| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8588.1349926471@death.nxdomain> Date: Wed, 10 Oct 2012 20:34:31 -0700 From: Jay Vosburgh <fubar@...ibm.com> To: Michal Kubecek <mkubecek@...e.cz> cc: netdev@...r.kernel.org, Andy Gospodarek <andy@...yhouse.net> Subject: Re: unresponsive vlan on top of bond with fail_over_mac=active Michal Kubecek <mkubecek@...e.cz> wrote: >Hello, > >a customer of ours has the following problem: > >A bond is set up in active-backup mode with fail_over_mac=1 (active). On >top of it, a VLAN is created so that it inherits MAC address of the bond >which is the same as address of its active slave. > >When failover occurs, the bond switches its MAC address to address of >the new active slave but VLAN interface keeps the old address and it >stops receiving packets from outside. What network device are they using that requires fail_over_mac to be set to active? The intended user of this facility is IPoIB, which does not support VLANs (and therefore does not have this problem). For regular Ethernet, the active setting is not generally a good choice, as network peers must be updated via gratutious ARP when a failover occurs, so there is really no advantage to using it. >The customer suggested that upon failover, not only bond should switch >its MAC address to the new active slave but also all VLAN interfaces on >top of it. I don't like this approach too much as there is already a >different mechanism for the problem: network device's uc list. Since >commits > > 7d26bb10 bonding: emit event when bonding changes MAC > 2af73d4b net/bonding: emit address change event also in bond_release > >VLAN device's MAC address is copied into bond's uc list. Unfortunately >there is no code taking care of syncing the bond's uc list to its >slaves (so that the slave drops the packets for the VLAN). My idea is to >do this either via ndo_set_rx_mode method or in response to an event. > >But before proposing a patch, I would like to ask: which approach is >preferrable: copying active slave's hw address to all VLAN devices >defined on top of the bond or syncing bond's uc list to its slaves? I tested some of this out earlier this year, and I don't recall having problems (although I'm not sure I did this exact test). The dev_uc_add() logic (in __dev_set_rx_mode) would put the underlying device into promiscuous mode if the hardware didn't support multiple unicast MAC addresses. dev_uc_add() was invoked by vlan_sync_address(), which is called by the vlan NETDEV_CHANGEADDR notifier callback. Bonding does propagate promisc to its slaves, but (as you point out) not the uc lists; is the hardware in question something that supports multiple unicast addresses (IFF_UNICAST_FLT)? The device I tested with does not support IFF_UNICAST_FLT, and (as I recall) would end up in promisc mode. -J --- -Jay Vosburgh, IBM Linux Technology Center, fubar@...ibm.com -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists