• Mahesh Bandewar's avatar
    bonding: Allow userspace to set actors' macaddr in an AD-system. · 74514957
    Mahesh Bandewar authored
    In an AD system, the communication between actor and partner is the
    business between these two entities. In the current setup anyone on the
    same L2 can "guess" the LACPDU contents and then possibly send the
    spoofed LACPDUs and trick the partner causing connectivity issues for
    the AD system. This patch allows to use a random mac-address obscuring
    it's identity making it harder for someone in the L2 is do the same thing.
    
    This patch allows user-space to choose the mac-address for the AD-system.
    This mac-address can not be NULL or a Multicast. If the mac-address is set
    from user-space; kernel will honor it and will not overwrite it. In the
    absence (value from user space); the logic will default to using the
    masters' mac as the mac-address for the AD-system.
    
    It can be set using example code below -
    
       # modprobe bonding mode=4
       # sys_mac_addr=$(printf '%02x:%02x:%02x:%02x:%02x:%02x' \
                        $(( (RANDOM & 0xFE) | 0x02 )) \
                        $(( RANDOM & 0xFF )) \
                        $(( RANDOM & 0xFF )) \
                        $(( RANDOM & 0xFF )) \
                        $(( RANDOM & 0xFF )) \
                        $(( RANDOM & 0xFF )))
       # echo $sys_mac_addr > /sys/class/net/bond0/bonding/ad_actor_system
       # echo +eth1 > /sys/class/net/bond0/bonding/slaves
       ...
       # ip link set bond0 up
    Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
    Reviewed-by: default avatarNikolay Aleksandrov <nikolay@redhat.com>
    [jt: fixed up style issues reported by checkpatch]
    Signed-off-by: default avatarJonathan Toppins <jtoppins@cumulusnetworks.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    74514957
bond_options.h 3.76 KB