lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140522132436.GD6295@redhat.com>
Date:	Thu, 22 May 2014 15:24:36 +0200
From:	Veaceslav Falico <vfalico@...hat.com>
To:	Linus Gasser <list@...kas-al-nour.org>
Cc:	netdev@...r.kernel.org
Subject: Re: Bonding with tun-devices

On Wed, May 21, 2014 at 09:36:34PM +0100, Linus Gasser wrote:
>Le 21/05/14 16:54, Veaceslav Falico a écrit :
>>On Wed, May 21, 2014 at 02:59:22PM +0100, Linus Gasser wrote:
>>>Dear list,
>>>
>>>I'm trying to create a bonded interface using tun-devices created by the
>>>
>>>ssh -NTCf -w 0:0
>>>
>>>command. The reason is that I'm behind a satellite connection with
>>>per-stream limited bandwidth...
>>>
>>>On some older kernels everything was fine, and I could do:
>>>
>>># ssh -NTCf -w 0:0 web
>>># ssh -NTCf -w 1:1 web
>>># modprobe bonding mode=0 miimon=100
>>># ifconfig bond0 172.16.0.1 netmask 255.255.255.0
>>># ifconfig bond0 hw ether 12:34:56:78:9a
>>># ifenslave bond0 tun0 tun1
>>
>>It should fail here, as tun (from the first approach*) doesn't have
>>ndo_set_mac_address, and bonding relies on that, *unless* fail_over_mac is
>>set to 1.
>>
>>Could you try setting fail_over_mac = 1 on modprobe or via sysfs and
>>retesting?
>>
>>* I've tried to quickly recreate your setup but hit a panic (already
>>submitted a fix).
>>
>>Also, enabling debug for bonding (via dynamic_debug or anything else) and
>>attaching the output would help a lot.
>
>Hi,
>
>OK, I tried to add "fail_over_mac=1" to the modprobe-call, but both 
>with "ifenslave" and "ip add" I get the same error. In the logs I 
>found (with fail_over_mac):
>
>kernel: bonding: Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
>kernel: bonding: MII link monitoring set to 100 ms
>kernel: bonding: Warning: fail_over_mac only affects active-backup mode.
>bonding: bond0: Warning: The first slave device specified does not 
>support setting the MAC address.
>bonding: bond0: Warning: The first slave device specified does not 
>support setting the MAC address.
>
>As far as I see, my kernel doesn't have dynamic_debug enabled. I'm in 
>the midst of downloading it - hold on for a day or two ;) If you can 
>tell me how I can debug otherwise, I'll be glad to do so.

No worries, I figured it out why it's misbehaving. Basically now bonding
expects every slave to have support of setting the mac address (that's in
short), but tun device is a IP device, which doesn't support mac addresses.

A workaround would be to use tap devices, as they're more "real" and
support mac address setting.

I'll, though, try to figure out how to make bonding work even on NOARP
devices if it doesn't need to fiddle with OSI level 2...

Hope that helps.

>
>Linus
>
>>
>>Thank you!
>>
>>>
>>>on one side and
>>>
>>># modprobe bonding mode=0 miimon=100
>>># ifconfig bond0 172.16.0.2 netmask 255.255.255.0
>>># ifconfig bond0 hw ether 12:35
>>># ifenslave -f bond0 tun0 tun1
>>># ping 172.16.0.1
>>>
>>>on the other side. On a newer kernel (>3.14) this doesn't work (at
>>>least not on linux-armv7), while on 3.13 it does work under
>>>linux-armv7. Now I've been told to use the iproute2-suite, as
>>>ifenslave is deprecated. But if I try to do
>>>
>>># ssh -NTCf -w 0:0 web
>>># ssh -NTCf -w 1:1 web
>>># ip link add name bond1 type bond
>>># ip link set dev tun0 master bond1
>>>
>>>it gives me an error
>>>
>>>RTNETLINK answers: Operation not supported
>>>
>>>Any idea what I'm doing wrong?
>>>
>>>Linus
>>>--
>>>To unsubscribe from this list: send the line "unsubscribe netdev" in
>>>the body of a message to majordomo@...r.kernel.org
>>>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>--
>>To unsubscribe from this list: send the line "unsubscribe netdev" in
>>the body of a message to majordomo@...r.kernel.org
>>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ