1 21. Introduction 3 4Linux distinguishes between administrative and operational state of an 5interface. Administrative state is the result of "ip link set dev 6<dev> up or down" and reflects whether the administrator wants to use 7the device for traffic. 8 9However, an interface is not usable just because the admin enabled it 10- ethernet requires to be plugged into the switch and, depending on 11a site's networking policy and configuration, an 802.1X authentication 12to be performed before user data can be transferred. Operational state 13shows the ability of an interface to transmit this user data. 14 15Thanks to 802.1X, userspace must be granted the possibility to 16influence operational state. To accommodate this, operational state is 17split into two parts: Two flags that can be set by the driver only, and 18a RFC2863 compatible state that is derived from these flags, a policy, 19and changeable from userspace under certain rules. 20 21 222. Querying from userspace 23 24Both admin and operational state can be queried via the netlink 25operation RTM_GETLINK. It is also possible to subscribe to RTNLGRP_LINK 26to be notified of updates while the interface is admin up. This is 27important for setting from userspace. 28 29These values contain interface state: 30 31ifinfomsg::if_flags & IFF_UP: 32 Interface is admin up 33ifinfomsg::if_flags & IFF_RUNNING: 34 Interface is in RFC2863 operational state UP or UNKNOWN. This is for 35 backward compatibility, routing daemons, dhcp clients can use this 36 flag to determine whether they should use the interface. 37ifinfomsg::if_flags & IFF_LOWER_UP: 38 Driver has signaled netif_carrier_on() 39ifinfomsg::if_flags & IFF_DORMANT: 40 Driver has signaled netif_dormant_on() 41 42TLV IFLA_OPERSTATE 43 44contains RFC2863 state of the interface in numeric representation: 45 46IF_OPER_UNKNOWN (0): 47 Interface is in unknown state, neither driver nor userspace has set 48 operational state. Interface must be considered for user data as 49 setting operational state has not been implemented in every driver. 50IF_OPER_NOTPRESENT (1): 51 Unused in current kernel (notpresent interfaces normally disappear), 52 just a numerical placeholder. 53IF_OPER_DOWN (2): 54 Interface is unable to transfer data on L1, f.e. ethernet is not 55 plugged or interface is ADMIN down. 56IF_OPER_LOWERLAYERDOWN (3): 57 Interfaces stacked on an interface that is IF_OPER_DOWN show this 58 state (f.e. VLAN). 59IF_OPER_TESTING (4): 60 Unused in current kernel. 61IF_OPER_DORMANT (5): 62 Interface is L1 up, but waiting for an external event, f.e. for a 63 protocol to establish. (802.1X) 64IF_OPER_UP (6): 65 Interface is operational up and can be used. 66 67This TLV can also be queried via sysfs. 68 69TLV IFLA_LINKMODE 70 71contains link policy. This is needed for userspace interaction 72described below. 73 74This TLV can also be queried via sysfs. 75 76 773. Kernel driver API 78 79Kernel drivers have access to two flags that map to IFF_LOWER_UP and 80IFF_DORMANT. These flags can be set from everywhere, even from 81interrupts. It is guaranteed that only the driver has write access, 82however, if different layers of the driver manipulate the same flag, 83the driver has to provide the synchronisation needed. 84 85__LINK_STATE_NOCARRIER, maps to !IFF_LOWER_UP: 86 87The driver uses netif_carrier_on() to clear and netif_carrier_off() to 88set this flag. On netif_carrier_off(), the scheduler stops sending 89packets. The name 'carrier' and the inversion are historical, think of 90it as lower layer. 91 92Note that for certain kind of soft-devices, which are not managing any 93real hardware, it is possible to set this bit from userspace. One 94should use TVL IFLA_CARRIER to do so. 95 96netif_carrier_ok() can be used to query that bit. 97 98__LINK_STATE_DORMANT, maps to IFF_DORMANT: 99 100Set by the driver to express that the device cannot yet be used 101because some driver controlled protocol establishment has to 102complete. Corresponding functions are netif_dormant_on() to set the 103flag, netif_dormant_off() to clear it and netif_dormant() to query. 104 105On device allocation, both flags __LINK_STATE_NOCARRIER and 106__LINK_STATE_DORMANT are cleared, so the effective state is equivalent 107to netif_carrier_ok() and !netif_dormant(). 108 109 110Whenever the driver CHANGES one of these flags, a workqueue event is 111scheduled to translate the flag combination to IFLA_OPERSTATE as 112follows: 113 114!netif_carrier_ok(): 115 IF_OPER_LOWERLAYERDOWN if the interface is stacked, IF_OPER_DOWN 116 otherwise. Kernel can recognise stacked interfaces because their 117 ifindex != iflink. 118 119netif_carrier_ok() && netif_dormant(): 120 IF_OPER_DORMANT 121 122netif_carrier_ok() && !netif_dormant(): 123 IF_OPER_UP if userspace interaction is disabled. Otherwise 124 IF_OPER_DORMANT with the possibility for userspace to initiate the 125 IF_OPER_UP transition afterwards. 126 127 1284. Setting from userspace 129 130Applications have to use the netlink interface to influence the 131RFC2863 operational state of an interface. Setting IFLA_LINKMODE to 1 132via RTM_SETLINK instructs the kernel that an interface should go to 133IF_OPER_DORMANT instead of IF_OPER_UP when the combination 134netif_carrier_ok() && !netif_dormant() is set by the 135driver. Afterwards, the userspace application can set IFLA_OPERSTATE 136to IF_OPER_DORMANT or IF_OPER_UP as long as the driver does not set 137netif_carrier_off() or netif_dormant_on(). Changes made by userspace 138are multicasted on the netlink group RTNLGRP_LINK. 139 140So basically a 802.1X supplicant interacts with the kernel like this: 141 142-subscribe to RTNLGRP_LINK 143-set IFLA_LINKMODE to 1 via RTM_SETLINK 144-query RTM_GETLINK once to get initial state 145-if initial flags are not (IFF_LOWER_UP && !IFF_DORMANT), wait until 146 netlink multicast signals this state 147-do 802.1X, eventually abort if flags go down again 148-send RTM_SETLINK to set operstate to IF_OPER_UP if authentication 149 succeeds, IF_OPER_DORMANT otherwise 150-see how operstate and IFF_RUNNING is echoed via netlink multicast 151-set interface back to IF_OPER_DORMANT if 802.1X reauthentication 152 fails 153-restart if kernel changes IFF_LOWER_UP or IFF_DORMANT flag 154 155if supplicant goes down, bring back IFLA_LINKMODE to 0 and 156IFLA_OPERSTATE to a sane value. 157 158A routing daemon or dhcp client just needs to care for IFF_RUNNING or 159waiting for operstate to go IF_OPER_UP/IF_OPER_UNKNOWN before 160considering the interface / querying a DHCP address. 161 162 163For technical questions and/or comments please e-mail to Stefan Rompf 164(stefan at loplof.de). 165