| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Jun 2013 15:11:18 +0200
From: Veaceslav Falico <vfalico@...hat.com>
To: netdev@...r.kernel.org
Cc: vfalico@...hat.com, fubar@...ibm.com, andy@...yhouse.net,
davem@...emloft.net, linux@...2.net, nicolas.2p.debian@...e.fr,
rick.jones2@...com, nikolay@...hat.com, mkubecek@...e.cz
Subject: [PATCH v3 net-next 0/6] bonding: prepare to and add arp_all_targets
Hi,
This patchset does some cleanup, fixes a few flaws and adds a new parameter
to control whether the slave should stay up when any of arp_ip_targets are
up or all of them are up (i.e. if the slave should go down if even one
target from arp_ip_targets fail).
The patches 1-5 basically prepare the bonding code to work properly with this
new parameter, however it's not depending on them.
All comments are really welcome.
v2->v3:
Fix "[6/6] bonding: add helper function bond_get_targets_ip(targets, ip)",
per Nikolay's advice, to use _bh spinlock, remove useless rtnl_lock() and
use jiffies for new arp_ip_target last arp, instead of slave_last_rx(). As
Michal suggested, initialize the target_last_arp_rx[] the same as the
default last_arp_rx, to avoid flapping. Also, don't fail while removing the
last arp_ip_target, and instead just print a warning - otherwise it might
break existing scripts.
v1->v2:
Drop "[1/6] bonding: verify if bond has ip only once on arp validate", per
Jay's advice, it's really useless as a standalone patch (though the change
itself will appear in 2/6).
Fix "[2/6] bonding: add helper function bond_get_targets_ip(targets, ip)",
per Nikolay's advice, to verify if source ip != 0.0.0.0, otherwise we might
update 'null' arp_ip_targets' last_rx. Also, address style.
Drop "[5/6] bonding: don't swap arp's ips on validation for backup slave",
per Jay's advice, though it does address cyclic failover issue - it
disables a good optimization. Instead, update the documentation and fix the
cyclic loop issue in the following patch.
Add "bonding: don't trust arp requests unless active slave really works",
this patch fixes the cyclic loop that occurs when we can't reach
arp_ip_target and fool ourselves with our own generated arp requests. It's
done by checking if we currently have a current active slave and if this
slave received at least one arp reply after its 'nomination' to active.
Add "bonding: doc: some details on backup slave arp validation",
this patch describes a bit more in detail how the backup slave arp
validation works.
Fix "[6/6] bonding: add an option to fail when any of arp_ip_target is
inaccessible", per Nikolay's advice, to correctly handle adding/removing
hosts in arp_ip_target - we need to shift/initialize all slave's
target_last_arp_rx. Also, don't fail module loading on arp_all_targets
misconfiguration, just disable it, and some minor style fixes.
Thanks!
Veaceslav Falico (6):
bonding: add helper function bond_get_targets_ip(targets, ip)
bonding: don't add duplicate targets to arp_ip_target
bonding: don't validate arp if we don't have to
bonding: don't trust arp requests unless active slave really works
bonding: doc: some details on backup slave arp validation
bonding: add an option to fail when any of arp_ip_target is inaccessible
Documentation/networking/bonding.txt | 23 ++++++
drivers/net/bonding/bond_main.c | 70 +++++++++++++++----
drivers/net/bonding/bond_sysfs.c | 125 ++++++++++++++++++++++++----------
drivers/net/bonding/bonding.h | 46 ++++++++++++-
4 files changed, 212 insertions(+), 52 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists