| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220330085154.34440715@kernel.org>
Date: Wed, 30 Mar 2022 08:51:54 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Alexandra Winter <wintera@...ux.ibm.com>,
Nikolay Aleksandrov <razor@...ckwall.org>
Cc: "David S. Miller" <davem@...emloft.net>,
Paolo Abeni <pabeni@...hat.com>,
Hangbin Liu <liuhangbin@...il.com>, netdev@...r.kernel.org,
linux-s390@...r.kernel.org, Heiko Carstens <hca@...ux.ibm.com>,
Roopa Prabhu <roopa@...dia.com>,
bridge@...ts.linux-foundation.org,
Ido Schimmel <idosch@...dia.com>, Jiri Pirko <jiri@...dia.com>,
Jay Vosburgh <j.vosburgh@...il.com>
Subject: Re: [PATCH net-next v2] veth: Support bonding events
On Wed, 30 Mar 2022 13:14:12 +0200 Alexandra Winter wrote:
> >> This patch in no way addresses (2). But then, again, if we put
> >> a macvlan on top of a bridge master it will shotgun its GARPS all
> >> the same. So it's not like veth would be special in that regard.
> >>
> >> Nik, what am I missing?
> >
> > If we're talking about macvlan -> bridge -> bond then the bond flap's
> > notify peers shouldn't reach the macvlan.
Hm, right. I'm missing a step in my understanding. As you say bridge
does not seem to be re-broadcasting the event to its master. So how
does Alexandra catch this kind of an event? :S
case NETDEV_NOTIFY_PEERS:
/* propagate to peer of a bridge attached veth */
if (netif_is_bridge_master(dev)) {
IIUC bond will notify with dev == bond netdev. Where is the event with
dev == br generated?
> > Generally broadcast traffic
> > is quite expensive for the bridge, I have patches that improve on the
> > technical side (consider ports only for the same bcast domain), but you also
> > wouldn't want unnecessary bcast packets being sent around. :)
> > There are setups with tens of bond devices and propagating that to all would be
> > very expensive, but most of all unnecessary. It would also hurt setups with
> > a lot of vlan devices on the bridge. There are setups with hundreds of vlans
> > and hundreds of macvlans on top, propagating it up would send it to all of
> > them and that wouldn't scale at all, these mostly have IP addresses too.
Ack.
> > Perhaps we can enable propagation on a per-port or per-bridge basis, then we
> > can avoid these walks. That is, make it opt-in.
Maybe opt-out? But assuming the event is only generated on
active/backup switch over - when would it be okay to ignore
the notification?
> >>> It also seems difficult to avoid re-bouncing the notifier.
> >>
> >> syzbot will make short work of this patch, I think the potential
> >> for infinite loops has to be addressed somehow. IIUC this is the
> >> first instance of forwarding those notifiers to a peer rather
> >> than within a upper <> lower device hierarchy which is a DAG.
>
> My concern was about the Hangbin's alternative proposal to notify all
> bridge ports. I hope in my porposal I was able to avoid infinite loops.
Possibly I'm confused as to where the notification for bridge master
gets sent..
Powered by blists - more mailing lists