[Qemu-devel] accidental mistyping of command line kills networking

[Qemu-devel] accidental mistyping of command line kills networking

[Beth Kon]

I accidentally entered a command line as follows:

/usr/bin/qemu-kvm -drive 
file=/scratch/images/beth/windows/win2k3_32_R2.dat.10G.img,if=ide -m 
2048 -boot cd -net nic,model=rtl8139 -net tap,script=/etc/qemu-ifup -vnc 
:12 -usbdevice tablet -monitor stdio -net nic,model=e1000 -net 
tap,script=/etc/qemu-ifup

and the machine's networking broke, requiring a network restart to get 
it back in order. The second -net tap,script=/etc/qemu-ifup causes the 
problem.

/var/log/messages shows
 tap0: received packet with  own address as source address

I don't have time at the moment to look into what's going wrong.  Just 
wanted to make people aware.

Beth Kon

Re: [Qemu-devel] accidental mistyping of command line kills networking

[Beth Kon]

Beth Kon wrote:
> I accidentally entered a command line as follows:
>
> /usr/bin/qemu-kvm -drive 
> file=/scratch/images/beth/windows/win2k3_32_R2.dat.10G.img,if=ide -m 
> 2048 -boot cd -net nic,model=rtl8139 -net tap,script=/etc/qemu-ifup 
> -vnc :12 -usbdevice tablet -monitor stdio -net nic,model=e1000 -net 
> tap,script=/etc/qemu-ifup
>
> and the machine's networking broke, requiring a network restart to get 
> it back in order. The second -net tap,script=/etc/qemu-ifup causes the 
> problem.
>
> /var/log/messages shows
> tap0: received packet with  own address as source address
>
> I don't have time at the moment to look into what's going wrong.  Just 
> wanted to make people aware.
>
> Beth Kon
>
>
A clarification... this command line is ok. But as it happens, windows 
datacenter does not have a driver for rtl8139. So somehow, this 
driverless adapter in windows is effectively causing an "extra" tap 
device to be specified on the qemu command line, wreaking havoc with the 
networking on the host.

Re: [Qemu-devel] accidental mistyping of command line kills networking

[Anthony Liguori]

Beth Kon wrote:
> Beth Kon wrote:
>> I accidentally entered a command line as follows:
>>
>> /usr/bin/qemu-kvm -drive 
>> file=/scratch/images/beth/windows/win2k3_32_R2.dat.10G.img,if=ide -m 
>> 2048 -boot cd -net nic,model=rtl8139 -net tap,script=/etc/qemu-ifup 
>> -vnc :12 -usbdevice tablet -monitor stdio -net nic,model=e1000 -net 
>> tap,script=/etc/qemu-ifup
>>
>> and the machine's networking broke, requiring a network restart to 
>> get it back in order. The second -net tap,script=/etc/qemu-ifup 
>> causes the problem.
>>
>> /var/log/messages shows
>> tap0: received packet with  own address as source address
>>
>> I don't have time at the moment to look into what's going wrong.  
>> Just wanted to make people aware.
>>
>> Beth Kon
> A clarification... this command line is ok. But as it happens, windows 
> datacenter does not have a driver for rtl8139. So somehow, this 
> driverless adapter in windows is effectively causing an "extra" tap 
> device to be specified on the qemu command line, wreaking havoc with 
> the networking on the host.

It's actually not okay.  You're creating a bridge with two tap devices 
on the bridge that happen to be connected in qemu by a vlan.  If one tap 
device receives a packet, qemu is going to forward that packet to the 
other tap device, which will in turn send the packet to the bridge which 
in turn sends it to the first tap device.

Resulting in an infinite networking loop.

Regards,

Anthony Liguori

Re: [Qemu-devel] accidental mistyping of command line kills networking

[Avi Kivity]

On 10/27/2009 11:44 PM, Anthony Liguori wrote:
>
> It's actually not okay.  You're creating a bridge with two tap devices 
> on the bridge that happen to be connected in qemu by a vlan.  If one 
> tap device receives a packet, qemu is going to forward that packet to 
> the other tap device, which will in turn send the packet to the bridge 
> which in turn sends it to the first tap device.
>
> Resulting in an infinite networking loop.
>

It shouldn't kill networking though.  If a guest has two nics connected 
to the same host bridge (a reasonable configuration), and then connects 
these two nics through its own bridge, it creates the same sort of 
loop.  If that kills networking, we have a guest-initiated DoS (not that 
the userspace-initiated DoS was much better).

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

Re: [Qemu-devel] accidental mistyping of command line kills networking

[Gleb Natapov]

On Wed, Oct 28, 2009 at 08:29:42AM +0200, Avi Kivity wrote:
> On 10/27/2009 11:44 PM, Anthony Liguori wrote:
> >
> >It's actually not okay.  You're creating a bridge with two tap
> >devices on the bridge that happen to be connected in qemu by a
> >vlan.  If one tap device receives a packet, qemu is going to
> >forward that packet to the other tap device, which will in turn
> >send the packet to the bridge which in turn sends it to the first
> >tap device.
> >
> >Resulting in an infinite networking loop.
> >
> 
> It shouldn't kill networking though.  If a guest has two nics
> connected to the same host bridge (a reasonable configuration), and
> then connects these two nics through its own bridge, it creates the
> same sort of loop.  If that kills networking, we have a
> guest-initiated DoS (not that the userspace-initiated DoS was much
> better).
> 
That's what STP is for.

--
			Gleb.

Re: [Qemu-devel] accidental mistyping of command line kills networking

[Avi Kivity]

On 10/28/2009 10:34 AM, Gleb Natapov wrote:
>
>> It shouldn't kill networking though.  If a guest has two nics
>> connected to the same host bridge (a reasonable configuration), and
>> then connects these two nics through its own bridge, it creates the
>> same sort of loop.  If that kills networking, we have a
>> guest-initiated DoS (not that the userspace-initiated DoS was much
>> better).
>>
>>      
> That's what STP is for.
>
>    

The guest need not respect it.  The host must survive network loopbacks.

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] accidental mistyping of command line kills networking

[Gleb Natapov]

On Wed, Oct 28, 2009 at 10:55:50AM +0200, Avi Kivity wrote:
> On 10/28/2009 10:34 AM, Gleb Natapov wrote:
> >
> >>It shouldn't kill networking though.  If a guest has two nics
> >>connected to the same host bridge (a reasonable configuration), and
> >>then connects these two nics through its own bridge, it creates the
> >>same sort of loop.  If that kills networking, we have a
> >>guest-initiated DoS (not that the userspace-initiated DoS was much
> >>better).
> >>
> >That's what STP is for.
> >
> 
> The guest need not respect it.  The host must survive network loopbacks.
> 
I am not sure how STP handles situation when one bridge doesn't support
STP. If it disables one of the ports in such situation the setup will
work. If it does not then rate limiting traffic is the only solution I see.
 
--
			Gleb.