Bug#551620: marked as done (DOS on the LAN when starting kvm with 2 network devices and bridging)

Mon, 28 Dec 2009 12:55:55 -0800 

Your message dated Mon, 28 Dec 2009 20:47:06 +0000
with message-id <1262033226.672342.2482.nullmai...@kmos.homeip.net>
and subject line Package kvm has been removed from Debian
has caused the Debian Bug report #551620,
regarding DOS on the LAN when starting kvm with 2 network devices and bridging
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
551620: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551620
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: kvm
Version: 85+dfsg-4
Severity: critical

Hi,

I'm starting kvm with 2 network interfaces like this:

sudo kvm -m 256 -drive file=/scratch/ramdisk/build/build/hda.img,if=ide,boot=on 
-drive file=/scratch/ramdisk/build/build/hdb.img,if=ide,boot=off -net 
nic,model=e1000,macaddr=54:52:00:00:42:12 -net tap -net 
nic,model=e1000,macaddr=54:52:00:00:42:13 -net tap -smp 1 -kernel 
/scratch/ramdisk/build/build/chroot-amd64/boot/vmlinuz-2.6.27.34-1-ql-beowulf 
-append root=/dev/ram0 rw ramdisk_size=97872 console=ttyS0,115200 quiet 
--initrd /scratch/ramdisk/build/build/image-beobox-amd64-7.0.0-0.gz -nographic

and the /etc/kvm/kvm-ifup script adds both devices to a bridge:

----------------------------------------------------------------------
cat /etc/kvm/kvm-ifup
#!/bin/sh

# NOTE: For this script to operate properly, it is expected that
#       you have a br0

BRIDGE=br0

/sbin/ifconfig $1 0.0.0.0 up
/usr/sbin/brctl addif $BRIDGE $1
----------------------------------------------------------------------

The strange thing now is that somehow creates a network loop causing a
DOS attack on the local network within seconds. In tcpdump I saw a
DHCP Reply to 255.255.255.255 over and over and over again but I guess
any broadcast will do. This causes >90% package loss making the local
network completly unusable.

Michael Tokarev (mjt on #debian-devel) could reproduce the problem.

MfG
        Goswin

--- End Message ---
--- Begin Message --- 
Version: 85+dfsg-4.1+rm

You filled the bug http://bugs.debian.org/551620 in Debian BTS
against the package kvm. I'm closing it at *unstable*, but it will
remain open for older distributions.

For more information about this package's removal, read
http://bugs.debian.org/562620. That bug might give the reasons why
this package was removed and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues

--- End Message ---

Reply via email to