bond_check_admissibility(struct bond *bond, const void *slave_,
const uint8_t eth_dst[ETH_ADDR_LEN], tag_type *tags)
{
- /* Admit all packets if LACP has been negotiated, because that means that
- * the remote switch is aware of the bond and will "do the right thing". */
+ struct bond_slave *slave = bond_slave_lookup(bond, slave_);
+
+ /* LACP bonds have very loose admissibility restrictions because we can
+ * assume the remote switch is aware of the bond and will "do the right
+ * thing". However, as a precaution we drop packets on disabled slaves
+ * because no correctly implemented partner switch should be sending
+ * packets to them. */
if (bond->lacp_negotiated) {
- return BV_ACCEPT;
+ return slave->enabled ? BV_ACCEPT : BV_DROP;
}
/* Drop all multicast packets on inactive slaves. */
}
}
+ /* Drop all packets which arrive on backup slaves. This is similar to how
+ * Linux bonding handles active-backup bonds. */
+ if (bond->balance == BM_AB) {
+ *tags |= bond_get_active_slave_tag(bond);
+ if (bond->active_slave != slave) {
+ static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+
+ VLOG_WARN_RL(&rl, "active-backup bond received packet on backup"
+ " slave (%s) destined for " ETH_ADDR_FMT,
+ slave->name, ETH_ADDR_ARGS(eth_dst));
+ return BV_DROP;
+ }
+ }
+
/* Drop all packets for which we have learned a different input port,
* because we probably sent the packet on one slave and got it back on the
* other. Gratuitous ARP packets are an exception to this rule: the host
}
bond_enable_slave(slave, enable, &bond->unixctl_tags);
- unixctl_command_reply(conn, 501, enable ? "enabled" : "disabled");
+ unixctl_command_reply(conn, 200, enable ? "enabled" : "disabled");
}
static void