lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 31 Jan 2023 02:24:42 +0100
From:   Hadmut Danisch <hadmut@...isch.de>
To:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: macvlan configuration problem: bridge mode setting

Hi,

using Ubuntu 22.04, Kernel 5.15.0-58-generic, LXD 5.10-b392610, iproute2 
5.15.0-1ubuntu2


I ran into the problem that a virtual LXD container with an macvlan 
network interface mapped to the hosts ethernet adapter works as expected 
with all other machines in the LAN, including getting an IP address 
assigned by the DHCP server. But it cannot be reached from the HOST 
machine itself.


My first guess was that LXD does not set the macvlan into bridge mode, 
but leaves it in the default private mode, which would explain the 
problem. But LXD's source code showed that it sets the mode to bridge 
and uses iproute2's  ip program to set the interface.

I therefore tried commands like

ip link add name blubb address 02:4e:a6:27:01:07 link enp4s0 type 
macvlan mode bridge

ip link add link enp4s0 name sugar type macvlan mode bridge

which succeed without error message. But ip link show reports

9: blubb@...4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
mode DEFAULT group default qlen 1000
     link/ether 02:4e:a6:27:01:07 brd ff:ff:ff:ff:ff:ff
10: sugar@...4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
mode DEFAULT group default qlen 1000
     link/ether 26:99:d1:52:ba:e0 brd ff:ff:ff:ff:ff:ff

in both cases "mode DEFAULT", where I would expect „bridge“. Same with 
the interface assigned to the LXD virtual container.


Shouldn't this show the mode used in the ip link add command?

How can I check whether an interface has been correctly set into 
macvlan/bridge mode, and why can't the HOST itself communicate with the 
guest?

The maintainer of iproute2 told me that this mailing list is the place 
to ask.


regards

Hadmut

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ