lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <48EC091D.7080207@hp.com>
Date:	Tue, 07 Oct 2008 21:13:01 -0400
From:	Brian Haley <brian.haley@...com>
To:	Jay Vosburgh <fubar@...ibm.com>, David Miller <davem@...emloft.net>
CC:	Vladislav Yasevich <vladislav.yasevich@...com>,
	Simon Horman <horms@...ge.net.au>,
	Alex Sidorenko <alexandre.sidorenko@...com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: [PATCH] bonding: send IPv6 neighbor advertisement on failover

This patch adds better IPv6 failover support for bonding devices, 
especially when in active-backup mode and there are only IPv6 addresses 
configured, as reported by Alex Sidorenko.

- Creates a new file, net/drivers/bonding/bond_ipv6.c, for the
   IPv6-specific routines.  Both regular bonds and VLANs over bonds
   are supported.

- Adds a new tunable, num_unsol_na, to limit the number of unsolicited
   IPv6 Neighbor Advertisements that are sent on a failover event.
   Default is 1.

- Creates two new IPv6 neighbor discovery functions:

   ndisc_build_skb()
   ndisc_send_skb()

   These were required to support VLANs since we have to be able to
   add the VLAN id to the skb since ndisc_send_na() and friends
   shouldn't be asked to do this.  These two routines are basically
   __ndisc_send() split into two pieces, in a slightly different order.

- Updates Documentation/networking/bonding.txt and bumps the rev of bond
   support to 3.4.0.

On failover, this new code will generate one packet:

- An unsolicited IPv6 Neighbor Advertisement, which helps the switch
   learn that the address has moved to the new slave.

Testing has shown that sending just the NA results in pretty good 
behavior when in active-back mode, I saw no lost ping packets for example.

-Brian

Signed-off-by: Brian Haley <brian.haley@...com>
---

View attachment "bonding-ipv6.patch" of type "text/x-patch" (19366 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ