• Veaceslav Falico's avatar
    bonding: don't trust arp requests unless active slave really works · aeea64ac
    Veaceslav Falico authored
    Currently, if we receive any arp packet on a backup slave in active-backup
    mode and arp_validate enabled, we suppose that it's an arp request, swap
    source/target ip and try to validate it. This optimization gives us
    virtually no downtime in the most common situation (active and backup
    slaves are in the same broadcast domain and the active slave failed).
    
    However, if we can't reach the arp_ip_target(s), we end up in an endless
    loop of reselecting slaves, because we receive our arp requests, sent by
    the active slave, and think that backup slaves are up, thus selecting them
    as active and, again, sending arp requests, which fool our backup slaves.
    
    Fix this by not validating the swapped arp packets if the current active
    slave didn't receive any arp reply after it was selected as active. This
    way we will only accept arp requests if we know that the current active
    slave can actually reach arp_ip_target.
    
    v3->v4:
    Obey 80 lines and make checkpatch.pl happy, per Sergei's suggestion.
    
    v1->v3:
    No change.
    Signed-off-by: default avatarVeaceslav Falico <vfalico@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    aeea64ac
bond_main.c 131 KB