flag, similar to how VLAN handles it.
I'm not sure this change of behavior can be done anymore. And I'm not
convinced vlan's behavior is better (commit 5e7565930524 ("vlan:
support "loose binding" to the underlying network device") describes
why it's not always wanted). IMO it makes sense to have admin state
separate from link state.
If you want a consistent behavior, the admin should also not be
allowed to set the link UP again while its lower device is not, like
VLAN does:
static int vlan_dev_open(struct net_device *dev)
{
struct vlan_dev_priv *vlan = vlan_dev_priv(dev);
struct net_device *real_dev = vlan->real_dev;
int err;
if (!(real_dev->flags & IFF_UP) &&
!(vlan->flags & VLAN_FLAG_LOOSE_BINDING))
return -ENETDOWN;
(but that would almost certainly break someone's scripts)
--
Sabrina
