| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1274779201.24218.7164.camel@zakaz.uk.xensource.com> Date: Tue, 25 May 2010 10:20:01 +0100 From: Ian Campbell <Ian.Campbell@...rix.com> To: David Miller <davem@...emloft.net> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "shemminger@...ux-foundation.org" <shemminger@...ux-foundation.org>, Jeremy Fitzhardinge <Jeremy.Fitzhardinge@...rix.com>, "stable@...nel.org" <stable@...nel.org> Subject: Re: [PATCH 0/2] fixes to arp_notify for virtual machine migration use case On Mon, 2010-05-24 at 07:37 +0100, David Miller wrote: > From: Ian Campbell <Ian.Campbell@...rix.com> > Date: Wed, 12 May 2010 14:39:14 +0100 > > > Ian Campbell (2): > > arp_notify: generate broadcast ARP reply not request. > > arp_notify: generate arp_notify event on NETDEV_CHANGE too > > I don't agree with these changes. > > For the first one, I think the documentation is just wrong and the > code is what expresses the intent. The idea is not to spam the > world with a broadcast, only interested parties. OK. So what is currently sent is a gratuitous ARP request which I hadn't realised was a valid/normal thing to send but a bit of research shows that it is. In terms of MAC learning tables (which is what is interesting in the VM migration case) I think the gratuitous ARP request and reply are equivalent. I guess the difference is that an ARP request doesn't cause everyone to add an entry to their ARP cache, whereas a bcast ARP reply would cause an ARP cache entry to appear even on hosts which may never talk to the VM. Is that what you meant by spamming the world? Anyway, I'll patch the docs instead in my next submission. > Patch #2 I have major issues with, carriers flapping occaisionally is > very common. I have several interfaces which do this even on lightly > loaded networks. Iff we decide to do something like this (big "if") > it would need to be rate limited so that it doesn't trigger due to > normal flapping. FWIW arp_notify is an option which is disabled by default. > If you want your VM networking devices to trigger this event maybe > the best thing to do is to create a special notification which > allows us to prevent from doing this ARP notify for spurious physical > network device carrier flaps. I actually started down this path before I figured out how to make the existing notifications work for my use cases. Anyway, assuming the fact that arp_notify is disabled by default hasn't changed your mind, would adding NETDEV_NOTIFY_PEERS triggered by netif_notify_peers() be appropriate or would it be preferable to simply add netif_notify_peers() which generates the existing NETDEV_CHANGEADDR? I don't think there's any need for a new sysctl so I'll gate the new option on the existing arp_notify one. Ian. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists