X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=lib%2Fbond.c;h=ae914dd9ac4ba5476d438f598aed21a4f3259eff;hb=a9a2da38941ea4d312559543a3fb813d8fe7fd4e;hp=913a3071a731a0c943435baf638f9d9af346b1f5;hpb=1ea241383e608ee173671c233a819648d773cb25;p=openvswitch

diff --git a/lib/bond.c b/lib/bond.c
index 913a3071..ae914dd9 100644
--- a/lib/bond.c
+++ b/lib/bond.c
@@ -559,10 +559,15 @@ enum bond_verdict
 bond_check_admissibility(struct bond *bond, const void *slave_,
                          const uint8_t eth_dst[ETH_ADDR_LEN], tag_type *tags)
 {
-    /* Admit all packets if LACP has been negotiated, because that means that
-     * the remote switch is aware of the bond and will "do the right thing". */
+    struct bond_slave *slave = bond_slave_lookup(bond, slave_);
+
+    /* LACP bonds have very loose admissibility restrictions because we can
+     * assume the remote switch is aware of the bond and will "do the right
+     * thing".  However, as a precaution we drop packets on disabled slaves
+     * because no correctly implemented partner switch should be sending
+     * packets to them. */
     if (bond->lacp_negotiated) {
-        return BV_ACCEPT;
+        return slave->enabled ? BV_ACCEPT : BV_DROP;
     }
 
     /* Drop all multicast packets on inactive slaves. */
@@ -573,6 +578,20 @@ bond_check_admissibility(struct bond *bond, const void *slave_,
         }
     }
 
+    /* Drop all packets which arrive on backup slaves.  This is similar to how
+     * Linux bonding handles active-backup bonds. */
+    if (bond->balance == BM_AB) {
+        *tags |= bond_get_active_slave_tag(bond);
+        if (bond->active_slave != slave) {
+            static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
+
+            VLOG_WARN_RL(&rl, "active-backup bond received packet on backup"
+                         " slave (%s) destined for " ETH_ADDR_FMT,
+                         slave->name, ETH_ADDR_ARGS(eth_dst));
+            return BV_DROP;
+        }
+    }
+
     /* Drop all packets for which we have learned a different input port,
      * because we probably sent the packet on one slave and got it back on the
      * other.  Gratuitous ARP packets are an exception to this rule: the host
@@ -1488,7 +1507,7 @@ bond_update_fake_slave_stats(struct bond *bond)
         }
     }
 
-    if (!netdev_open_default(bond->name, &bond_dev)) {
+    if (!netdev_open(bond->name, "system", &bond_dev)) {
         netdev_set_stats(bond_dev, &bond_stats);
         netdev_close(bond_dev);
     }