summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJay Vosburgh <fubar@us.ibm.com>2006-09-22 21:54:53 -0700
committerJeff Garzik <jeff@garzik.org>2006-09-25 20:08:09 -0400
commitf5b2b966f032f22d3a289045a5afd4afa09f09c6 (patch)
treecb3c505d8f444438bed09353788f6c96150f68ad /include
parent70298705bb29fb7982b85089adf17cd37b94baa7 (diff)
downloadkernel-crypto-f5b2b966f032f22d3a289045a5afd4afa09f09c6.tar.gz
kernel-crypto-f5b2b966f032f22d3a289045a5afd4afa09f09c6.tar.xz
kernel-crypto-f5b2b966f032f22d3a289045a5afd4afa09f09c6.zip
[PATCH] bonding: Validate probe replies in ARP monitor
Add logic to check ARP request / reply packets used for ARP monitor link integrity checking. The current method simply examines the slave device to see if it has sent and received traffic; this can be fooled by extraneous traffic. For example, if multiple hosts running bonding are behind a common switch, the probe traffic from the multiple instances of bonding will update the tx/rx times on each other's slave devices. Signed-off-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/if.h1
-rw-r--r--include/linux/netdevice.h7
2 files changed, 7 insertions, 1 deletions
diff --git a/include/linux/if.h b/include/linux/if.h
index a023ec1274f..8018c2e22c0 100644
--- a/include/linux/if.h
+++ b/include/linux/if.h
@@ -60,6 +60,7 @@
#define IFF_MASTER_8023AD 0x8 /* bonding master, 802.3ad. */
#define IFF_MASTER_ALB 0x10 /* bonding master, balance-alb. */
#define IFF_BONDING 0x20 /* bonding master or slave */
+#define IFF_SLAVE_NEEDARP 0x40 /* need ARPs for validation */
#define IF_GET_IFACE 0x0001 /* for querying only */
#define IF_GET_PROTO 0x0002
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 43289127b45..afd80eff272 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1016,7 +1016,8 @@ static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb)
}
/* On bonding slaves other than the currently active slave, suppress
- * duplicates except for 802.3ad ETH_P_SLOW and alb non-mcast/bcast.
+ * duplicates except for 802.3ad ETH_P_SLOW, alb non-mcast/bcast, and
+ * ARP on active-backup slaves with arp_validate enabled.
*/
static inline int skb_bond_should_drop(struct sk_buff *skb)
{
@@ -1025,6 +1026,10 @@ static inline int skb_bond_should_drop(struct sk_buff *skb)
if (master &&
(dev->priv_flags & IFF_SLAVE_INACTIVE)) {
+ if ((dev->priv_flags & IFF_SLAVE_NEEDARP) &&
+ skb->protocol == __constant_htons(ETH_P_ARP))
+ return 0;
+
if (master->priv_flags & IFF_MASTER_ALB) {
if (skb->pkt_type != PACKET_BROADCAST &&
skb->pkt_type != PACKET_MULTICAST)