| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20140218.164909.2186300046654305367.davem@davemloft.net> Date: Tue, 18 Feb 2014 16:49:09 -0500 (EST) From: David Miller <davem@...emloft.net> To: vfalico@...hat.com Cc: netdev@...r.kernel.org, rob@...dley.net, fubar@...ibm.com, andy@...yhouse.net, dingtianhong@...wei.com, nikolay@...hat.com, nhorman@...driver.com, amwang@...hat.com Subject: [PATCH v5 net-next 0/12] bonding: add an option to rely on unvalidated arp packets From: Veaceslav Falico <vfalico@...hat.com> Date: Tue, 18 Feb 2014 07:48:35 +0100 > Currently, if arp_validate is off (0), slave_last_rx() returns the > slave->dev->last_rx, which is always updated on *any* packet received by > slave, and not only arps. This means that, if the validation of arps is > off, we're treating *any* incoming packet as a proof of slave being up, and > not only arps. > > This might seem logical at the first glance, however it can cause a lot of > troubles and false-positives, one example would be: > > The arp_ip_target is NOT accessible, however someone in the broadcast domain > spams with any broadcast traffic. This way bonding will be tricked that the > slave is still up (as in - can access arp_ip_target), while it's not. > > The net_device->last_rx is already used in a lot of drivers (even though the > comment states to NOT do it :)), and it's also ugly to modify it from bonding. > > However, some loadbalance setups might rely on the fact that even non-arp > traffic is a sign of slave being up - and we definitely can't break anyones > config - so an extension to arp_validate is needed. > > So, to fix this, add an option for the user to specify if he wants to > filter out non-arp traffic on unvalidated slaves, remove the last_rx from > bonding, *always* call bond_arp_rcv() in slave's rx_handler (which is > bond_handle_frame), and if we spot an arp there with this option on - update > the slave->last_arp_rx - and use it instead of net_device->last_rx. Finally, > rename last_arp_rx to last_rx to reflect the changes. > > Also rename slave->jiffies to ->last_link_up, to reflect better its > meaning, add the new option's documentation and update the arp_validate one > to be a bit more descriptive. Series applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists