| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Mar 2011 15:51:54 +0100
From: Seblu <seblu@...lu.net>
To: netdev <netdev@...r.kernel.org>
Subject: bnx2 vlan issue
Good Afternoon Gentleman,
I've an issue with a 2.6.38 (vanilla) on a debian unstable distro. I
attached an lspci and lshw about hardware. I also attached debian
network config file.
My host is a host kvm which run vm on different networks (vlan). I
have 2 1Gbit/s card (eth0, eth1) and 1 10Gbit/s card (eth2).
I use bonding (bond0) mode 1 on the 1Gbit/s cards.
vlan 14 and 15 are only availlable trought 1G cards. Same tagging on
both cards in switch. 14 is untagged (need for pxe) and 15 is tagged.
Every network on my host is in a bridge. Eg:
vlan 15 is in br15 by bond0.15 as member,
vlan 14 is in br14 by bond0 as member,
vlan 20 is in br20 by eth2.20
The issue is simple, packets from vlan 15 which are tagged are not
visible on bond0.15 but in bond0 (see capture). Like if there is no
vlan.
we see rx packet on bond0
bond0 Link encap:Ethernet HWaddr 5c:26:0a:fc:f1:14
UP BROADCAST RUNNING PROMISC MASTER MULTICAST MTU:1500 Metric:1
RX packets:20219 errors:0 dropped:7999 overruns:0 frame:0
TX packets:2256 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3740193 (3.5 MiB) TX bytes:152212 (148.6 KiB)
we don't see rx packet (should see my ping)
bond0.15 Link encap:Ethernet HWaddr 5c:26:0a:fc:f1:14
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2117 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:90162 (88.0 KiB)
and we see my ping in vlan 15 in bond0 (which is vlan14 untagged)
14:27:46.770375 00:1d:09:6b:45:27 > 5c:26:0a:fc:f1:14, ethertype
802.1Q (0x8100), length 102: vlan 15, p 0, ethertype IPv4, 10.15.242.1
> 10.15.0.42: ICMP echo request, id 23406, seq 1944, length 64
14:27:47.156674 00:25:64:1a:7b:13 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 294: vlan 15, p 0, ethertype IPv4, 0.0.0.0.68
> 255.255.255.255.67: BOOTP/DHCP, Request from 00:25:64:1a:7b:13,
length 248
14:27:47.158508 00:16:3e:0a:a4:17 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 347: vlan 15, p 0, ethertype IPv4,
10.15.255.250.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 301
14:27:47.160375 00:25:64:1a:7b:13 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 294: vlan 15, p 0, ethertype IPv4, 0.0.0.0.68
> 255.255.255.255.67: BOOTP/DHCP, Request from 00:25:64:1a:7b:13,
length 248
14:27:47.161392 84:2b:2b:57:fa:61 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 64: vlan 15, p 0, ethertype ARP, Request
who-has 10.15.104.31 (ff:ff:ff:ff:ff:ff) tell 10.15.104.31, length 46
14:27:47.162159 00:16:3e:0a:a4:17 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 347: vlan 15, p 0, ethertype IPv4,
10.15.255.250.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 301
14:27:47.163991 00:25:64:1a:7b:13 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 294: vlan 15, p 0, ethertype IPv4, 0.0.0.0.68
> 255.255.255.255.67: BOOTP/DHCP, Request from 00:25:64:1a:7b:13,
length 248
14:27:47.165625 00:16:3e:0a:a4:17 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 347: vlan 15, p 0, ethertype IPv4,
10.15.255.250.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 301
14:27:47.167457 00:25:64:1a:7b:13 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 294: vlan 15, p 0, ethertype IPv4, 0.0.0.0.68
> 255.255.255.255.67: BOOTP/DHCP, Request from 00:25:64:1a:7b:13,
length 248
14:27:47.169173 00:16:3e:0a:a4:17 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 347: vlan 15, p 0, ethertype IPv4,
10.15.255.250.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 301
14:27:47.544048 5c:26:0a:fc:f1:14 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 46: vlan 15, p 0, ethertype ARP, Request
who-has 10.15.255.42 tell 10.15.0.42, length 28
14:27:47.544238 52:54:00:5f:2b:fe > 5c:26:0a:fc:f1:14, ethertype
802.1Q (0x8100), length 64: vlan 15, p 0, ethertype ARP, Reply
10.15.255.42 is-at 52:54:00:5f:2b:fe, length 46
14:27:47.752880 00:1d:09:6b:45:27 > 5c:26:0a:fc:f1:14, ethertype
802.1Q (0x8100), length 102: vlan 15, p 0, ethertype IPv4, 10.15.242.1
> 10.15.0.42: ICMP echo request, id 23406, seq 1945, length 64
14:27:48.391137 00:26:b9:fb:f1:90 > 33:33:00:00:00:00, ethertype
802.1Q (0x8100), length 90: vlan 15, p 5, ethertype IPv6,
truncated-ip6 - 8160 bytes missing!:: > ff02::1: HBH ICMP6, multicast
listener queryv2 [gaddr ::[|icmp6], length 8184
14:27:48.431190 00:26:b9:fb:f1:90 > 01:00:5e:00:00:01, ethertype
802.1Q (0x8100), length 64: vlan 15, p 1, ethertype IPv4, 0.0.0.0 >
224.0.0.1: igmp query v2
14:27:48.544004 5c:26:0a:fc:f1:14 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 46: vlan 15, p 0, ethertype ARP, Request
who-has 10.15.255.42 tell 10.15.0.42, length 28
14:27:48.544142 52:54:00:5f:2b:fe > 5c:26:0a:fc:f1:14, ethertype
802.1Q (0x8100), length 64: vlan 15, p 0, ethertype ARP, Reply
10.15.255.42 is-at 52:54:00:5f:2b:fe, length 46
14:27:48.723049 00:24:e8:7f:c4:58 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 64: vlan 15, p 0, ethertype ARP, Request
who-has 10.15.102.21 (ff:ff:ff:ff:ff:ff) tell 10.15.102.21, length 46
14:27:48.752858 00:1d:09:6b:45:27 > 5c:26:0a:fc:f1:14, ethertype
802.1Q (0x8100), length 102: vlan 15, p 0, ethertype IPv4, 10.15.242.1
> 10.15.0.42: ICMP echo request, id 23406, seq 1946, length 64
14:27:48.776100 84:2b:2b:57:f6:d2 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 64: vlan 15, p 0, ethertype ARP, Request
who-has 10.15.104.21 (ff:ff:ff:ff:ff:ff) tell 10.15.104.21, length 46
14:27:49.544049 5c:26:0a:fc:f1:14 > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100), length 46: vlan 15, p 0, ethertype ARP, Request
who-has 10.15.255.42 tell 10.15.0.42, length 28
in dmesg in see something like : "8021q: adding VLAN 0 to HW filter on
device bond0".
Maybe there is something wrong with hardware filtering?
I don't find a way to disable hw vlan filtering.
# ethtool -K eth1 rxvlan off
Cannot set device flag settings: Invalid argument
I found a way to make thing work and don't work by one command.
# rmmod bonding
# ifdown br14
# ifdown br15
# ifup --force bond0
# ifup --force bond0.15
# ifup --force br15
=> i can ping my ip on 15 working
if i make ifup --force br14, i lost connectivity on vlan 15.
I don't have isssue when bond0 is not member of br14. So vlan on
bonding seems to be broken.
Regards,
--
Sébastien Luttringer
www.seblu.net
Download attachment "lshw" of type "application/octet-stream" (28084 bytes)
Download attachment "lspci" of type "application/octet-stream" (1553 bytes)
Download attachment "dmesg.out" of type "application/octet-stream" (66114 bytes)
Download attachment "interfaces" of type "application/octet-stream" (795 bytes)
Download attachment "ifconfig" of type "application/octet-stream" (5785 bytes)
Powered by blists - more mailing lists