• Jay Vosburgh's avatar
    bonding: Fix ARP monitor validation · 7d07524d
    Jay Vosburgh authored
    commit 21a75f09 upstream.
    
    The current logic in bond_arp_rcv will accept an incoming ARP for
    validation if (a) the receiving slave is either "active" (which includes
    the currently active slave, or the current ARP slave) or, (b) there is a
    currently active slave, and it has received an ARP since it became active.
    For case (b), the receiving slave isn't the currently active slave, and is
    receiving the original broadcast ARP request, not an ARP reply from the
    target.
    
    	This logic can fail if there is no currently active slave.  In
    this situation, the ARP probe logic cycles through all slaves, assigning
    each in turn as the "current_arp_slave" for one arp_interval, then setting
    that one as "active," and sending an ARP probe from that slave.  The
    current logic expects the ARP reply to arrive on the sending
    current_arp_slave, however, due to switch FDB updating delays, the reply
    may be directed to another slave.
    
    	This can arise if the bonding slaves and switch are working, but
    the ARP target is not responding.  When the ARP target recovers, a
    condition may result wherein the ARP target host replies faster than the
    switch can update its forwarding table, causing each ARP reply to be sent
    to the previous current_arp_slave.  This will never pass the logic in
    bond_arp_rcv, as neither of the above conditions (a) or (b) are met.
    
    	Some experimentation on a LAN shows ARP reply round trips in the
    200 usec range, but my available switches never update their FDB in less
    than 4000 usec.
    
    	This patch changes the logic in bond_arp_rcv to additionally
    accept an ARP reply for validation on any slave if there is a current ARP
    slave and it sent an ARP probe during the previous arp_interval.
    
    Fixes: aeea64ac ("bonding: don't trust arp requests unless active slave really works")
    Cc: Veaceslav Falico <vfalico@gmail.com>
    Cc: Andy Gospodarek <gospo@cumulusnetworks.com>
    Signed-off-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    [ luis: backported to 3.16: adjusted context ]
    Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
    [ kamal: backported to 3.13: adjusted context ]
    Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
    7d07524d
bond_main.c 125 KB