lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <32057.1335369076@death.nxdomain>
Date:	Wed, 25 Apr 2012 08:51:16 -0700
From:	Jay Vosburgh <fubar@...ibm.com>
To:	Ben Hutchings <bhutchings@...arflare.com>
cc:	netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
	Patrick McHardy <kaber@...sh.net>,
	Andy Gospodarek <andy@...yhouse.net>
Subject: Re: [PATCH net-next] bonding,vlan: propagate MAC failover changes to VLANs


	Please do not apply this patch; we've found an alternate
solution that doesn't require this change.

Ben Hutchings <bhutchings@...arflare.com> wrote:

>On Wed, 2012-04-18 at 11:49 -0700, Jay Vosburgh wrote:
>> Ben Hutchings <bhutchings@...arflare.com> wrote:
>> 
>> >On Wed, 2012-04-18 at 11:02 -0700, Jay Vosburgh wrote:
>> >> 	With bonding's fail_over_mac=active, during failover the MAC
>> >> address of the bond itself changes to match that of the slave.
>> >> 
>> >> 	This patch adds a notifier call to cause VLANs stacked atop the
>> >> bonding to also change their MAC addresses to the new address when a
>> >> failover occurs.
>> >> 
>> >> 	While it is legal for a VLAN to have a MAC address that differs
>> >> from the underlying device, at least one device (qeth) that requires the
>> >> use of fail_over_mac for bonding cannot handle the VLAN's MAC differing
>> >> from that of the bond; thus, it needs the MAC change to propagate up
>> >> to any VLANs when fail_over_mac is set to active.
>> >[...]
>> >
>> >This doesn't make sense to me.  You're applying the behaviour to all
>> >VLANs on top of a bond, whether or not the underlying device is driven
>> >by qeth, and ignoring any MAC address changes that don't involve the
>> >bonding driver.
>> 
>> 	With the patch, the PROPAGATE event is only generated if bonding
>> is set for fail_over_mac=active, which is normally only enabled on those
>> devices that require it (some devices for IBM's pseries and zseries
>> architectures and Infiniband, which doesn't have VLANs).
>
>Yeah, OK, that makes sense.
>
>> 	Devices that do not use bonding's fail_over_mac will not have
>> VLANs following MAC changes.
>
>I take it that the devices with this limitation on source MAC address
>have an essentially unchangeable MAC address?  If they are limited to
>single address but it's changeable then they should be emitting this
>notification too.

	It's not that it can't change the MAC, the issue has to do with
the packet forwarding logic on the actual device that services the
various virtual devices configured on the LPARs.  This being s390, it's
not quite that simple, but that's the short version.

>> >I think either of these would be better fixes:
>> >1. Make VLAN devices follow changes to the parent device's MAC address
>> >unless they are assigned an address of their own.
>> >2. Add a configuration flag for VLAN devices to follow changes to the
>> >parent device's MAC address.
>> 
>> 	#1 would be a behavior change for all VLAN devices, which I
>> sought to avoid.
>> 
>> 	#2 would be an additional configuration option that would have
>> to be enabled just for this case (unless VLANs following MAC changes of
>> the parent device is a generally desirable feature).
>
>I don't know whether it is generally desirable.  My guess would be that
>unless a VLAN device is explicitly configured to use its own address
>then it is desirable.
>
>> The patch requires
>> no additional option settings beyond what are currently in use.
>
>Right, I understand that this ought to Just Work, if possible.
>
>Ben.

	-J

---
	-Jay Vosburgh, IBM Linux Technology Center, fubar@...ibm.com

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ