Merge branch 'bonding'

arp_validate

	Specifies whether or not ARP probes and replies should be

	validated in the active-backup mode.  This causes the ARP

	monitor to examine the incoming ARP requests and replies, and

	only consider a slave to be up if it is receiving the

	appropriate ARP traffic.

	validated in any mode that supports arp monitoring, or whether

	non-ARP traffic should be filtered (disregarded) for link

	monitoring purposes.

	Possible values are:

	none or 0

		No validation is performed.  This is the default.

		No validation or filtering is performed.

	active or 1

		Validation is performed for all slaves.

	For the active slave, the validation checks ARP replies to

	confirm that they were generated by an arp_ip_target.  Since

	backup slaves do not typically receive these replies, the

	validation performed for backup slaves is on the ARP request

	sent out via the active slave.  It is possible that some

	switch or network configurations may result in situations

	wherein the backup slaves do not receive the ARP requests; in

	such a situation, validation of backup slaves must be

	disabled.

	The validation of ARP requests on backup slaves is mainly

	helping bonding to decide which slaves are more likely to

	work in case of the active slave failure, it doesn't really

	guarantee that the backup slave will work if it's selected

	as the next active slave.

	This option is useful in network configurations in which

	multiple bonding hosts are concurrently issuing ARPs to one or

	more targets beyond a common switch.  Should the link between

	the switch and target fail (but not the switch itself), the

	probe traffic generated by the multiple bonding instances will

	fool the standard ARP monitor into considering the links as

	still up.  Use of the arp_validate option can resolve this, as

	the ARP monitor will only consider ARP requests and replies

	associated with its own instance of bonding.

	filter or 4

		Filtering is applied to all slaves. No validation is

		performed.

	filter_active or 5

		Filtering is applied to all slaves, validation is performed

		only for the active slave.

	filter_backup or 6

		Filtering is applied to all slaves, validation is performed

		only for backup slaves.

	Validation:

	Enabling validation causes the ARP monitor to examine the incoming

	ARP requests and replies, and only consider a slave to be up if it

	is receiving the appropriate ARP traffic.

	For an active slave, the validation checks ARP replies to confirm

	that they were generated by an arp_ip_target.  Since backup slaves

	do not typically receive these replies, the validation performed

	for backup slaves is on the broadcast ARP request sent out via the

	active slave.  It is possible that some switch or network

	configurations may result in situations wherein the backup slaves

	do not receive the ARP requests; in such a situation, validation

	of backup slaves must be disabled.

	The validation of ARP requests on backup slaves is mainly helping

	bonding to decide which slaves are more likely to work in case of

	the active slave failure, it doesn't really guarantee that the

	backup slave will work if it's selected as the next active slave.

	Validation is useful in network configurations in which multiple

	bonding hosts are concurrently issuing ARPs to one or more targets

	beyond a common switch.  Should the link between the switch and

	target fail (but not the switch itself), the probe traffic

	generated by the multiple bonding instances will fool the standard

	ARP monitor into considering the links as still up.  Use of

	validation can resolve this, as the ARP monitor will only consider

	ARP requests and replies associated with its own instance of

	bonding.

	Filtering:

	Enabling filtering causes the ARP monitor to only use incoming ARP

	packets for link availability purposes.  Arriving packets that are

	not ARPs are delivered normally, but do not count when determining

	if a slave is available.

	Filtering operates by only considering the reception of ARP

	packets (any ARP packet, regardless of source or destination) when

	determining if a slave has received traffic for link availability

	purposes.

	Filtering is useful in network configurations in which significant

	levels of third party broadcast traffic would fool the standard

	ARP monitor into considering the links as still up.  Use of

	filtering can resolve this, as only ARP traffic is considered for

	link availability purposes.

	This option was added in bonding version 3.1.0.

		return;

	if (new_active) {

		new_active->jiffies = jiffies;

		new_active->last_link_up = jiffies;

		if (new_active->link == BOND_LINK_BACK) {

			if (USES_PRIMARY(bond->params.mode)) {

	slave = bond_slave_get_rcu(skb->dev);

	bond = slave->bond;

	if (bond->params.arp_interval)

		slave->dev->last_rx = jiffies;

	recv_probe = ACCESS_ONCE(bond->recv_probe);

	if (recv_probe) {

		ret = recv_probe(skb, bond, slave);

	bond_update_speed_duplex(new_slave);

	new_slave->last_arp_rx = jiffies -

	new_slave->last_rx = jiffies -

		(msecs_to_jiffies(bond->params.arp_interval) + 1);

	for (i = 0; i < BOND_MAX_ARP_TARGETS; i++)

		new_slave->target_last_arp_rx[i] = new_slave->last_arp_rx;

		new_slave->target_last_arp_rx[i] = new_slave->last_rx;

	if (bond->params.miimon && !bond->params.use_carrier) {

		link_reporting = bond_check_dev_link(bond, slave_dev, 1);

	}

	if (new_slave->link != BOND_LINK_DOWN)

		new_slave->jiffies = jiffies;

		new_slave->last_link_up = jiffies;

	pr_debug("Initial state of slave_dev is BOND_LINK_%s\n",

		 new_slave->link == BOND_LINK_DOWN ? "DOWN" :

		 (new_slave->link == BOND_LINK_UP ? "UP" : "BACK"));

				 * recovered before downdelay expired

				 */

				slave->link = BOND_LINK_UP;

				slave->jiffies = jiffies;

				slave->last_link_up = jiffies;

				pr_info("%s: link status up again after %d ms for interface %s\n",

					bond->dev->name,

					(bond->params.downdelay - slave->delay) *

		case BOND_LINK_UP:

			slave->link = BOND_LINK_UP;

			slave->jiffies = jiffies;

			slave->last_link_up = jiffies;

			if (bond->params.mode == BOND_MODE_8023AD) {

				/* prevent it from being the active one */

		pr_debug("bva: sip %pI4 not found in targets\n", &sip);

		return;

	}

	slave->last_arp_rx = jiffies;

	slave->last_rx = jiffies;

	slave->target_last_arp_rx[i] = jiffies;

}

	struct arphdr *arp = (struct arphdr *)skb->data;

	unsigned char *arp_ptr;

	__be32 sip, tip;

	int alen;

	int alen, is_arp = skb->protocol == __cpu_to_be16(ETH_P_ARP);

	if (skb->protocol != __cpu_to_be16(ETH_P_ARP))

	if (!slave_do_arp_validate(bond, slave)) {

		if ((slave_do_arp_validate_only(bond, slave) && is_arp) ||

		    !slave_do_arp_validate_only(bond, slave))

			slave->last_rx = jiffies;

		return RX_HANDLER_ANOTHER;

	read_lock(&bond->lock);

	if (!slave_do_arp_validate(bond, slave))

		goto out_unlock;

	} else if (!is_arp) {

		return RX_HANDLER_ANOTHER;

	}

	alen = arp_hdr_len(bond->dev);

		bond_validate_arp(bond, slave, sip, tip);

	else if (bond->curr_active_slave &&

		 time_after(slave_last_rx(bond, bond->curr_active_slave),

			    bond->curr_active_slave->jiffies))

			    bond->curr_active_slave->last_link_up))

		bond_validate_arp(bond, slave, tip, sip);

out_unlock:

	read_unlock(&bond->lock);

	if (arp != (struct arphdr *)skb->data)

		kfree(arp);

	return RX_HANDLER_ANOTHER;

	oldcurrent = ACCESS_ONCE(bond->curr_active_slave);

	/* see if any of the previous devices are up now (i.e. they have

	 * xmt and rcv traffic). the curr_active_slave does not come into

	 * the picture unless it is null. also, slave->jiffies is not needed

	 * here because we send an arp on each slave and give a slave as

	 * long as it needs to get the tx/rx within the delta.

	 * the picture unless it is null. also, slave->last_link_up is not

	 * needed here because we send an arp on each slave and give a slave

	 * as long as it needs to get the tx/rx within the delta.

	 * TODO: what about up/down delay in arp mode? it wasn't here before

	 *       so it can wait

	 */

		if (slave->link != BOND_LINK_UP) {

			if (bond_time_in_interval(bond, trans_start, 1) &&

			    bond_time_in_interval(bond, slave->dev->last_rx, 1)) {

			    bond_time_in_interval(bond, slave->last_rx, 1)) {

				slave->link  = BOND_LINK_UP;

				slave_state_changed = 1;

			 * if we don't know our ip yet

			 */

			if (!bond_time_in_interval(bond, trans_start, 2) ||

			    !bond_time_in_interval(bond, slave->dev->last_rx, 2)) {

			    !bond_time_in_interval(bond, slave->last_rx, 2)) {

				slave->link  = BOND_LINK_DOWN;

				slave_state_changed = 1;

		 * active.  This avoids bouncing, as the last receive

		 * times need a full ARP monitor cycle to be updated.

		 */

		if (bond_time_in_interval(bond, slave->jiffies, 2))

		if (bond_time_in_interval(bond, slave->last_link_up, 2))

			continue;

		/*

	new_slave->link = BOND_LINK_BACK;

	bond_set_slave_active_flags(new_slave);

	bond_arp_send_all(bond, new_slave);

	new_slave->jiffies = jiffies;

	new_slave->last_link_up = jiffies;

	rcu_assign_pointer(bond->current_arp_slave, new_slave);

	rtnl_unlock();

	if (bond->params.arp_interval) {  /* arp interval, in milliseconds. */

		queue_delayed_work(bond->wq, &bond->arp_work, 0);

		if (bond->params.arp_validate)

		bond->recv_probe = bond_arp_rcv;

	}

	}

	if (arp_validate) {

		if (bond_mode != BOND_MODE_ACTIVEBACKUP) {

			pr_err("arp_validate only supported in active-backup mode\n");

			return -EINVAL;

		}

		if (!arp_interval) {

			pr_err("arp_validate requires arp_interval\n");

			return -EINVAL;

	{ "active",		BOND_ARP_VALIDATE_ACTIVE,	0},

	{ "backup",		BOND_ARP_VALIDATE_BACKUP,	0},

	{ "all",		BOND_ARP_VALIDATE_ALL,		0},

	{ "filter",		BOND_ARP_FILTER,		0},

	{ "filter_active",	BOND_ARP_FILTER_ACTIVE,		0},

	{ "filter_backup",	BOND_ARP_FILTER_BACKUP,		0},

	{ NULL,			-1,				0},

};

		.id = BOND_OPT_ARP_VALIDATE,

		.name = "arp_validate",

		.desc = "validate src/dst of ARP probes",

		.unsuppmodes = BOND_MODE_ALL_EX(BIT(BOND_MODE_ACTIVEBACKUP)),

		.unsuppmodes = BIT(BOND_MODE_8023AD) | BIT(BOND_MODE_TLB) |

			       BIT(BOND_MODE_ALB),

		.values = bond_arp_validate_tbl,

		.set = bond_option_arp_validate_set

	},

			cancel_delayed_work_sync(&bond->arp_work);

		} else {

			/* arp_validate can be set only in active-backup mode */

			if (bond->params.arp_validate)

			bond->recv_probe = bond_arp_rcv;

			cancel_delayed_work_sync(&bond->mii_work);

			queue_delayed_work(bond->wq, &bond->arp_work, 0);

	struct net_device *dev; /* first - useful for panic debug */

	struct bonding *bond; /* our master */

	int    delay;

	unsigned long jiffies;

	unsigned long last_arp_rx;

	/* all three in jiffies */

	unsigned long last_link_up;

	unsigned long last_rx;

	unsigned long target_last_arp_rx[BOND_MAX_ARP_TARGETS];

	s8     link;    /* one of BOND_LINK_XXXX */

	s8     new_link;

#define BOND_ARP_VALIDATE_BACKUP	(1 << BOND_STATE_BACKUP)

#define BOND_ARP_VALIDATE_ALL		(BOND_ARP_VALIDATE_ACTIVE | \

					 BOND_ARP_VALIDATE_BACKUP)

#define BOND_ARP_FILTER			(BOND_ARP_VALIDATE_ALL + 1)

#define BOND_ARP_FILTER_ACTIVE		(BOND_ARP_VALIDATE_ACTIVE | \

					 BOND_ARP_FILTER)

#define BOND_ARP_FILTER_BACKUP		(BOND_ARP_VALIDATE_BACKUP | \

					 BOND_ARP_FILTER)

static inline int slave_do_arp_validate(struct bonding *bond,

					struct slave *slave)

	return bond->params.arp_validate & (1 << bond_slave_state(slave));

}

static inline int slave_do_arp_validate_only(struct bonding *bond,

					     struct slave *slave)

{

	return bond->params.arp_validate & BOND_ARP_FILTER;

}

/* Get the oldest arp which we've received on this slave for bond's

 * arp_targets.

 */

static inline unsigned long slave_last_rx(struct bonding *bond,

					struct slave *slave)

{

	if (slave_do_arp_validate(bond, slave)) {

	if (bond->params.arp_all_targets == BOND_ARP_TARGETS_ALL)

		return slave_oldest_target_arp_rx(bond, slave);

		else

			return slave->last_arp_rx;

	}

	return slave->dev->last_rx;

	return slave->last_rx;

}

#ifdef CONFIG_NET_POLL_CONTROLLER

/*

 * Cache lines mostly used on receive path (including eth_type_trans())

 */

	unsigned long		last_rx;	/* Time of last Rx

						 * This should not be set in

						 * drivers, unless really needed,

						 * because network stack (bonding)

						 * use it if/when necessary, to

						 * avoid dirtying this cache line.

						 */

	unsigned long		last_rx;	/* Time of last Rx */

	/* Interface address info used in eth_type_trans() */

	unsigned char		*dev_addr;	/* hw address, (before bcast