lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3990673.1737505950@famine>
Date: Tue, 21 Jan 2025 16:32:30 -0800
From: Jay Vosburgh <jv@...sburgh.net>
To: Hangbin Liu <liuhangbin@...il.com>
cc: netdev@...r.kernel.org, Liang Li <liali@...hat.com>
Subject: Re: [Question] Bonding: change bond dev_addr when fail_over_mac=2

Hangbin Liu <liuhangbin@...il.com> wrote:

>Hi Jay,
>
>Our QE reported that, when setup bonding with fail_over_mac=2. Then release
>the first enslaved device. The bond and other slave's mac address with
>conflicts with the release device. e.g.
>
># modprobe bonding mode=1 miimon=100 max_bonds=1 fail_over_mac=2
># ip link set bond0 up
># ifenslave bond0 eth0 eth1
># ifenslave -d bond0 eth0
>
>Then we can see the bond0 and eth1 both still using eth0's address.
>
>I saw in __bond_release_one() we have 
>
>        if (!all && (!bond->params.fail_over_mac ||
>                     BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)) {
>                if (ether_addr_equal_64bits(bond_dev->dev_addr, slave->perm_hwaddr) &&
>                    bond_has_slaves(bond))
>                        slave_warn(bond_dev, slave_dev, "the permanent HWaddr of slave - %pM - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts\n",
>                                   slave->perm_hwaddr);
>        }

	If I'm reading it right, I don't think the above will trigger
the message for your example, as "!bond->params.fail_over_mac" and
"BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP" are both false.

>So why not just change the bond_dev->dev_addr to another slave's perm_hwaddr
>instead of keep using the released one?

	That would cause the MAC of the bond itself to change without
user intervention, and the active-backup mode won't change the bond's
MAC except for the case of fail_over_mac=1.  It's not uncommon for the
network to have dependencies on the MAC address itself, e.g., MAC based
permission rules.  There's also an cost associated with changing the
MAC, requiring a gratuitous ARP and some propagation time.

	What you describe is also the behavior for active-backup with
fail_over_mac=0, in that the bond will keep using the MAC gleaned from
the first interface even if that interface is removed from the bond, so
it's not really something specific to fail_over_mac=2.

	I don't think bonding should automatically adopt a new MAC
address in this case, but loosening the logic on the warning message
would be ok.

	-J

---
	-Jay Vosburgh, jv@...sburgh.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ