lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sun, 20 Dec 2020 12:24:21 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     netdev@...r.kernel.org
Subject: Fw: [Bug 210781] New: Tun.c fails with tc mirror when using bridges



Begin forwarded message:

Date: Fri, 18 Dec 2020 23:24:31 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 210781] New: Tun.c fails with tc mirror when using bridges


https://bugzilla.kernel.org/show_bug.cgi?id=210781

            Bug ID: 210781
           Summary: Tun.c fails with tc mirror when using bridges
           Product: Networking
           Version: 2.5
    Kernel Version: 5.4.78
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Other
          Assignee: stephen@...workplumber.org
          Reporter: pablo.catalina@...il.com
        Regression: No

Hi,

I got a kernel panic and after reboot I tried again and I got the following
error:


[17665.950212] u32 classifier
[17665.950247]     input device check on
[17665.950278]     Actions configured
[17665.993688] Mirror/redirect action on
[17673.994202] tun: unexpected GSO type: 0x0, gso_size 289, hdr_len 355
[17673.994242] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17673.994288] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17673.994333] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17673.994378] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17673.994432] ------------[ cut here ]------------
[17673.994479] WARNING: CPU: 7 PID: 4700 at drivers/net/tun.c:2129
tun_do_read+0x535/0x6d0
[17673.994525] Modules linked in: sch_prio act_mirred cls_u32 sch_ingress
iptable_mangle xt_TEE nf_dup_ipv6 nf_dup_ipv4 snd_hda_codec_realtek
snd_hda_codec_generic ledtrig_audio veth nfsv3 rpcsec_gss_krb5 nfsv4 nfs
fscache ebtable_filter ebtables ip6table_raw ip6t_REJECT nf_reject_ipv6
ip6table_filter ip6_tables iptable_raw ipt_REJECT nf_reject_ipv4 xt_NFLOG
xt_set xt_physdev xt_addrtype xt_multiport xt_conntrack xt_mark ip_set_hash_net
ip_set sctp iptable_filter xt_nat xt_tcpudp xt_MASQUERADE xt_comment
iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bpfilter bonding
zram softdog nfnetlink_log nfnetlink binfmt_misc i915 intel_rapl_msr
intel_rapl_common drm_kms_helper drm x86_pkg_temp_thermal intel_powerclamp
i2c_algo_bit coretemp fb_sys_fops syscopyarea sysfillrect sysimgblt
dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio kvm_intel kvm
snd_hda_intel snd_intel_dspcfg irqbypass snd_hda_codec snd_hda_core
crct10dif_pclmul snd_hwdep crc32_pclmul snd_pcm ghash_clmulni_intel
[17673.994547]  aesni_intel ie31200_edac snd_timer snd crypto_simd eeepc_wmi
cryptd soundcore input_leds glue_helper rapl mac_hid asus_wmi intel_cstate
sparse_keymap serio_raw wmi_bmof vhost_net vhost tap ib_iser nfsd auth_rpcgss
nfs_acl lockd rdma_cm iw_cm ib_cm grace ib_core sunrpc iscsi_tcp libiscsi_tcp
libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress
raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor
raid6_pq libcrc32c raid1 raid0 multipath linear ahci xhci_pci i2c_i801 libahci
lpc_ich e1000e xhci_hcd ehci_pci ehci_hcd megaraid_sas wmi video
[17673.994984] CPU: 7 PID: 4700 Comm: vhost-4644 Not tainted 5.4.78-2-pve #1
[17673.995022] Hardware name: System manufacturer System Product Name/P8B WS,
BIOS 9922 06/20/2019
[17673.995075] RIP: 0010:tun_do_read+0x535/0x6d0
[17673.995113] Code: 00 00 6a 01 0f b7 45 aa b9 10 00 00 00 48 c7 c6 f4 63 40
8a 48 c7 c7 ff 5c 35 8a 83 f8 40 48 0f 4f c2 31 d2 50 e8 6b c7 d5 ff <0f> 0b 58
5a 49 c7 c4 ea ff ff ff e9 c2 fc ff ff 4c 89 ea be 04 00
[17673.995187] RSP: 0018:ffffac334350bc80 EFLAGS: 00010246
[17673.995224] RAX: 0000000000000000 RBX: ffff992cb1941600 RCX:
0000000000000006
[17673.995263] RDX: 0000000000000000 RSI: 0000000000000096 RDI:
ffff992d1f3d78c0
[17673.995303] RBP: ffffac334350bd08 R08: 0000000000000643 R09:
ffffffff8abb56ec
[17673.995342] R10: 000000000000072e R11: ffffac334350ba08 R12:
000000000000016f
[17673.995381] R13: ffffac334350be30 R14: ffff992b7bd548c0 R15:
0000000000000000
[17673.995421] FS:  0000000000000000(0000) GS:ffff992d1f3c0000(0000)
knlGS:0000000000000000
[17673.996652] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[17673.996688] CR2: 00007f9a5458ad38 CR3: 00000006969bc003 CR4:
00000000001626e0
[17673.996726] Call Trace:
[17673.996763]  tun_recvmsg+0x76/0x110
[17673.996799]  handle_rx+0x5d4/0xa20 [vhost_net]
[17673.996837]  handle_rx_net+0x15/0x20 [vhost_net]
[17673.996873]  vhost_worker+0xba/0x110 [vhost]
[17673.996910]  kthread+0x120/0x140
[17673.996944]  ? log_used.part.45+0x20/0x20 [vhost]
[17673.996980]  ? kthread_park+0x90/0x90
[17673.997015]  ret_from_fork+0x35/0x40
[17673.997049] ---[ end trace dc2c3635b10ec80e ]---
[17674.304983] tun: unexpected GSO type: 0x0, gso_size 91, hdr_len 157
[17674.305024] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17674.305070] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17674.305116] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17674.305161] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17685.611046] device eth0 left promiscuous mode
[17691.890075] device eth0 entered promiscuous mode
[17698.446189] device eth0 entered promiscuous mode
[17734.423198] tun: unexpected GSO type: 0x0, gso_size 497, hdr_len 563
[17734.423240] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17734.423288] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17734.423335] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17734.423382] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17750.949141] tun: unexpected GSO type: 0x0, gso_size 497, hdr_len 563
[17750.949185] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17750.949233] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17750.949284] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................
[17750.949334] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
................



Now, the environment:

Server using proxmox latest version.
I have ethernet connection, a tap interface using OpenVPN and two Linux
Bridges:
* VMBR0: several KVM VMs and LXC containers
* VMBR3: only one interface of one KVM

I wanted to mirror all the traffic on VMBR0 to VMBR3. THe iptables solution
does not work fine, the traffic appears duplicated or I miss the traffic from
VMBR0 to the TAP0 interface.

I tried to use tc to mirror the traffic using the following script:

#!/bin/sh
sif="vmbr0"
dif="vmbr3"


case "$1" in
        start)
                sif=vmbr0
                dif=vmbr3

                # ingress
                tc qdisc add dev "$sif" ingress
                tc filter add dev "$sif" parent ffff: \
                          protocol all \
                          u32 match u8 0 0 \
                          action mirred egress mirror dev "$dif"

                # egress
                tc qdisc add dev "$sif" handle 1: root prio
                tc filter add dev "$sif" parent 1: \
                          protocol all \
                          u32 match u8 0 0 \
                          action mirred egress mirror dev "$dif"

                ;;
        stop)
                tc qdisc del dev $sif ingress
                tc qdisc del dev $sif root
                ;;
        *)
                echo "usage $0 <start|stop>"
esac


When I start it I got the error above.
If I try to stop it, I get a kernel panic (I don't have access to the console,
so I cannot see the kernel panic).

Cheers,

Pablo

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

Powered by blists - more mailing lists