lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <31979.1357665279@death.nxdomain>
Date:	Tue, 08 Jan 2013 09:14:39 -0800
From:	Jay Vosburgh <fubar@...ibm.com>
To:	"Matthew O'Connor" <liquidhorse@...il.com>
cc:	netdev@...r.kernel.org
Subject: Re: balance-alb and arp-reply stomping

Matthew O'Connor <liquidhorse@...il.com> wrote:

>Hi!  I've encountered what appears to be a known "issue" with
>balance-alb, whereby when a bond configured thus is put into a bridge
>with virtual ethernet adapters, on reply to arp requests the bond
>appears to "stomp" the MAC of the outgoing replies with one of its own
>adapters' MACs.  The consequence seems to be intermittent
>connectivity, easily witnessed by ping-loss early in a virtual
>adapter's life.  Checking the ARP cache on another machine shows that
>the virtual adapter's MAC has been replaced with one of the bond
>slaves'.  Other bonding modes do not exhibit this behavior.
>
>I was wondering if this is something that had been brought up before
>for fixing, and whether or not you would accept a patch if an
>appropriate fix was implemented?  My naive understanding would suggest
>checking the outgoing reply against a table of known slaves, and if
>the MAC did not exist there then map it to a slave and transmit the
>reply unmodified.

	This should be fixed in current kernels (to have balanace-alb
mode not modify ARPs that do not originate locally); I see the patch in
the 3.8-rc2 source, but not in the linux-3.7.1 source.

	You could apply the patch to an older kernel, it's pretty
simple.  The patch itself can be found here:

http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=patch;h=567b871e503316b0927e54a3d7c86d50b722d955

	-J

---
	-Jay Vosburgh, IBM Linux Technology Center, fubar@...ibm.com

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ