Re: Bonding Driver Questions + security warning

• Next message: Marcelo Tosatti: "Re: more testing on 2.4.0-t9p[456] VM deadlocks"
• Previous message: H. Peter Anvin: "Re: what causes Machine Check exception?"
• Next in thread: Constantine Gavrilov: "Re: Bonding Driver Questions + security warning"
• Reply: Constantine Gavrilov: "Re: Bonding Driver Questions + security warning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Constantine !

I also needed to be able to detect a failed link and to remove the
guilty interface from a trunk between a linux box and an Alteon A708
switch. So I've just written a little patch against 2.2.17 to implement
the BOND_RELEASE ioctl (Thomas Davis cc'd for this). I also quickly
modified Donald Becker's ifenslave to make it ifrelease (cc'd too).

By the way, I've fixed what I believe to be a very little bug in an if
statement in bonding.c.
I also noticed that no check is made about the user's rights about enslave
and release (my fault now). At this time, I could, as a user "willy", add my
eth0 to bond0 without any problem ... This seriously needs fixing IMHO, but this
may take some time.

These hacks are really too much dirty and I wouldn't like them to go into
the mainstream kernel for at least three reasons :
  - code is not secure, any user can enslave/release an interface :-(
  - my bond_release code IS NOT SMP SAFE so you may crash your kernel
    when releasing a device if a frame is just being transmitted ;
    same applies to two simultaneous releases. (to be honest, I believe
    that the enslave code can lead to a missing device if two
    processors add a device at the same time).

  - my ifrelease program is really two ugly, so much that I prefered
    to remove Donald's mail address from the command line version to
    prevent him from receiving improper flames :-)

To check the link state on an MII-compliant interface, I've also modified
Donald's mii-diag prog to make it monitor the link and exec a script with
two parameters : the interface name and its state. Of course, this script
should call "ifenslave bond0 $2" when $1 is "up" and "ifrelease bond0 $2"
and "ip l set $2 down" when "$1" equals "down".

It has worked for me during a few tests with some tricks. I don't have
any more time to spend on it during the next few days, but since I
need this, I think I'll rewrite something cleaner, including a more
generic ifenslave with release capability.

For the moment, all this stuff can be found there :

http://wtarreau.free.fr/pub/bonding/

Hoping this can help you in the mean time,

Willy.

PS: remember, don't use this for production, or do it at your own
    risks !
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Marcelo Tosatti: "Re: more testing on 2.4.0-t9p[456] VM deadlocks"
• Previous message: H. Peter Anvin: "Re: what causes Machine Check exception?"
• Next in thread: Constantine Gavrilov: "Re: Bonding Driver Questions + security warning"
• Reply: Constantine Gavrilov: "Re: Bonding Driver Questions + security warning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Sep 30 2000 - 21:00:18 EST