[ https://issues.apache.org/jira/browse/CLOUDSTACK-2804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hugo Trippaers updated CLOUDSTACK-2804: --------------------------------------- Fix Version/s: 4.2.0 > getEthByIp function in vpc_func.sh can return the wrong network interface > ------------------------------------------------------------------------- > > Key: CLOUDSTACK-2804 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2804 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Affects Versions: 4.0.2 > Reporter: Hugo Trippaers > Assignee: Hugo Trippaers > Fix For: 4.2.0 > > > Depending on the netmasks used it is possible that the broadcast address of > one network matches the ip address of another interface. > In the case of adding a loadbalancer configuration this can result in the > firewall rules being applied on the wrong network. > Example Router VM network config > 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP > qlen 1000 > link/ether 02:00:34:05:00:03 brd ff:ff:ff:ff:ff:ff > inet 10.75.2.65/26 brd 10.75.2.127 scope global eth2 > 5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP > qlen 1000 > link/ether 02:00:57:4b:00:04 brd ff:ff:ff:ff:ff:ff > inet 10.75.2.1/26 brd 10.75.2.63 scope global eth3 > This is the function: > getEthByIp (){ > local ip=$1 > for dev in `ls -1 /sys/class/net | grep eth` > do > sudo ip addr show dev $dev | grep $ip > /dev/null > if [ $? -eq 0 ] > then > echo $dev > return 0 > fi > done > return 1 > } > Example with the above router VM config: > root@r-1784-VM:/opt/cloud/bin# sudo ip addr show dev eth2 | grep 10.75.2.1 > inet 10.75.2.65/26 brd 10.75.2.127 scope global eth2 > root@r-1784-VM:/opt/cloud/bin# sudo ip addr show dev eth3 | grep 10.75.2.1 > inet 10.75.2.1/26 brd 10.75.2.63 scope global eth3 > root@r-1784-VM:/opt/cloud/bin# > In this case we want eth3 as device, but it first matches on eth2, since the > broadcast address of eth2 is the first match. > A possible solution would be to grep for "inet $ip/" instead of just $ip. > This has only been tested with the loadbalancer case. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira