lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.02.1109270224220.30860@aurora>
Date:	Tue, 27 Sep 2011 02:28:42 +0200 (CEST)
From:	Sven-Haegar Koch <haegar@...net.de>
To:	Nicolas de Pesloüan 
	<nicolas.2p.debian@...il.com>
cc:	Stephen Hemminger <shemminger@...tta.com>,
	Marc Haber <mh+netdev@...schlus.de>, netdev@...r.kernel.org
Subject: Re: Bridge stays down until a port is added

On Tue, 27 Sep 2011, Nicolas de Pesloüan wrote:

> Le 26/09/2011 22:05, Stephen Hemminger a écrit :
> > On Mon, 26 Sep 2011 22:02:21 +0200
> > Nicolas de Pesloüan<nicolas.2p.debian@...il.com>  wrote:
> [...]
> > > Stephen,
> > > 
> > > What do you think about a generic per-interface option that would cause
> > > bind() to accept tentative
> > > address hold by a particular interface? This of course violate IPv6
> > > principle, but we are talking
> > > about interfaces that are unable to do DAD, either permanently or until
> > > something happens on the
> > > underlying device.
> > > 
> > > echo 1>  /sys/class/net/br0/allow_bind_on_tentative_address
> > > echo 1>  /sys/class/net/dummy0/allow_bind_on_tentative_address
> > > echo 1>  /sys/class/net/wlan0/allow_bind_on_tentative_address
> > > and so on...
> > > 
> > > And we may possibly automatically reset this option to 0 if DAD eventually
> > > causes the address to be
> > > considered duplicate.
> > 
> > The issue is that if DAD rejects a duplicate, the socket is dead and
> > application is
> > out of luck.
> 
> Yes, and this is by design. Setting the option would state "I want to allow
> early bind(), prior to DAD and I assume the fact that a possible duplicate
> address will cause the corresponding socket to be dead and so the using
> application."

How about a setting just completely disabling this 
duplicate-address-detection crap?

I do not want my servers to ever give up servicing a configured IP no 
matter what else on the network tries to interfere.

If there are two machines using the same IP at a moment, then it may not 
work so great, but both should have all their services up and running, 
and once the invalid one got disconnected ("switch port down") 
everything works - not needing to reboot the real one because some 
daemons were not able to bind their service IPs.

c'ya
sven-haegar

-- 
Three may keep a secret, if two of them are dead.
- Ben F.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ