On 4/1/18 3:13 AM, Si-Wei Liu wrote: > Hidden netdevice is not visible to userspace such that > typical network utilites e.g. ip, ifconfig and et al, > cannot sense its existence or configure it. Internally > hidden netdev may associate with an upper level netdev > that userspace has access to. Although userspace cannot > manipulate the lower netdev directly, user may control > or configure the underlying hidden device through the > upper-level netdev. For identification purpose, the > kobject for hidden netdev still presents in the sysfs > hierarchy, however, no uevent message will be generated > when the sysfs entry is created, modified or destroyed. > > For that end, a separate namescope needs to be carved > out for IFF_HIDDEN netdevs. As of now netdev name that > starts with colon i.e. ':' is invalid in userspace, > since socket ioctls such as SIOCGIFCONF use ':' as the > separator for ifname. The absence of namescope started > with ':' can rightly be used as the namescope for > the kernel-only IFF_HIDDEN netdevs. > > Signed-off-by: Si-Wei Liu <si-wei....@oracle.com> > --- > include/linux/netdevice.h | 12 ++ > include/net/net_namespace.h | 2 + > net/core/dev.c | 281 > ++++++++++++++++++++++++++++++++++++++------ > net/core/net_namespace.c | 1 + > 4 files changed, 263 insertions(+), 33 deletions(-) >
There are other use cases that want to hide a device from userspace. I would prefer a better solution than playing games with name prefixes and one that includes an API for users to list all devices -- even ones hidden by default. https://github.com/dsahern/linux/commit/48a80a00eac284e58bae04af10a5a932dd7aee00 https://github.com/dsahern/iproute2/commit/7563f5b26f5539960e99066e34a995d22ea908ed Also, why are you suggesting that the device should still be visible via /sysfs? That leads to inconsistent views of networking state - /sys shows a device but a link dump does not.
