Package: vde2
Version: 2.2.0-pre2-1
Severity: normal
Tags: patch
Function find_in_hash_update in the vde_switch hash.c code contains a kind of
protection against switch port flapping (resulting e.g. from switch
loops or duplicate mac-addressess). When switch code detects that
mac-address already assigned to old switch port appears on another
switch port in the time shorter then min_persistence (default: 3) seconds,
since it was last_seen on the old port, it doesn't modify port field
in the hash entry for this mac. This code contains bug because
- after skipping hash change it updates last_seen variable with the
new timestamp, so the min_persistence time has to be counted from the
beginning - and - in result - mac-address can't move between ports.
This bug makes vde_switch totally unusable with testing virtual router
redundancy
implementations like CARP or VRRP, which assign virtual mac-address to
master router and send it's advertising frames very frequently (by
default - every 1 second). After changing the master router,
frames can't reach the new router, which sends its advertisments all
the time and doesn't allow old port to expire:
Mar 2 22:00:41 sierra vde_switch[26171]: MAC 00:00:5e:00:01:05 moved from port
12 to port 11
Mar 2 22:00:41 sierra vde_switch[26171]: MAC 00:00:5e:00:01:06 moved from port
12 to port 11
Mar 2 22:00:42 sierra vde_switch[26171]: MAC 00:00:5e:00:01:05 moved from port
12 to port 11
Mar 2 22:00:42 sierra vde_switch[26171]: MAC 00:00:5e:00:01:06 moved from port
12 to port 11
Mar 2 22:00:43 sierra vde_switch[26171]: MAC 00:00:5e:00:01:05 moved from port
12 to port 11
Mar 2 22:00:43 sierra last message repeated 2 times
....
but the hash table remains the same:
vde$ hash/print
0000 DATA END WITH '.'
Hash: 0021 Addr: 00:00:5e:00:01:05 VLAN 0005 to port: 012 age 0 secs
Hash: 0025 Addr: 00:00:5e:00:01:06 VLAN 0006 to port: 012 age 0 secs
...
The solution is simply not updating last_seen hash entry field, when
the port change is skipped (see attached patch), - it makes
vde_switch usable with virtual routers, But for the future this code
needs a bit more cleaning.
--
Andrzej Lemieszek <[EMAIL PROTECTED]>
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages vde2 depends on:
ii adduser 3.105 add and remove users and groups
ii libc6 2.7-3 GNU C Library: Shared libraries
ii libpcap0.8 0.9.8-2 System interface for user-level pa
ii libvdemgmt0 2.2.0-pre2-1 Virtual Distributed Ethernet - Man
ii libvdeplug2 2.2.0-pre2-1 Virtual Distributed Ethernet - Plu
Versions of packages vde2 recommends:
pn daemon <none> (no description available)
-- no debconf information
--- vde2-2.2.0-pre2.orig/hash.c
+++ vde2-2.2.0-pre2/hash.c
@@ -110,10 +110,13 @@
oldport=e->port;
now=qtime();
if (oldport!=port) {
- if ((now - e->last_seen) > min_persistence)
+ if ((now - e->last_seen) > min_persistence) {
e->port=port;
+ e->last_seen = now;
+ }
+ } else {
+ e->last_seen = now;
}
- e->last_seen = now;
return oldport;
}
