Your message dated Sat, 27 May 2023 05:04:07 +0000
with message-id <[email protected]>
and subject line Bug#1036316: Removed package(s) from unstable
has caused the Debian Bug report #390985,
regarding vrrpd sees packets from wrong vlans when run on 802.1q interfaces
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
390985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=390985
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: vrrpd
Version: 1.0-1
Severity: important
This is to some extent network adapter dependant. Lower end cards with
more primitivea mac filtering like Via Rhine are less prone to this
problem. It is 100% reproducible on higher end cards like Intel e1000.
How to reproduce:
1. Configure 2 Vlan interfaces on host A and host B (with a suitable
switch in between).
2. Run VRRP between host A and host B on both VLANs using 2 different
vrrpd processes (let's say 5 and 6).
3. Configure process 5 auth to plain and 6 to pw. Both processes will
start seeing each other's packets and complain in syslog.
4. Configure process 5 ah and 6 to ah. This one is worse - all hosts on
all interfaces will try to grab the vrrp address generating duplicate
ips on the network.
So on.
I have not looked at the code in detail, but it seems that it heavily
relies on the IP stack to filter out the right multicast frames. The
stack in turn relies on the card driver and the card driver on MCAST
filters which on 802.1q interfaces quite often leak. Other similar apps
(quagga) perform extra checks on what they receive via MCAST to
compensate for such stack problems (they are well known).
The overall effect is that all auth schemes except "none" are rendered
unuseable when running vrrpd on 802.1q interfaces. It is also not
possible to mix authentication schemes.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.14-1-k7-desktop
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Versions of packages vrrpd depends on:
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.0-2+rm
Dear submitter,
as the package vrrpd has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/1036316
The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.
Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
