| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <19583.1299262713@death>
Date: Fri, 04 Mar 2011 10:18:33 -0800
From: Jay Vosburgh <fubar@...ibm.com>
To: "Harsha R02" <Harsha.R02@...asis.com>
cc: "Brian Haley" <brian.haley@...com>,
"Andrew Morton" <akpm@...ux-foundation.org>,
bugzilla-daemon@...zilla.kernel.org,
bugme-daemon@...zilla.kernel.org, netdev@...r.kernel.org
Subject: Re: [Bugme-new] [Bug 29712] New: Bonding Driver(version : 3.5.0) - Problem with ARP monitoring in active backup mode
Harsha R02 <Harsha.R02@...asis.com> wrote:
>We found that the patch that is presented here has some issues and we
>cannot go with this solution.
>
>In function "bond_ab_arp_probe" in addition to sending arp probes for
>the currently active slave we should also
>be sending arp probes for the primary_slave if the link status of the
>primary slave is up correct ?
>
>I have made changes as below :
>
>static void bond_ab_arp_probe(struct bonding *bond)
>{
> struct slave *slave;
> int i;
>
> read_lock(&bond->curr_slave_lock);
>
> if (bond->current_arp_slave && bond->curr_active_slave)
> pr_info(DRV_NAME "PROBE: c_arp %s && cas %s BAD\n",
> bond->current_arp_slave->dev->name,
> bond->curr_active_slave->dev->name);
>
> if (bond->curr_active_slave) {
>+ if((bond->curr_active_slave != bond->primary_slave) &&
>+ (IS_UP(bond->primary_slave->dev))) {
>+ bond_arp_send_all(bond, bond->primary_slave);
>+ }
> bond_arp_send_all(bond, bond->curr_active_slave);
> read_unlock(&bond->curr_slave_lock);
No, we can't do this; if we send ARP probes out from an inactive
slave (which the primary would be at this point) it will confuse
switches that snoop traffic to determine the switch port's MAC addresses
(the switches will believe that the "primary" slave is the port to use
to reach the bond's MAC address).
I think your problem is that your configuration (two systems,
back to back, no switch) is not a configuration the ARP monitor is
designed to work with.
The ARP monitor determines the availability of backup slaves
based on traffic received by the backup slaves. The usual source of
this traffic is the ARP broadcast requests being sent out the active
slave and then forwarded by the switch to all switch ports, including
the backup slave's port. I'm guessing that your system isn't forwarding
these packets like a switch would, and so the primary slave isn't seeing
any incoming packets at all.
If your primary slave (which is an inactive slave at the moment)
is not receiving traffic, bonding will never believe it is available.
I've never experimented with using the ARP monitor in a
back-to-back confguration; I'm thinking through how the ARP monitor
functions, and I'm not sure it can be reliable when set up like this.
-J
---
-Jay Vosburgh, IBM Linux Technology Center, fubar@...ibm.com
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists