| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Dec 2020 12:24:21 -0800
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Subject: Fw: [Bug 210781] New: Tun.c fails with tc mirror when using bridges
Begin forwarded message:
Date: Fri, 18 Dec 2020 23:24:31 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 210781] New: Tun.c fails with tc mirror when using bridges
https://bugzilla.kernel.org/show_bug.cgi?id=210781
Bug ID: 210781
Summary: Tun.c fails with tc mirror when using bridges
Product: Networking
Version: 2.5
Kernel Version: 5.4.78
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
Assignee: stephen@...workplumber.org
Reporter: pablo.catalina@...il.com
Regression: No
Hi,
I got a kernel panic and after reboot I tried again and I got the following
error:
[17665.950212] u32 classifier
[17665.950247] input device check on
[17665.950278] Actions configured
[17665.993688] Mirror/redirect action on
[17673.994202] tun: unexpected GSO type: 0x0, gso_size 289, hdr_len 355
[17673.994242] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17673.994288] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17673.994333] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17673.994378] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17673.994432] ------------[ cut here ]------------
[17673.994479] WARNING: CPU: 7 PID: 4700 at drivers/net/tun.c:2129
tun_do_read+0x535/0x6d0
[17673.994525] Modules linked in: sch_prio act_mirred cls_u32 sch_ingress
iptable_mangle xt_TEE nf_dup_ipv6 nf_dup_ipv4 snd_hda_codec_realtek
snd_hda_codec_generic ledtrig_audio veth nfsv3 rpcsec_gss_krb5 nfsv4 nfs
fscache ebtable_filter ebtables ip6table_raw ip6t_REJECT nf_reject_ipv6
ip6table_filter ip6_tables iptable_raw ipt_REJECT nf_reject_ipv4 xt_NFLOG
xt_set xt_physdev xt_addrtype xt_multiport xt_conntrack xt_mark ip_set_hash_net
ip_set sctp iptable_filter xt_nat xt_tcpudp xt_MASQUERADE xt_comment
iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bpfilter bonding
zram softdog nfnetlink_log nfnetlink binfmt_misc i915 intel_rapl_msr
intel_rapl_common drm_kms_helper drm x86_pkg_temp_thermal intel_powerclamp
i2c_algo_bit coretemp fb_sys_fops syscopyarea sysfillrect sysimgblt
dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio kvm_intel kvm
snd_hda_intel snd_intel_dspcfg irqbypass snd_hda_codec snd_hda_core
crct10dif_pclmul snd_hwdep crc32_pclmul snd_pcm ghash_clmulni_intel
[17673.994547] aesni_intel ie31200_edac snd_timer snd crypto_simd eeepc_wmi
cryptd soundcore input_leds glue_helper rapl mac_hid asus_wmi intel_cstate
sparse_keymap serio_raw wmi_bmof vhost_net vhost tap ib_iser nfsd auth_rpcgss
nfs_acl lockd rdma_cm iw_cm ib_cm grace ib_core sunrpc iscsi_tcp libiscsi_tcp
libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress
raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor
raid6_pq libcrc32c raid1 raid0 multipath linear ahci xhci_pci i2c_i801 libahci
lpc_ich e1000e xhci_hcd ehci_pci ehci_hcd megaraid_sas wmi video
[17673.994984] CPU: 7 PID: 4700 Comm: vhost-4644 Not tainted 5.4.78-2-pve #1
[17673.995022] Hardware name: System manufacturer System Product Name/P8B WS,
BIOS 9922 06/20/2019
[17673.995075] RIP: 0010:tun_do_read+0x535/0x6d0
[17673.995113] Code: 00 00 6a 01 0f b7 45 aa b9 10 00 00 00 48 c7 c6 f4 63 40
8a 48 c7 c7 ff 5c 35 8a 83 f8 40 48 0f 4f c2 31 d2 50 e8 6b c7 d5 ff <0f> 0b 58
5a 49 c7 c4 ea ff ff ff e9 c2 fc ff ff 4c 89 ea be 04 00
[17673.995187] RSP: 0018:ffffac334350bc80 EFLAGS: 00010246
[17673.995224] RAX: 0000000000000000 RBX: ffff992cb1941600 RCX:
0000000000000006
[17673.995263] RDX: 0000000000000000 RSI: 0000000000000096 RDI:
ffff992d1f3d78c0
[17673.995303] RBP: ffffac334350bd08 R08: 0000000000000643 R09:
ffffffff8abb56ec
[17673.995342] R10: 000000000000072e R11: ffffac334350ba08 R12:
000000000000016f
[17673.995381] R13: ffffac334350be30 R14: ffff992b7bd548c0 R15:
0000000000000000
[17673.995421] FS: 0000000000000000(0000) GS:ffff992d1f3c0000(0000)
knlGS:0000000000000000
[17673.996652] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[17673.996688] CR2: 00007f9a5458ad38 CR3: 00000006969bc003 CR4:
00000000001626e0
[17673.996726] Call Trace:
[17673.996763] tun_recvmsg+0x76/0x110
[17673.996799] handle_rx+0x5d4/0xa20 [vhost_net]
[17673.996837] handle_rx_net+0x15/0x20 [vhost_net]
[17673.996873] vhost_worker+0xba/0x110 [vhost]
[17673.996910] kthread+0x120/0x140
[17673.996944] ? log_used.part.45+0x20/0x20 [vhost]
[17673.996980] ? kthread_park+0x90/0x90
[17673.997015] ret_from_fork+0x35/0x40
[17673.997049] ---[ end trace dc2c3635b10ec80e ]---
[17674.304983] tun: unexpected GSO type: 0x0, gso_size 91, hdr_len 157
[17674.305024] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17674.305070] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17674.305116] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17674.305161] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17685.611046] device eth0 left promiscuous mode
[17691.890075] device eth0 entered promiscuous mode
[17698.446189] device eth0 entered promiscuous mode
[17734.423198] tun: unexpected GSO type: 0x0, gso_size 497, hdr_len 563
[17734.423240] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17734.423288] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17734.423335] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17734.423382] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17750.949141] tun: unexpected GSO type: 0x0, gso_size 497, hdr_len 563
[17750.949185] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17750.949233] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17750.949284] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
[17750.949334] tun: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
Now, the environment:
Server using proxmox latest version.
I have ethernet connection, a tap interface using OpenVPN and two Linux
Bridges:
* VMBR0: several KVM VMs and LXC containers
* VMBR3: only one interface of one KVM
I wanted to mirror all the traffic on VMBR0 to VMBR3. THe iptables solution
does not work fine, the traffic appears duplicated or I miss the traffic from
VMBR0 to the TAP0 interface.
I tried to use tc to mirror the traffic using the following script:
#!/bin/sh
sif="vmbr0"
dif="vmbr3"
case "$1" in
start)
sif=vmbr0
dif=vmbr3
# ingress
tc qdisc add dev "$sif" ingress
tc filter add dev "$sif" parent ffff: \
protocol all \
u32 match u8 0 0 \
action mirred egress mirror dev "$dif"
# egress
tc qdisc add dev "$sif" handle 1: root prio
tc filter add dev "$sif" parent 1: \
protocol all \
u32 match u8 0 0 \
action mirred egress mirror dev "$dif"
;;
stop)
tc qdisc del dev $sif ingress
tc qdisc del dev $sif root
;;
*)
echo "usage $0 <start|stop>"
esac
When I start it I got the error above.
If I try to stop it, I get a kernel panic (I don't have access to the console,
so I cannot see the kernel panic).
Cheers,
Pablo
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
Powered by blists - more mailing lists