| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 May 2014 22:10:20 +0200
From: Veaceslav Falico <vfalico@...hat.com>
To: Vlad Yasevich <vyasevic@...hat.com>
Cc: Jay Vosburgh <jay.vosburgh@...onical.com>, netdev@...r.kernel.org,
Andy Gospodarek <andy@...yhouse.net>,
Ding Tianhong <dingtianhong@...wei.com>,
Patric McHardy <kaber@...sh.net>
Subject: Re: [PATCH v2 net] bonding: Fix stacked device detection in arp
monitoring
On Wed, May 07, 2014 at 08:59:37PM +0200, Veaceslav Falico wrote:
>Anyway, so the only concern is:
>
>bond0 -> whatever1 -> vlan1 -> whatever2 -> vlan2 -> whatever3_IP
> \-> vlan3
>bond_check_path start==bond0 idx=0
>finds vlan1, tag[0] set, recursion start==vlan1 idx=1
>\->
> bond_check_path start==vlan1 idx=1
> finds vlan2, tag[1] set, recursion start==vlan2 idx=2
> \-> returns right away with false as idx >= 2.
>
> finds vlan3 (!!!) that isn't related with whatever_IP, tag[1] set with the
> wrong vlan, recursion start==vlan3 idx=2
> \-> return right away with false as idx >= 2.
>
> finds whatever3_IP, returns true.
>returns true
Here's a proof of concept (btw, if somebody wants this script - I can put
it somewhere), with your patch applied:
bond0 is configured in mode 1 with eth2 being the primary slave, and (one of)
the arp_ip_targets is 192.168.10.254 (bond2's subnet /24).
Initially everything works:
darkmag:~#/home/vfalico/tmp/asciinet/netstruct.pl
+---------------+ +-------------+ +--------------+
| bond1 | neighbour | bond1.11 | master | bond2 |
| 192.168.2.1 | ------------ | | <-------- | 192.168.10.1 |
+---------------+ +-------------+ +--------------+
|
| master
v
+---------------+ +-------------+ +--------------+ +------+
| bridge0.15 | neighbour | bridge0 | master | bond0 | master | eth2 |
| | ------------ | 192.168.3.1 | --------> | | --------> | |
+---------------+ +-------------+ +--------------+ +------+
|
| master
v
+---------------+ +--------------+
| dummy0 | | eth0 |
+---------------+ +--------------+
...
tcpdump from eth2:
21:57:54.990521 00:22:64:b9:87:05 > Broadcast, ethertype 802.1Q (0x8100), length 50: vlan 15, p 0, ethertype 802.1Q, vlan 11, p 0, ethertype ARP, Request who-has 192.168.10.254 tell 192.168.10.1, length 28
so, tag 11 (via bond1.11) and tag 15 (via bridge0.15), all fine.
Now:
darkmag:~#echo -bond2 > /sys/class/net/bonding_masters
darkmag:~#vconfig add bond1 12
Added VLAN with VID == 12 to IF -:bond1:-
darkmag:~#ifup bond2
Determining if ip address 192.168.10.1 is already in use for device bond2...
darkmag:~#/home/vfalico/tmp/asciinet/netstruct.pl
+-------------+ +---------------+ +----------+ +--------------+
| bridge0.15 | master | bond1 | neighbour | bond1.11 | master | bond2 |
| | <-------- | 192.168.2.1 | ------------ | | <-------- | 192.168.10.1 |
+-------------+ +---------------+ +----------+ +--------------+
| |
| neighbour | neighbour
| |
+-------------+ +---------------+
| bridge0 | | bond1.12 |
| 192.168.3.1 | | |
+-------------+ +---------------+
|
| master
v
+-------------+ master +---------------+
| bond0 | --------> | eth2 |
+-------------+ +---------------+
|
| master
v
+-------------+ +---------------+
| eth0 | | dummy0 |
+-------------+ +---------------+
...
and tcpdump shows:
21:58:44.136522 00:22:64:b9:87:05 > Broadcast, ethertype 802.1Q (0x8100), length 50: vlan 15, p 0, ethertype 802.1Q, vlan 12, p 0, ethertype ARP, Request who-has 192.168.10.254 tell 192.168.10.1, length 28
Notice vlan 12 instead of vlan 11.
So I guess that, till the end, we indeed can't guarantee the ordering and should,
actually, go via "the longest" route...
Hope that helps.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists