[Pkg-vsquare-devel] Bug#469098: vde2: vde_switch doesn't handle correctly mac-addresses migrating between switch ports

Andrzej Lemieszek agl at unx.lublin.pl
Mon Mar 3 01:37:18 UTC 2008 

Package: vde2
Version: 2.2.0-pre2-1
Severity: normal
Tags: patch

Function find_in_hash_update in the vde_switch hash.c code contains a kind of 
protection against switch port flapping (resulting e.g. from switch
loops or duplicate mac-addressess). When switch code detects that
mac-address already assigned to old switch port appears on another
switch port in the time shorter then min_persistence (default: 3) seconds,
since it was last_seen on the old port, it doesn't modify port field
in the hash entry for this mac. This code contains bug because
- after skipping hash change it updates last_seen variable with the
new timestamp, so the min_persistence time has to be counted from the
beginning  - and - in result - mac-address can't move between ports.

This bug makes vde_switch totally unusable with testing virtual router redundancy
implementations like CARP or VRRP, which assign virtual mac-address to
master router and send it's advertising frames very frequently (by
default - every 1 second). After changing the master router,
frames can't reach the new router, which sends its advertisments all
the time and doesn't allow old port to expire:

Mar  2 22:00:41 sierra vde_switch[26171]: MAC 00:00:5e:00:01:05 moved from port 12 to port 11
Mar  2 22:00:41 sierra vde_switch[26171]: MAC 00:00:5e:00:01:06 moved from port 12 to port 11
Mar  2 22:00:42 sierra vde_switch[26171]: MAC 00:00:5e:00:01:05 moved from port 12 to port 11
Mar  2 22:00:42 sierra vde_switch[26171]: MAC 00:00:5e:00:01:06 moved from port 12 to port 11
Mar  2 22:00:43 sierra vde_switch[26171]: MAC 00:00:5e:00:01:05 moved from port 12 to port 11
Mar  2 22:00:43 sierra last message repeated 2 times
....

but the hash table remains the same:

vde$ hash/print
0000 DATA END WITH '.'
Hash: 0021 Addr: 00:00:5e:00:01:05 VLAN 0005 to port: 012  age 0 secs
Hash: 0025 Addr: 00:00:5e:00:01:06 VLAN 0006 to port: 012  age 0 secs
...

The solution is simply not updating last_seen hash entry field, when
the port change is skipped (see attached patch), -  it makes
vde_switch usable with virtual routers, But for the future this code
needs a bit more cleaning.

-- 
Andrzej Lemieszek <agl at unx.lublin.pl>


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages vde2 depends on:
ii  adduser                     3.105        add and remove users and groups
ii  libc6                       2.7-3        GNU C Library: Shared libraries
ii  libpcap0.8                  0.9.8-2      System interface for user-level pa
ii  libvdemgmt0                 2.2.0-pre2-1 Virtual Distributed Ethernet - Man
ii  libvdeplug2                 2.2.0-pre2-1 Virtual Distributed Ethernet - Plu

Versions of packages vde2 recommends:
pn  daemon                        <none>     (no description available)

-- no debconf information
-------------- next part --------------
--- vde2-2.2.0-pre2.orig/hash.c
+++ vde2-2.2.0-pre2/hash.c
@@ -110,10 +110,13 @@
 	oldport=e->port;
 	now=qtime();
 	if (oldport!=port) {
-		if ((now - e->last_seen) > min_persistence)
+		if ((now - e->last_seen) > min_persistence) {
 			e->port=port;
+			e->last_seen = now;
+		}
+	} else {
+	    e->last_seen = now;
 	}
-	e->last_seen = now;
 	return oldport;
 }

More information about the Pkg-vsquare-devel mailing list