lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20200415113800.134f2530@strong.id.au>
Date:   Wed, 15 Apr 2020 11:38:00 +1000
From:   Russell Strong <russell@...ong.id.au>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     netdev@...r.kernel.org
Subject: Re: vxlan mac address generation

On Tue, 14 Apr 2020 17:23:48 -0700
Stephen Hemminger <stephen@...workplumber.org> wrote:

> On Wed, 15 Apr 2020 10:05:24 +1000
> Russell Strong <russell@...ong.id.au> wrote:
> 
> > Hi Stephen,
> > 
> > I've hit a problem with vxlan not communicating because mac
> > addresses being duplicated when I use the same IFNAME across
> > multiple virtual machines. The mac address appears to be some sort
> > of hash related to the IFNAME. Changing the name changes the mac
> > address.
> > 
> > Looking at vxlan_setup this should be random (eth_hw_addr_random)
> > but it is not.
> > 
> > Is there a bug here?
> > 
> > Regards,
> > Russell Strong  
> 
> Please forward questions to netdev@...r.kernel.org.
> Do you have weak seeding on your platform?  This happens early in boot
> process and maybe PRNG is not seeded yet.

I have checked the diff of /var/lib/systemd/random-seed.  Each machine
has a different seed.  Plus each machine has been running for a long
period of time.  They are however, cloned from the same source machine
wayback.

As an example, if I execute the following commands

ip link add v0 type vxlan id 1

I get the mac address 6e:7a:da:1c:12:0c

then delete and recreate,

ip link del v0
ip link add v0 type vxlan id 1

I get back the same address 6e:7a:da:1c:12:0c

I would have expected a different mac as the PRNG should have
advanced.  Also, if I change v0 to something else, I get a different mac
address but the same repeatability.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ