diff options
author | Jay Vosburgh <fubar@us.ibm.com> | 2006-09-22 21:54:53 -0700 |
---|---|---|
committer | Jeff Garzik <jeff@garzik.org> | 2006-09-25 20:08:09 -0400 |
commit | f5b2b966f032f22d3a289045a5afd4afa09f09c6 (patch) | |
tree | cb3c505d8f444438bed09353788f6c96150f68ad /include/linux | |
parent | 70298705bb29fb7982b85089adf17cd37b94baa7 (diff) | |
download | kernel-crypto-f5b2b966f032f22d3a289045a5afd4afa09f09c6.tar.gz kernel-crypto-f5b2b966f032f22d3a289045a5afd4afa09f09c6.tar.xz kernel-crypto-f5b2b966f032f22d3a289045a5afd4afa09f09c6.zip |
[PATCH] bonding: Validate probe replies in ARP monitor
Add logic to check ARP request / reply packets used for ARP
monitor link integrity checking.
The current method simply examines the slave device to see if it
has sent and received traffic; this can be fooled by extraneous traffic.
For example, if multiple hosts running bonding are behind a common
switch, the probe traffic from the multiple instances of bonding will
update the tx/rx times on each other's slave devices.
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/if.h | 1 | ||||
-rw-r--r-- | include/linux/netdevice.h | 7 |
2 files changed, 7 insertions, 1 deletions
diff --git a/include/linux/if.h b/include/linux/if.h index a023ec1274f..8018c2e22c0 100644 --- a/include/linux/if.h +++ b/include/linux/if.h @@ -60,6 +60,7 @@ #define IFF_MASTER_8023AD 0x8 /* bonding master, 802.3ad. */ #define IFF_MASTER_ALB 0x10 /* bonding master, balance-alb. */ #define IFF_BONDING 0x20 /* bonding master or slave */ +#define IFF_SLAVE_NEEDARP 0x40 /* need ARPs for validation */ #define IF_GET_IFACE 0x0001 /* for querying only */ #define IF_GET_PROTO 0x0002 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 43289127b45..afd80eff272 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1016,7 +1016,8 @@ static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb) } /* On bonding slaves other than the currently active slave, suppress - * duplicates except for 802.3ad ETH_P_SLOW and alb non-mcast/bcast. + * duplicates except for 802.3ad ETH_P_SLOW, alb non-mcast/bcast, and + * ARP on active-backup slaves with arp_validate enabled. */ static inline int skb_bond_should_drop(struct sk_buff *skb) { @@ -1025,6 +1026,10 @@ static inline int skb_bond_should_drop(struct sk_buff *skb) if (master && (dev->priv_flags & IFF_SLAVE_INACTIVE)) { + if ((dev->priv_flags & IFF_SLAVE_NEEDARP) && + skb->protocol == __constant_htons(ETH_P_ARP)) + return 0; + if (master->priv_flags & IFF_MASTER_ALB) { if (skb->pkt_type != PACKET_BROADCAST && skb->pkt_type != PACKET_MULTICAST) |