[jira] [Created] (CLOUDSTACK-2804) getEthByIp function in vpc_func.sh can return the wrong network interface

Mon, 03 Jun 2013 01:42:42 -0700 

Hugo Trippaers created CLOUDSTACK-2804:
------------------------------------------

             Summary: getEthByIp function in vpc_func.sh can return the wrong 
network interface
                 Key: CLOUDSTACK-2804
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2804
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
    Affects Versions: 4.0.2
            Reporter: Hugo Trippaers
            Assignee: Hugo Trippaers


Depending on the netmasks used it is possible that the broadcast address of one 
network matches the ip address of another interface. 
In the case of adding a loadbalancer configuration this can result in the 
firewall rules being applied on the wrong network.

Example Router VM network config
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
qlen 1000
    link/ether 02:00:34:05:00:03 brd ff:ff:ff:ff:ff:ff
    inet 10.75.2.65/26 brd 10.75.2.127 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
qlen 1000
    link/ether 02:00:57:4b:00:04 brd ff:ff:ff:ff:ff:ff
    inet 10.75.2.1/26 brd 10.75.2.63 scope global eth3

This is the function:
getEthByIp (){
  local ip=$1
  for dev in `ls -1 /sys/class/net | grep eth`
  do
    sudo ip addr show dev $dev | grep $ip > /dev/null
    if [ $? -eq 0 ]
    then
      echo $dev
      return 0
    fi
  done
  return 1
}

Example with the above router VM config:

root@r-1784-VM:/opt/cloud/bin# sudo ip addr show dev eth2 | grep 10.75.2.1
    inet 10.75.2.65/26 brd 10.75.2.127 scope global eth2
root@r-1784-VM:/opt/cloud/bin# sudo ip addr show dev eth3 | grep 10.75.2.1
    inet 10.75.2.1/26 brd 10.75.2.63 scope global eth3
root@r-1784-VM:/opt/cloud/bin# 

In this case we want eth3 as device, but it first matches on eth2, since the 
broadcast address of eth2 is the first match.

A possible solution would be to grep for "inet $ip/" instead of just $ip. This 
has only been tested with the loadbalancer case.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to