lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 23 Sep 2008 11:17:25 -0600
From:	"Chris Friesen" <cfriesen@...tel.com>
To:	Jay Vosburgh <fubar@...ibm.com>
CC:	netdev@...r.kernel.org
Subject: Re: dhcp/bonding interaction question

Jay Vosburgh wrote:
> Chris Friesen <cfriesen@...tel.com> wrote:
> 
>> On the
>> booting blade the xid in the packet doesn't match the xid for the device
>> on which the packet was received, so the packet is dropped.
> 
> 	Presumably the blade is matching xid on a per-interface basis.

Yes, the dhcp code in the kernel does this.

> 	I'm guessing your problem is really due to the nature of the
> intra-chassis network on the blade system.  If it's like the ones I'm
> familiar with (eth0 of all blades to a single switch, eth1 of all blades
> to a different switch, etc), then you can't configure the switches into
> an etherchannel group as can be done with the usual configuration
> (multiple ports on one switch).

This has been handled already.  The two switches are a single 
etherchannel group and all blades (except the booting one) have 
etherchannel enabled.

>> What's the proper solution here?  Should dhcpd be forcing reply packets
>> out the slave on which the packet was received?
> 
> 	Why is the blade issuing DHCP before the bond is configured?

The blade is net-booting.  The BIOS does DHCP to download the kernel, 
and this works.  The kernel comes up and does DHCP to obtain an IP 
address so it can download the boot image, and this fails as described.

The etherchannel/bond link isn't set up until userspace is loaded and 
the bonding driver is insmodded (under multiple aliases with different 
sets of slaves).

> I'm unsure as to whether dhcpd should force replies as suggested, but
> recent changes to bonding/net core would probably permit dhcpd to run
> directly on the slave (it might need tweaking, I'm not sure) and
> accomplish that result. I don't think it would work on older versions
> of bonding, since there's no way to tell which slave a packet arrived
> on.

That's not a problem.  We've got an older version, but support for 
querying which slave a packet arrived on has been added.

Chris
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ