| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Mar 2023 12:46:14 -0400
From: Jonathan Toppins <jtoppins@...hat.com>
To: Hangbin Liu <liuhangbin@...il.com>, netdev@...r.kernel.org
Cc: Jay Vosburgh <j.vosburgh@...il.com>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Eric Dumazet <edumazet@...gle.com>, Liang Li <liali@...hat.com>
Subject: Re: [PATCH net 1/3] bonding: fix ns validation on backup slaves
On 3/29/23 06:18, Hangbin Liu wrote:
> When arp_validate is set to 2, 3, or 6, validation is performed for
> backup slaves as well. As stated in the bond documentation, validation
> involves checking the broadcast ARP request sent out via the active
> slave. This helps determine which slaves are more likely to function in
> the event of an active slave failure.
>
> However, when the target is an IPv6 address, the NS message sent from
> the active interface is not checked on backup slaves. Additionally,
> based on the bond_arp_rcv() rule b, we must reverse the saddr and daddr
> when checking the NS message.
>
> Note that when checking the NS message, the destination address is a
> multicast address. Therefore, we must convert the target address to
> solicited multicast in the bond_get_targets_ip6() function.
>
> Prior to the fix, the backup slaves had a mii status of "down", but
> after the fix, all of the slaves' mii status was updated to "UP".
>
> Fixes: 4e24be018eb9 ("bonding: add new parameter ns_targets")
> Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
Reviewed-by: Jonathan Toppins <jtoppins@...hat.com>
Powered by blists - more mailing lists