| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 May 2010 15:12:41 -0700
From: Jay Vosburgh <fubar@...ibm.com>
To: Andy Gospodarek <andy@...yhouse.net>
cc: netdev@...r.kernel.org
Subject: Re: [PATCH net-next-2.6 1/2] bonding: add keep_all parameter
Andy Gospodarek <andy@...yhouse.net> wrote:
>On Tue, May 11, 2010 at 10:18:21AM -0700, Jay Vosburgh wrote:
>> Andy Gospodarek <andy@...yhouse.net> wrote:
>>
>> >
>> >In an effort to suppress duplicate frames on certain bonding modes
>> >(specifically the modes that do not require additional configuration on
>> >the switch or switches connected to the host),
>>
>> Strictly speaking, the above is incorrect, as the duplicate
>> suppression is turned on for the active-backup inactive slaves as well
>> as 802.3ad ports that are disabled (any slave that gets the "inactive"
>> flag bit set).
>
>It is also effective when using ALB and TLB, right? I can change the
>language if you would like to increase the description's accuracy.
Yah, I forgot about that; the ALB/TLB modes suppress broadcast
and multicast traffic on "inactive" slaves, although that's kind of a
misnomer, since in those modes, "inactive" slaves are active for unicast
traffic.
>> >[...] code was added in the
>> >generic receive patch in 2.6.16. The current behavior works quite well
>> >for most users, but there are some times it would be nice to restore old
>> >functionality and allow all frames to make their way up the stack.
>>
>> Reading netdev lately, it sure looks like everybody wants ways
>> to shut off or bypass the duplicate suppression.
>>
>
>I see that too, which was part of the reason to add a configuration
>option. I know many of the people that complained that they were seeing
>dups will complain again if they show up in the future, so a config
>option seemed like the best way to satisfy both.
>
>> >This patch adds support for a new module option and sysfs file called
>> >'keep_all' that will restore pre-2.6.16 functionality if the user
>> >desires. The default value is '0' and retains existing behavior, but
>> >the user can set it to '1' and allow all frames up if desired.
>>
>> Since this is really meant for the queue tagging stuff in the
>> next patch, should this really be something that's enabled automatically
>> if the queues are configured in such a way that the inactive slave is
>> going to receive traffic?
>>
>
>Part of the reason not to have it happen automatically is that the
>second patch *should* allow simple pass-through of queue-mapping (though
>I didn't mention that specifically) from bond device to underlying
>slaves if the user is aware of the number of output queues in their
>NIC and doesn't set the queue_ids for any of the slaves.
>
>Another reason not to turn it on automatically is if the network patch
>for transmission and reception are actually different. The 'keep_all=1'
>flag might not be needed if transmission is happening on an inactive
>interface, but the active interface will receive all responses due to
>the way the network is designed.
>
>Again, a big part of the motivation patch was bringing back that
>old-functionality to those that desire it and was why I split this out
>from the next patch.
I think I addressed a lot of this in my big honkin' reply to the
other patch, so I'll forbear further commment until you're read through
all that.
>> I also wonder if something like this would satisfy the FCOE guys
>> without making __netif_receive_skb / skb_bond_should_drop even more
>> complicated than they already are.
>
>I'd love to think so, but you never know.
>
>> >Signed-off-by: Andy Gospodarek <andy@...yhouse.net>
>> >Signed-off-by: Neil Horman <nhorman@...driver.com>
>> >---
>> > Documentation/networking/bonding.txt | 15 ++++++++++++
>> > drivers/net/bonding/bond_main.c | 15 ++++++++++++
>> > drivers/net/bonding/bond_sysfs.c | 43 +++++++++++++++++++++++++++++++++-
>> > drivers/net/bonding/bonding.h | 1 +
>> > include/linux/if.h | 1 +
>> > net/core/dev.c | 26 +++++++++++---------
>> > 6 files changed, 88 insertions(+), 13 deletions(-)
>> >
>> >diff --git a/Documentation/networking/bonding.txt b/Documentation/networking/bonding.txt
>> >index 61f516b..d64fd2f 100644
>> >--- a/Documentation/networking/bonding.txt
>> >+++ b/Documentation/networking/bonding.txt
>> >@@ -399,6 +399,21 @@ fail_over_mac
>> > This option was added in bonding version 3.2.0. The "follow"
>> > policy was added in bonding version 3.3.0.
>> >
>> >+keep_all
>> >+
>> >+ Option to specify whether or not you will keep all frames
>> >+ received on an interface that is a member of a bond. Right
>> >+ now checking is done to ensure that most frames ultimately
>> >+ classified as duplicates are dropped to keep noise to a
>> >+ minimum. The feature to drop duplicates was added in kernel
>> >+ version 2.6.16 (bonding driver version 3.0.2) and this will
>> >+ allow that original behavior to be restored if desired.
>> >+
>> >+ A value of 0 (default) will preserve the current behavior and
>> >+ will drop all duplicate frames the bond may receive. A value
>> >+ of 1 will not attempt to avoid duplicate frames and pass all
>> >+ of them up the stack.
>>
>> Two thoughts (presuming for the moment that this doesn't
>> change): first, bump the driver version and mention when it was added;
>> second, mention that this only applies to active-backup mode.
>>
>
>Happy to update the version. But shouldn't this impact ALB and TLB
>modes too since they have a concept of 'active' slaves?
>
>> > lacp_rate
>> >
>> > Option specifying the rate in which we'll ask our link partner
>
><snip>
>
>> >--- a/net/core/dev.c
>> >+++ b/net/core/dev.c
>> >@@ -2758,21 +2758,23 @@ int __skb_bond_should_drop(struct sk_buff *skb, struct net_device *master)
>> > skb_bond_set_mac_by_master(skb, master);
>> > }
>> >
>> >- if (dev->priv_flags & IFF_SLAVE_INACTIVE) {
>> >- if ((dev->priv_flags & IFF_SLAVE_NEEDARP) &&
>> >- skb->protocol == __cpu_to_be16(ETH_P_ARP))
>> >- return 0;
>> >+ if (unlikely(!(master->priv_flags & IFF_BONDING_KEEP_ALL))) {
>>
>> So it's unlikely that "keep all" will be turned off?
>>
>
>Grrrr. That should be an if(likely!(.... Good catch.
>
>> >+ if (dev->priv_flags & IFF_SLAVE_INACTIVE) {
>> >+ if ((dev->priv_flags & IFF_SLAVE_NEEDARP) &&
>> >+ skb->protocol == __cpu_to_be16(ETH_P_ARP))
>> >+ return 0;
>> >
>> >- if (master->priv_flags & IFF_MASTER_ALB) {
>> >- if (skb->pkt_type != PACKET_BROADCAST &&
>> >- skb->pkt_type != PACKET_MULTICAST)
>> >+ if (master->priv_flags & IFF_MASTER_ALB) {
>> >+ if (skb->pkt_type != PACKET_BROADCAST &&
>> >+ skb->pkt_type != PACKET_MULTICAST)
>> >+ return 0;
>> >+ }
>> >+ if (master->priv_flags & IFF_MASTER_8023AD &&
>> >+ skb->protocol == __cpu_to_be16(ETH_P_SLOW))
>> > return 0;
>> >- }
>> >- if (master->priv_flags & IFF_MASTER_8023AD &&
>> >- skb->protocol == __cpu_to_be16(ETH_P_SLOW))
>> >- return 0;
>> >
>> >- return 1;
>> >+ return 1;
>> >+ }
>> > }
>> > return 0;
>> > }
>> >--
>> >1.6.2.5
-J
---
-Jay Vosburgh, IBM Linux Technology Center, fubar@...ibm.com
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists