[PATCH v5 net-next 0/12] bonding: add an option to rely on unvalidated arp packets

[Veaceslav Falico <vfalico@redhat.com>]

On Tue, Feb 18, 2014 at 07:48:35AM +0100, Veaceslav Falico wrote:
>From Veaceslav Falico <vfalico@redhat.com> # This line is ignored.
>From: Veaceslav Falico <vfalico@redhat.com>
>Subject: [PATCH v5 net-next 0/12] bonding: add an option to rely on unvalidated arp packets
>In-Reply-To:

Nice, cover letter got fucked up, sorry for that. Patches are ok though.

>
>Hi,
>
>v4 -> v5:
>Again per Nik's advise correct the bond_opts restrictions for arp_validate
>- set it the same as arp_interval.
>
>v3 -> v4:
>Per Nikolay's advise, remove the new bond_opts restriction on modes setting
>for arp_validate.
>
>v2 -> v3:
>Per Jay's advise, use the 'filter' keyword instead of 'arp' one, and use
>his text for documentation. Also, rebase on the latest net-next. Sorry for
>the delay, didn't manage to send it before net-next was closed.
>
>v1 -> v2:
>Don't remove the 'all traffic' functionality - rather, add new arp_validate
>options to specify that we want *only* unvalidated arps.
>
>Currently, if arp_validate is off (0), slave_last_rx() returns the
>slave->dev->last_rx, which is always updated on *any* packet received by
>slave, and not only arps. This means that, if the validation of arps is
>off, we're treating *any* incoming packet as a proof of slave being up, and
>not only arps.
>
>This might seem logical at the first glance, however it can cause a lot of
>troubles and false-positives, one example would be:
>
>The arp_ip_target is NOT accessible, however someone in the broadcast domain
>spams with any broadcast traffic. This way bonding will be tricked that the
>slave is still up (as in - can access arp_ip_target), while it's not.
>
>The net_device->last_rx is already used in a lot of drivers (even though the
>comment states to NOT do it :)), and it's also ugly to modify it from bonding.
>
>However, some loadbalance setups might rely on the fact that even non-arp
>traffic is a sign of slave being up - and we definitely can't break anyones
>config - so an extension to arp_validate is needed.
>
>So, to fix this, add an option for the user to specify if he wants to
>filter out non-arp traffic on unvalidated slaves, remove the last_rx from
>bonding, *always* call bond_arp_rcv() in slave's rx_handler (which is
>bond_handle_frame), and if we spot an arp there with this option on - update
>the slave->last_arp_rx - and use it instead of net_device->last_rx. Finally,
>rename last_arp_rx to last_rx to reflect the changes.
>
>Also rename slave->jiffies to ->last_link_up, to reflect better its
>meaning, add the new option's documentation and update the arp_validate one
>to be a bit more descriptive.
>
>CC: Rob Landley <rob@landley.net>
>CC: Jay Vosburgh <fubar@us.ibm.com>
>CC: Andy Gospodarek <andy@greyhouse.net>
>CC: "David S. Miller" <davem@davemloft.net>
>CC: dingtianhong <dingtianhong@huawei.com>
>CC: Nikolay Aleksandrov <nikolay@redhat.com>
>CC: Neil Horman <nhorman@tuxdriver.com>
>CC: Cong Wang <amwang@redhat.com>
>CC: netdev@vger.kernel.org
>Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
>
>---
> Documentation/networking/bonding.txt | 96 +++++++++++++++++++++++++-----------
> drivers/net/bonding/bond_main.c      | 56 +++++++++------------
> drivers/net/bonding/bond_options.c   | 19 ++++---
> drivers/net/bonding/bonding.h        | 26 ++++++----
> include/linux/netdevice.h            |  8 +--
> 5 files changed, 119 insertions(+), 86 deletions(-)