lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 04 Jan 2011 14:40:30 +0100
From:	Yann Dupont <Yann.Dupont@...v-nantes.fr>
To:	netdev@...r.kernel.org
Subject: possible issue between bridge igmp/multicast  handling & bnx2x on
 kernel 2.6.34 and >

Hello.
I hope this is not a known problem.

We have servers running recent (2.6.36, 2.6.37-rc)  hand compiled 
vanilla kernels. We are using those servers to run KVM & LXC.
Those servers are DELL poweredge M605 in a M1000e enclosure ; the 
network cards are 2X BCM5708S, driver bnx2, connected to Power Connect 
M6220.

Multiples vlans are used, each vlan is connected to a virtual bridge on 
the host.

This setup has been running fine for months.

We just added BCM57711 10G cards (bnx2x driver) on our blade servers 
(connected to 10G Power Connect M8024).
Since then, we are experiencing random lost of packets.

Symptom : packets are lost on some vlans for a few seconds, then things 
go back to normal (and stops again a few minutes later)

We then noticed that standard debian kernel (2.6.32.xxx) was running 
fine. Vanilla 2.6.32  kernel is also OK.
So I started a git bissect.

It ended there :

3fe2d7c70b747d5d968f4e8fa210676d49d40059 is the first bad commit
commit 3fe2d7c70b747d5d968f4e8fa210676d49d40059
Author: Herbert Xu <herbert@...dor.apana.org.au>
Date:   Sun Feb 28 00:49:38 2010 -0800

     bridge: Add multicast start/stop hooks

     This patch hooks up the bridge start/stop and add/delete/disable
     port functions to the new multicast module.

     Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
     Signed-off-by: David S. Miller <davem@...emloft.net>


I doubt the problem lies there ; when using bnx2 driver, there is no 
problem, and the patch itself is quite old now.

I tested turning off ICMP snooping in bridge , and this really resolves 
the problem.
Kernel 2.6.37-rc8 without this option works fine for us with bnx2x.


Does anybody have an explanation ?

Regards

-- 
Yann Dupont - Service IRTS, DSI Université de Nantes
Tel : 02.53.48.49.20 - Mail/Jabber : Yann.Dupont@...v-nantes.fr

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists