[Kernel-packages] [Bug 2025311] Re: packet storm as nics in STP enabled netns bridges lack BPDU maddr 01:80:c2:00:00:00

Harry Coin Thu, 29 Jun 2023 08:20:24 -0700

** Tags added: kernel-net

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2025311


Title:
  packet storm as nics in STP enabled netns bridges lack BPDU maddr
  01:80:c2:00:00:00

Status in linux-signed package in Ubuntu:
  New

Bug description:
  Bridges with STP enabled, only if in the non-default namespace,
  connecting the nic as a port to the bridge will not add the STP
  multicast address to the port nics, causing them to fail in all
  important BPDU topology updates.  This leads to packet storms,
  effectively locking up all connected systems --  all the problems STP
  is designed to prevent.

  This bug exists in ubuntu's 5.15 generic Jammy and 6.1 22.04c
  kernels.  100% reproducible.   Below you'll see two cases that vary
  only in that one takes place in a non-default network namespace.  The
  only material difference is the nic ports in the non-default namespace
  lack the STP bridge multicast address.

  Notice in the default namespace, for example, we have:

   ip -d link show lan0bridge
  31: lan0bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
state UP mode DEFAULT group default qlen 1000
      link/ether 52:54:e5:79:c5:7a brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 
68 maxmtu 65535
      bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 
stp_state 1 priority 28 vlan_filtering 0 vlan_protocol 802.1Q bridge_id 
001c.52:54:e5:79:c5:7a designated_root 001c.52:54:e5:79:c5:7a root_port 1 
root_path_cost 4 topology_change 0 topology_change_detected 0 hello_timer    
0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer   24.87 
vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 
group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 
mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16 
mcast_hash_max 4096 mcast_last_member_count 2 mcast_startup_query_count 2 
mcast_last_member_interval 100 mcast_membership_interval 26000 
mcast_querier_interval 25500 mcast_query_interval 12500 
mcast_query_response_interval 1000 mcast_startup_query_interval 3124 
mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 
0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 
numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

  And an example port:

  ip -d addr show gnv0lan1
  32: gnv0lan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master 
lan0bridge state UNKNOWN group default qlen 1000
      link/ether 52:54:86:cb:d4:05 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 
68 maxmtu 65485
      geneve id 7745 remote 192.XXX.XXX.XXx ttl auto dstport 6081 noudpcsum 
udp6zerocsumrx
      bridge_slave state forwarding priority 32 cost 100 hairpin off guard off 
root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 
designated_port 32770 designated_cost 4 designated_bridge 
001c.52:54:e5:79:c5:7a designated_root 0014.52:54:ff:79:8b:4d hold_timer    
0.68 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 
0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 
mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off 
group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off 
numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

  And the expected
  # ip maddr show gnv0lan1
  32:     gnv0lan1
          link  33:33:00:00:00:02 users 2
          link  01:00:5e:00:00:01
          link  33:33:00:00:00:01
          link  01:80:c2:00:00:00   <-- STP multicast address.
  ...

  But in a non-default namespace we have, for example:

  root@rssnoc2e0:~# ip netns exec squad0ns ip -d link show sqd0lanbr
  20: sqd0lanbr: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1370 qdisc noqueue state 
UP mode DEFAULT group default qlen 1000
      link/ether 2a:19:e7:b2:98:c6 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 
68 maxmtu 65535
      bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 
stp_state 1 priority 10000 vlan_filtering 0 vlan_protocol 802.1Q bridge_id 
2710.2a:19:e7:b2:98:c6 designated_root 2710.2a:19:e7:b2:98:c6 root_port 0 
root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    
0.05 tcn_timer    0.00 topology_change_timer    0.00 gc_timer    0.00 
vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 
group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 
mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16 
mcast_hash_max 4096 mcast_last_member_count 2 mcast_startup_query_count 2 
mcast_last_member_interval 100 mcast_membership_interval 26000 
mcast_querier_interval 25500 mcast_query_interval 12500 
mcast_query_response_interval 1000 mcast_startup_query_interval 3124 
mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 
0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 
numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

  And a nic on that bridge:

  root@rssnoc2e0:~# ip netns exec squad0ns ip -d link show gnv1lan
  21: gnv1lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1370 qdisc noqueue master 
sqd0lanbr state UNKNOWN mode DEFAULT group default qlen 1000
      link/ether 4a:cf:01:4b:0a:fd brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 
68 maxmtu 65485
      geneve id 7745 remote 192.XXX.XXX.XXX ttl auto dstport 6081 noudpcsum 
udp6zerocsumrx
      bridge_slave state forwarding priority 32 cost 2048 hairpin off guard off 
root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 
designated_port 32769 designated_cost 0 designated_bridge 
2710.2a:19:e7:b2:98:c6 designated_root 2710.2a:19:e7:b2:98:c6 hold_timer    
0.70 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 
0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 
mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off 
group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off 
addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 
65535

  And here, we see the STP multicast address is missing:
  root@rssnoc2e0:~# ip netns exec squad0ns ip maddr show gnv1lan
  21:     gnv1lan
          link  33:33:00:00:00:01
          link  01:00:5e:00:00:01
          inet  224.0.0.1
          inet6 ff02::1
          inet6 ff01::1
  root@rssnoc2e0:~#

  !! Missing multicast address for STP BPDU reception.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/2025311/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 2025311] Re: packet storm as nics in STP enabled netns bridges lack BPDU maddr 01:80:c2:00:00:00

Reply via email to