lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1371820284-13280-1-git-send-email-vfalico@redhat.com>
Date:	Fri, 21 Jun 2013 15:11:18 +0200
From:	Veaceslav Falico <vfalico@...hat.com>
To:	netdev@...r.kernel.org
Cc:	vfalico@...hat.com, fubar@...ibm.com, andy@...yhouse.net,
	davem@...emloft.net, linux@...2.net, nicolas.2p.debian@...e.fr,
	rick.jones2@...com, nikolay@...hat.com, mkubecek@...e.cz
Subject: [PATCH v3 net-next 0/6] bonding: prepare to and add arp_all_targets

Hi,

This patchset does some cleanup, fixes a few flaws and adds a new parameter
to control whether the slave should stay up when any of arp_ip_targets are
up or all of them are up (i.e. if the slave should go down if even one
target from arp_ip_targets fail).

The patches 1-5 basically prepare the bonding code to work properly with this
new parameter, however it's not depending on them.

All comments are really welcome.

v2->v3:

Fix "[6/6] bonding: add helper function bond_get_targets_ip(targets, ip)",
per Nikolay's advice, to use _bh spinlock, remove useless rtnl_lock() and
use jiffies for new arp_ip_target last arp, instead of slave_last_rx(). As
Michal suggested, initialize the target_last_arp_rx[] the same as the
default last_arp_rx, to avoid flapping. Also, don't fail while removing the
last arp_ip_target, and instead just print a warning - otherwise it might
break existing scripts.

v1->v2:

Drop "[1/6] bonding: verify if bond has ip only once on arp validate", per
Jay's advice, it's really useless as a standalone patch (though the change
itself will appear in 2/6).

Fix "[2/6] bonding: add helper function bond_get_targets_ip(targets, ip)",
per Nikolay's advice, to verify if source ip != 0.0.0.0, otherwise we might
update 'null' arp_ip_targets' last_rx. Also, address style.

Drop "[5/6] bonding: don't swap arp's ips on validation for backup slave",
per Jay's advice, though it does address cyclic failover issue - it
disables a good optimization. Instead, update the documentation and fix the
cyclic loop issue in the following patch.

Add "bonding: don't trust arp requests unless active slave really works",
this patch fixes the cyclic loop that occurs when we can't reach
arp_ip_target and fool ourselves with our own generated arp requests. It's
done by checking if we currently have a current active slave and if this
slave received at least one arp reply after its 'nomination' to active.

Add "bonding: doc: some details on backup slave arp validation",
this patch describes a bit more in detail how the backup slave arp
validation works.

Fix "[6/6] bonding: add an option to fail when any of arp_ip_target is
inaccessible", per Nikolay's advice, to correctly handle adding/removing
hosts in arp_ip_target - we need to shift/initialize all slave's
target_last_arp_rx. Also, don't fail module loading on arp_all_targets
misconfiguration, just disable it, and some minor style fixes.

Thanks!

Veaceslav Falico (6):
      bonding: add helper function bond_get_targets_ip(targets, ip)
      bonding: don't add duplicate targets to arp_ip_target
      bonding: don't validate arp if we don't have to
      bonding: don't trust arp requests unless active slave really works
      bonding: doc: some details on backup slave arp validation
      bonding: add an option to fail when any of arp_ip_target is inaccessible

 Documentation/networking/bonding.txt |   23 ++++++
 drivers/net/bonding/bond_main.c      |   70 +++++++++++++++----
 drivers/net/bonding/bond_sysfs.c     |  125 ++++++++++++++++++++++++----------
 drivers/net/bonding/bonding.h        |   46 ++++++++++++-
 4 files changed, 212 insertions(+), 52 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ