| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Mar 2011 15:49:49 +0100 From: Nicolas de Pesloüan <nicolas.2p.debian@...il.com> To: Jiri Pirko <jpirko@...hat.com> CC: Andy Gospodarek <andy@...yhouse.net>, netdev@...r.kernel.org, davem@...emloft.net, shemminger@...ux-foundation.org, kaber@...sh.net, fubar@...ibm.com, eric.dumazet@...il.com Subject: Re: [patch net-next-2.6] net: reinject arps into bonding slave instead of master Le 09/03/2011 08:45, Jiri Pirko a écrit : > Tue, Mar 08, 2011 at 10:44:37PM CET, nicolas.2p.debian@...il.com wrote: >> Le 08/03/2011 14:42, Andy Gospodarek a écrit : >>> I'm pretty sure this patch will have the same catastrophic problem your >>> last one did. By cloning and setting skb2->dev = orig_dev you just >>> inserted a frame identical to the one we received right back into the >>> stack. It only took a few minutes for my box to melt as one frame on >>> the wire will cause an infinite number of frames to be received by the >>> stack. >> >> I agree with Andy. We still keep one reinject (netif_rx), which is >> probably better that two (__netif_receive_skb), but not enough. >> >> I really think we need a general framework for late delivery of final >> packets to packet handler registered somewhere in the rx_handler >> path. >> >> Jiri, is this patch the one you announced as "I have some kind nice >> solution in mind and I'm going to submit that as a patch later (too >> many patches are in the wind atm)" ? > > > I did not had time to verify my thought yet but I think that the only > think needed against my original patch (bonding: move processing of recv > handlers into handle_frame()) is ro remove vlan_on_bond_hook, period. > > Because all incoming arps are seen by bond_handle_frame => > bond->recv_probe , even vlan ones - that would make eth0-bond0-bond0.5 > work and eth0-bond0-br0-bond0.5 as well. But again, need to verify this. All incoming ARPs are seen by bond_handle_frame, even vlan ones, definitely true. But as some of them *are* vlan ones, you will have to untag those "by hand" inside bond_handle_frame. It might work, but I wouldn't support the idea, for two reasons : - It would duplicate code, or at least, duplicate places where untagging happens. - It would cause some vlan hacks to sit inside bond, which is not nice from a layering point of view. You recently advocated against breaking layering and you are right. We should avoid putting X related stuff into Y part of the network stack, as much as possible. Again, I think we should try and find a generic way to have the final frame delivered to whoever needs it. And this way should not be limited to "vlan untagging" nor to bonding. Nicolas. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists