lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Jan 2011 14:40:30 +0100 From: Yann Dupont <Yann.Dupont@...v-nantes.fr> To: netdev@...r.kernel.org Subject: possible issue between bridge igmp/multicast handling & bnx2x on kernel 2.6.34 and > Hello. I hope this is not a known problem. We have servers running recent (2.6.36, 2.6.37-rc) hand compiled vanilla kernels. We are using those servers to run KVM & LXC. Those servers are DELL poweredge M605 in a M1000e enclosure ; the network cards are 2X BCM5708S, driver bnx2, connected to Power Connect M6220. Multiples vlans are used, each vlan is connected to a virtual bridge on the host. This setup has been running fine for months. We just added BCM57711 10G cards (bnx2x driver) on our blade servers (connected to 10G Power Connect M8024). Since then, we are experiencing random lost of packets. Symptom : packets are lost on some vlans for a few seconds, then things go back to normal (and stops again a few minutes later) We then noticed that standard debian kernel (2.6.32.xxx) was running fine. Vanilla 2.6.32 kernel is also OK. So I started a git bissect. It ended there : 3fe2d7c70b747d5d968f4e8fa210676d49d40059 is the first bad commit commit 3fe2d7c70b747d5d968f4e8fa210676d49d40059 Author: Herbert Xu <herbert@...dor.apana.org.au> Date: Sun Feb 28 00:49:38 2010 -0800 bridge: Add multicast start/stop hooks This patch hooks up the bridge start/stop and add/delete/disable port functions to the new multicast module. Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> Signed-off-by: David S. Miller <davem@...emloft.net> I doubt the problem lies there ; when using bnx2 driver, there is no problem, and the patch itself is quite old now. I tested turning off ICMP snooping in bridge , and this really resolves the problem. Kernel 2.6.37-rc8 without this option works fine for us with bnx2x. Does anybody have an explanation ? Regards -- Yann Dupont - Service IRTS, DSI Université de Nantes Tel : 02.53.48.49.20 - Mail/Jabber : Yann.Dupont@...v-nantes.fr -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists