Bug#551620: DOS on the LAN when starting kvm with 2 network devices and bridging
Jan Luebbe writes: > Hi! > > On Mon, 2009-10-19 at 16:23 +0200, Goswin von Brederlow wrote: >> sudo kvm -m 256 -drive >> file=/scratch/ramdisk/build/build/hda.img,if=ide,boot=on -drive >> file=/scratch/ramdisk/build/build/hdb.img,if=ide,boot=off -net >> nic,model=e1000,macaddr=54:52:00:00:42:12 -net tap -net >> nic,model=e1000,macaddr=54:52:00:00:42:13 -net tap -smp 1 >> -kernel >> /scratch/ramdisk/build/build/chroot-amd64/boot/vmlinuz-2.6.27.34-1-ql-beowulf >> -append root=/dev/ram0 rw ramdisk_size=97872 console=ttyS0,115200 quiet >> --initrd /scratch/ramdisk/build/build/image-beobox-amd64-7.0.0-0.gz >> -nographic >> >> and the /etc/kvm/kvm-ifup script adds both devices to a bridge: > > The is an effect of how qemu's internal networking is designed. > > You defined 2 nics and *2 tap devices* on the same qemu-internal vlan. > Bridging these devices together creates a loop. > > If you just want two devices in the same physical lan use '-net tap' > only once. This will connect the two nics to the same tap device. > > You only need explicit vlans if you want to connect them to different > bridges on the host. > > I don't think this is RC, maybe qemu should warn if more than one tap > device is used on the same internal vlan. > > Jan Definetly warn if not automatically put them in different vlans by default. This behaviour is totaly unexpected. I created 2 tap devices for a reason and kvm just merged them again. They were intended for different bridges but the default kvm-ifup script put them into the same bridge. I can't think of any use case of having 2 tap devices in the same vlan so the default should be changed to something less dangerous. MfG Goswin -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#551620: DOS on the LAN when starting kvm with 2 network devices and bridging
Hi! On Mon, 2009-10-19 at 16:23 +0200, Goswin von Brederlow wrote: > sudo kvm -m 256 -drive > file=/scratch/ramdisk/build/build/hda.img,if=ide,boot=on -drive > file=/scratch/ramdisk/build/build/hdb.img,if=ide,boot=off -net > nic,model=e1000,macaddr=54:52:00:00:42:12 -net tap -net > nic,model=e1000,macaddr=54:52:00:00:42:13 -net tap -smp 1 > -kernel > /scratch/ramdisk/build/build/chroot-amd64/boot/vmlinuz-2.6.27.34-1-ql-beowulf > -append root=/dev/ram0 rw ramdisk_size=97872 console=ttyS0,115200 quiet > --initrd /scratch/ramdisk/build/build/image-beobox-amd64-7.0.0-0.gz > -nographic > > and the /etc/kvm/kvm-ifup script adds both devices to a bridge: The is an effect of how qemu's internal networking is designed. You defined 2 nics and *2 tap devices* on the same qemu-internal vlan. Bridging these devices together creates a loop. If you just want two devices in the same physical lan use '-net tap' only once. This will connect the two nics to the same tap device. You only need explicit vlans if you want to connect them to different bridges on the host. I don't think this is RC, maybe qemu should warn if more than one tap device is used on the same internal vlan. Jan -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#551620: DOS on the LAN when starting kvm with 2 network devices and bridging
Package: kvm Version: 85+dfsg-4 Severity: critical Hi, I'm starting kvm with 2 network interfaces like this: sudo kvm -m 256 -drive file=/scratch/ramdisk/build/build/hda.img,if=ide,boot=on -drive file=/scratch/ramdisk/build/build/hdb.img,if=ide,boot=off -net nic,model=e1000,macaddr=54:52:00:00:42:12 -net tap -net nic,model=e1000,macaddr=54:52:00:00:42:13 -net tap -smp 1 -kernel /scratch/ramdisk/build/build/chroot-amd64/boot/vmlinuz-2.6.27.34-1-ql-beowulf -append root=/dev/ram0 rw ramdisk_size=97872 console=ttyS0,115200 quiet --initrd /scratch/ramdisk/build/build/image-beobox-amd64-7.0.0-0.gz -nographic and the /etc/kvm/kvm-ifup script adds both devices to a bridge: -- cat /etc/kvm/kvm-ifup #!/bin/sh # NOTE: For this script to operate properly, it is expected that # you have a br0 BRIDGE=br0 /sbin/ifconfig $1 0.0.0.0 up /usr/sbin/brctl addif $BRIDGE $1 -- The strange thing now is that somehow creates a network loop causing a DOS attack on the local network within seconds. In tcpdump I saw a DHCP Reply to 255.255.255.255 over and over and over again but I guess any broadcast will do. This causes >90% package loss making the local network completly unusable. Michael Tokarev (mjt on #debian-devel) could reproduce the problem. MfG Goswin -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
