Drop the "ipddp" module?

Seth Forshee seth.forshee at canonical.com
Tue Dec 20 15:44:58 UTC 2016


Hi Adam,

Just to let you know up front - this is my last working day until the
new year, so I likely won't have any further replies until then.

On Fri, Dec 16, 2016 at 11:34:41PM -0500, Adam Seering wrote:
> Hi all,
> 	I'm wondering whether the Ubuntu team might consider dropping the "ipddp"
> module (kernel-based IP encapsulation for pre-Ethernet Macs) from the
> official Ubuntu kernel build?  If so, how would I go about proposing such a
> change?

Typically you would open a bug in launchpad, and you already have one.
I've change it to be against linux instead of linux-lts-wily.

Removing a module like this is typically something we'd only do in a
development release. To remove it from released versions of Ubuntu we'd
need really strong evidence that no one is using it.

> 	It has bit-rotted and appears to no longer serve its intended function.
> CentOS (among others) stopped compiling this module many years ago. Its
> upstream maintainers have not been responsive on netdev for years and don't
> seem to be taking patches.  More importantly, it breaks a kernel interface
> that its newer pure-userspace counterpart "MacIPGW" depends on even if
> compiled as a module *and not loaded*.
> 
> 
> 	As justification for these claims:
> 
> 
> 	"ipddp" has a bug[1][2] such that, even when built as a module, part of it
> gets compiled directly into the kernel and causes IP-over-DDP packets to get
> silently dropped.  The only workaround is to not compile the module at all.

I don't think that's true. handle_ip_over_ddp() is static to
net/appletalk_ddp.c which is part of the appletalk module when
CONFIG_ATALK=m. So it should not be present when the appletalk module is
not loaded. The kernel will request the module be loaded when a socket
is created for the AF_APPLETALK protocol family, if it hasn't already
been loaded.

> 	The "ipddp" module is not useful on its own.  It must be configured by
> userspace programs[3] which Ubuntu doesn't package -- I can't even find one
> of them anywhere online, in any form.

That's pretty good evidence that there's really no one using this
module.

> 	The third-party app "MacIPGW"[4] largely supercedes the kernel module.
> However, the aforementioned bug in this module breaks MacIPGW unless the
> module is not compiled at all as part of the kernel build.	
> 
> 	I tried to upstream the simple kernel patch[5] that simply fixes the
> module, but my patch never got reviewed.  (Well, David Miller snarked at me;
> I think (?) he missed that this is a trivial bug, not some weird design
> change, and a silly hobbyist like me doesn't get enough cycles of his time
> to clarify such things.)

I'm not all that familiar with the networking code so I'm not really
qualified to comment on the patch. My initial impression is that there
should be some cleaner way to do it, but I'm not sure. It's unfortunate
that you didn't get better feedback.

> 	It could well be that I'm the only person in the world who cares about
> this.  I'm not entirely averse to maintaining my own kernel build.  But this
> is such an obvious bug, and I really do like letting the Ubuntu security
> team keep my kernel up-to-date for me...  If y'all don't want to accept this
> change, got any alternative suggestions?

I'd suggest that we disable the module in zesty and see if anyone
complains. Were you hoping to get it disabled in earlier releases?

Seth




More information about the kernel-team mailing list