[PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address

[PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address

[Ian Campbell]

# HG changeset patch
# User Ian Campbell <ian.campbell@citrix.com>
# Date 1291741813 0
# Node ID ca87e5178d11a91092a5c0f8e192e6dcc41d9d45
# Parent  5e4a8db26d5addf1cb73d6d2310101e67d96c7ba
tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address.

If a tap device is not given an explicit MAC address it will generate
one randomly.

The behaviour of the Linux bridge is to pickup the lowest MAC address
of any port for use in for ARP, STP etc. If the tap device's randomly
generated MAC address happens to be the lowest then this can cause all
manner of strange networking glitches in both domain 0 and guests when
the bridge suddenly takes over from the previously used MAC address.

We choose FE:FF:FF:FF:FF:FF as it the numerically largest
non-broadcast address. This ensures that the physical NIC device's
port will have the lowest MAC address and therefore be the one picked
up by the bridge.

vif devices already have a MAC address of FE:FF:FF:FF:FF:FF set by
netback already but there is no harm in forcing it a second time in
the hotplug script.

tap devices are added by the "add" event and therefore we should call
setup_bridge_port then as well as for "online" which is caused by vif
devices.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>

diff -r 5e4a8db26d5a -r ca87e5178d11 tools/hotplug/Linux/vif-bridge
--- a/tools/hotplug/Linux/vif-bridge	Mon Dec 06 15:23:49 2010 +0000
+++ b/tools/hotplug/Linux/vif-bridge	Tue Dec 07 17:10:13 2010 +0000
@@ -91,6 +91,7 @@ case "$command" in
         ;;
 
     add)
+        setup_bridge_port "$dev"
         add_to_bridge "$bridge" "$dev"
         ;;
 esac
diff -r 5e4a8db26d5a -r ca87e5178d11 tools/hotplug/Linux/xen-network-common.sh
--- a/tools/hotplug/Linux/xen-network-common.sh	Mon Dec 06 15:23:49 2010 +0000
+++ b/tools/hotplug/Linux/xen-network-common.sh	Tue Dec 07 17:10:13 2010 +0000
@@ -86,6 +86,12 @@ setup_bridge_port() {
     # take interface down ...
     ip link set ${dev} down
 
+    # Initialise a dummy MAC address. We choose the numerically
+    # largest non-broadcast address to prevent the address getting
+    # stolen by an Ethernet bridge for STP purposes.
+    # (FE:FF:FF:FF:FF:FF)
+    ip link set ${dev} address fe:ff:ff:ff:ff:ff
+
     # ... and configure it
     ip addr flush ${dev}
 }

Re: [PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address

[Ian Jackson]

Ian Campbell writes ("[Xen-devel] [PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address"):
> tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address.

Thanks, I have applied this.

Keir, I think this one is a backport candidate for 4.0 assuming the
tests pass.

Ian.

Re: [PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address

[Keir Fraser]

On 10/12/2010 18:44, "Ian Jackson" <Ian.Jackson@eu.citrix.com> wrote:

> Ian Campbell writes ("[Xen-devel] [PATCH] tools/hotplug/Linux: Ensure tap
> devices receive a dummy MAC address"):
>> tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address.
> 
> Thanks, I have applied this.
> 
> Keir, I think this one is a backport candidate for 4.0 assuming the
> tests pass.

The -unstable patch does not apply to 4.0-testing. It will need to be
manually backported and then submitted to xen-devel for inclusion.

 -- Keir

> Ian.

Re: [PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address

[Ian Campbell]

On Wed, 2010-12-15 at 10:26 +0000, Keir Fraser wrote:
> On 10/12/2010 18:44, "Ian Jackson" <Ian.Jackson@eu.citrix.com> wrote:
> 
> > Ian Campbell writes ("[Xen-devel] [PATCH] tools/hotplug/Linux: Ensure tap
> > devices receive a dummy MAC address"):
> >> tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address.
> > 
> > Thanks, I have applied this.
> > 
> > Keir, I think this one is a backport candidate for 4.0 assuming the
> > tests pass.
> 
> The -unstable patch does not apply to 4.0-testing. It will need to be
> manually backported and then submitted to xen-devel for inclusion.

xen-4.0-testing doesn't have the patches which cause us to use the
hotplug scripts for tap devices, so this patch is not directly
applicable.

I think the equivalent fix for that branch would be in
qemu-xen-4.0-testing.git instead:

8<-----------------------------------------

Ensure tap devices receive a dummy MAC address.

If a tap device is not given an explicit MAC address it will generate
one randomly.

The behaviour of the Linux bridge is to pickup the lowest MAC address
of any port for use in for ARP, STP etc. If the tap device's randomly
generated MAC address happens to be the lowest then this can cause all
manner of strange networking glitches in both domain 0 and guests when
the bridge suddenly takes over from the previously used MAC address.

We choose FE:FF:FF:FF:FF:FF as it the numerically largest
non-broadcast address. This ensures that the physical NIC device's
port will have the lowest MAC address and therefore be the one picked
up by the bridge.

vif devices already have a MAC address of FE:FF:FF:FF:FF:FF set by
netback already but there is no harm in forcing it a second time in
the hotplug script.

tap devices are added by the "add" event and therefore we should call
setup_bridge_port then as well as for "online" which is caused by vif
devices.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
diff --git a/i386-dm/qemu-ifup-Linux b/i386-dm/qemu-ifup-Linux
index bcbee92..99ddae7 100644
--- a/i386-dm/qemu-ifup-Linux
+++ b/i386-dm/qemu-ifup-Linux
@@ -33,5 +33,6 @@ then
    fi
 fi
 
+ifconfig $1 hw ether fe:ff:ff:ff:ff:ff
 ifconfig $1 0.0.0.0 up
 brctl addif $bridge $1 || true

Re: [PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address

[John Weekes]

Ian,

This appears to have the side effect on dom0 of also causing both eth0 
and peth0 to have MAC fe:ff:ff:ff:ff:ff. I had to revert it to make 
networking work properly again for me.

-John

> # HG changeset patch
> # User Ian Campbell<ian.campbell@citrix.com>
> # Date 1291741813 0
> # Node ID ca87e5178d11a91092a5c0f8e192e6dcc41d9d45
> # Parent  5e4a8db26d5addf1cb73d6d2310101e67d96c7ba
> tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address.
>
> If a tap device is not given an explicit MAC address it will generate
> one randomly.
>
> The behaviour of the Linux bridge is to pickup the lowest MAC address
> of any port for use in for ARP, STP etc. If the tap device's randomly
> generated MAC address happens to be the lowest then this can cause all
> manner of strange networking glitches in both domain 0 and guests when
> the bridge suddenly takes over from the previously used MAC address.
>
> We choose FE:FF:FF:FF:FF:FF as it the numerically largest
> non-broadcast address. This ensures that the physical NIC device's
> port will have the lowest MAC address and therefore be the one picked
> up by the bridge.
>
> vif devices already have a MAC address of FE:FF:FF:FF:FF:FF set by
> netback already but there is no harm in forcing it a second time in
> the hotplug script.
>
> tap devices are added by the "add" event and therefore we should call
> setup_bridge_port then as well as for "online" which is caused by vif
> devices.
>
> Signed-off-by: Ian Campbell<ian.campbell@citrix.com>
>
> diff -r 5e4a8db26d5a -r ca87e5178d11 tools/hotplug/Linux/vif-bridge
> --- a/tools/hotplug/Linux/vif-bridge	Mon Dec 06 15:23:49 2010 +0000
> +++ b/tools/hotplug/Linux/vif-bridge	Tue Dec 07 17:10:13 2010 +0000
> @@ -91,6 +91,7 @@ case "$command" in
>           ;;
>
>       add)
> +        setup_bridge_port "$dev"
>           add_to_bridge "$bridge" "$dev"
>           ;;
>   esac
> diff -r 5e4a8db26d5a -r ca87e5178d11 tools/hotplug/Linux/xen-network-common.sh
> --- a/tools/hotplug/Linux/xen-network-common.sh	Mon Dec 06 15:23:49 2010 +0000
> +++ b/tools/hotplug/Linux/xen-network-common.sh	Tue Dec 07 17:10:13 2010 +0000
> @@ -86,6 +86,12 @@ setup_bridge_port() {
>       # take interface down ...
>       ip link set ${dev} down
>
> +    # Initialise a dummy MAC address. We choose the numerically
> +    # largest non-broadcast address to prevent the address getting
> +    # stolen by an Ethernet bridge for STP purposes.
> +    # (FE:FF:FF:FF:FF:FF)
> +    ip link set ${dev} address fe:ff:ff:ff:ff:ff
> +
>       # ... and configure it
>       ip addr flush ${dev}
>   }
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

Re: [PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address

[Ian Campbell]

On Sat, 2010-12-25 at 00:17 +0000, John Weekes wrote:
> Ian,
> 
> This appears to have the side effect on dom0 of also causing both eth0 
> and peth0 to have MAC fe:ff:ff:ff:ff:ff. I had to revert it to make 
> networking work properly again for me.

That's unexpected, to say the least! I'll take a look. Thanks for
reporting.

Are you using xend or xl?

Do you rely on the network-bridge script to setup your host networking
(the xend way) or are you using the distro network configuration (the xl
way).

Ian.

Re: [PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address

[Ian Campbell]

On Tue, 2011-01-04 at 09:35 +0000, Ian Campbell wrote:
> On Sat, 2010-12-25 at 00:17 +0000, John Weekes wrote:
> > Ian,
> > 
> > This appears to have the side effect on dom0 of also causing both eth0 
> > and peth0 to have MAC fe:ff:ff:ff:ff:ff. I had to revert it to make 
> > networking work properly again for me.
> 
> That's unexpected, to say the least! I'll take a look. Thanks for
> reporting.
> 
> Are you using xend or xl?
> 
> Do you rely on the network-bridge script to setup your host networking
> (the xend way) or are you using the distro network configuration (the xl
> way).

Nevermind, I reproduced with xend+network-bridge. This fixes it for me:

(BTW these days we would recommend that instead of relying on xend to
configure your bridges that you use the distro network configuration
facilities instead)

8<-----------------------------------------

# HG changeset patch
# User Ian Campbell <ian.campbell@citrix.com>
# Date 1294136795 0
# Node ID d6a80e856d5bdb44d884adead46d1ed1556c1fe6
# Parent  8418dfcad441483000cc3965edf3ff090c9b3583
tools/hotplug/Linux: only apply dummy MAC address to virtual devices.

Avoid applying to the bridge and physical network device.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>

diff -r 8418dfcad441 -r d6a80e856d5b tools/hotplug/Linux/network-bridge
--- a/tools/hotplug/Linux/network-bridge	Tue Jan 04 09:52:53 2011 +0000
+++ b/tools/hotplug/Linux/network-bridge	Tue Jan 04 10:26:35 2011 +0000
@@ -244,7 +244,7 @@ op_start () {
     ip link set ${netdev} name ${pdev}
     ip link set ${tdev} name ${bridge}
 
-    setup_bridge_port ${pdev}
+    setup_physical_bridge_port ${pdev}
 
     # Restore slaves
     if [ -n "${slaves}" ]; then
diff -r 8418dfcad441 -r d6a80e856d5b tools/hotplug/Linux/vif-bridge
--- a/tools/hotplug/Linux/vif-bridge	Tue Jan 04 09:52:53 2011 +0000
+++ b/tools/hotplug/Linux/vif-bridge	Tue Jan 04 10:26:35 2011 +0000
@@ -81,7 +81,7 @@ fi
 
 case "$command" in
     online)
-        setup_bridge_port "$dev"
+        setup_virtual_bridge_port "$dev"
         add_to_bridge "$bridge" "$dev"
         ;;
 
@@ -91,7 +91,7 @@ case "$command" in
         ;;
 
     add)
-        setup_bridge_port "$dev"
+        setup_virtual_bridge_port "$dev"
         add_to_bridge "$bridge" "$dev"
         ;;
 esac
diff -r 8418dfcad441 -r d6a80e856d5b tools/hotplug/Linux/vif2
--- a/tools/hotplug/Linux/vif2	Tue Jan 04 09:52:53 2011 +0000
+++ b/tools/hotplug/Linux/vif2	Tue Jan 04 10:26:35 2011 +0000
@@ -23,7 +23,7 @@ case "$command" in
     "online")
 	if [ "$bridge" != "-" ]
 	    then
-	    setup_bridge_port "$vif"
+	    setup_virtual_bridge_port "$vif"
 	    add_to_bridge "$bridge" "$vif"
 	else
 	    # Just let the normal udev rules for interfaces handle it.
diff -r 8418dfcad441 -r d6a80e856d5b tools/hotplug/Linux/xen-network-common.sh
--- a/tools/hotplug/Linux/xen-network-common.sh	Tue Jan 04 09:52:53 2011 +0000
+++ b/tools/hotplug/Linux/xen-network-common.sh	Tue Jan 04 10:26:35 2011 +0000
@@ -80,20 +80,30 @@ find_dhcpd_arg_file()
 }
 
 # configure interfaces which act as pure bridge ports:
-setup_bridge_port() {
+_setup_bridge_port() {
     local dev="$1"
+    local virtual="$2"
 
     # take interface down ...
     ip link set ${dev} down
 
-    # Initialise a dummy MAC address. We choose the numerically
-    # largest non-broadcast address to prevent the address getting
-    # stolen by an Ethernet bridge for STP purposes.
-    # (FE:FF:FF:FF:FF:FF)
-    ip link set ${dev} address fe:ff:ff:ff:ff:ff || true
+    if [ $virtual -ne 0 ] ; then
+        # Initialise a dummy MAC address. We choose the numerically
+        # largest non-broadcast address to prevent the address getting
+        # stolen by an Ethernet bridge for STP purposes.
+        # (FE:FF:FF:FF:FF:FF)
+        ip link set ${dev} address fe:ff:ff:ff:ff:ff || true
+    fi
 
     # ... and configure it
     ip addr flush ${dev}
+}
+
+setup_physical_bridge_port() {
+    _setup_bridge_port $1 0
+}
+setup_virtual_bridge_port() {
+    _setup_bridge_port $1 1
 }
 
 # Usage: create_bridge bridge

Re: [PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address

[Ian Jackson]

Ian Campbell writes ("Re: [Xen-devel] [PATCH] tools/hotplug/Linux: Ensure tap devices receive a dummy MAC address"):
> Nevermind, I reproduced with xend+network-bridge. This fixes it for me:

Thanks, applied.

> (BTW these days we would recommend that instead of relying on xend to
> configure your bridges that you use the distro network configuration
> facilities instead)

Quite so.

And thanks to John for the report.

Ian.