lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 29 Oct 2016 00:39:46 +0800
From:   Shanker Wang <miao.wang@...a.tsinghua.edu.cn>
To:     Igor Ryzhov <iryzhov@...are.com>
Cc:     netdev@...r.kernel.org
Subject: Re: Bonding MAC address

I think it is intentional. Because changing mac address of an 
interface would cause problems. As a result, if you find it 
necessary to change the mac address, it should be done manually.

Consider these two example:

* A host is connecting the internet through a bond interface, 
and obtain ip address from a dhcp server. Changing the mac 
address automatically would possibly lead to re-assigning a 
new IP address, which could not be expected.

* A linux-box is acting as a gateway, providing service to 
hosts in the local lan. Changing mac address and not changing
IP address of an interface would cause other hosts to fail
to communicate with the gateway, since the old mac address is
still in theirs arp cache table. The communication will recover
after arp cache expires, which can be a short or long time.

* The scene is the same to the second one. And consider if  
arp snooping or other mechanisms to protect hosts from being 
spoofed by a fake gateway are enabled in the local lan. After 
changing the mac address, the linux-box itself will be a 
“spoofer” and may get blocked. 

So changing mac address of an interface could be dangerous and
lead to network malfunction and cannot be done automatically. 

> 在 2016年10月28日,19:09,Igor Ryzhov <iryzhov@...are.com> 写道:
> 
> Hello everyone,
> 
> Studying the bonding driver I found that bonding device doesn't choose a new MAC address when the slave which MAC is in use is released.
> This is a warning about that - "the permanent HWaddr of slave is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts".
> Why not to choose a new MAC for bonding device? Is it intentional or just not implemented?
> 
> Best regards,
> Igor


Download attachment "smime.p7s" of type "application/pkcs7-signature" (3599 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ