From 9a1c6450a0034ed1d024ac2cd49d036458e33177 Mon Sep 17 00:00:00 2001 From: Ethan Jackson Date: Wed, 29 Jun 2011 15:39:27 -0700 Subject: [PATCH] bond: Drop packets on slaves disabled by LACP. Theoretically, when LACP is configured, a bond shouldn't receive any packets on disabled slaves. This patch enforces that invariant. --- lib/bond.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/bond.c b/lib/bond.c index d8e0966e8..9a13874e5 100644 --- a/lib/bond.c +++ b/lib/bond.c @@ -559,10 +559,15 @@ enum bond_verdict bond_check_admissibility(struct bond *bond, const void *slave_, const uint8_t eth_dst[ETH_ADDR_LEN], tag_type *tags) { - /* Admit all packets if LACP has been negotiated, because that means that - * the remote switch is aware of the bond and will "do the right thing". */ + struct bond_slave *slave = bond_slave_lookup(bond, slave_); + + /* LACP bonds have very loose admissibility restrictions because we can + * assume the remote switch is aware of the bond and will "do the right + * thing". However, as a precaution we drop packets on disabled slaves + * because no correctly implemented partner switch should be sending + * packets to them. */ if (bond->lacp_negotiated) { - return BV_ACCEPT; + return slave->enabled ? BV_ACCEPT : BV_DROP; } /* Drop all multicast packets on inactive slaves. */ @@ -576,8 +581,6 @@ bond_check_admissibility(struct bond *bond, const void *slave_, /* Drop all packets which arrive on backup slaves. This is similar to how * Linux bonding handles active-backup bonds. */ if (bond->balance == BM_AB) { - struct bond_slave *slave = bond_slave_lookup(bond, slave_); - *tags |= bond_get_active_slave_tag(bond); if (bond->active_slave != slave) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); -- 2.43.0