Bug 184149 - [vimage] IPv6 link-local collisions on epair[n]b devices
Summary: [vimage] IPv6 link-local collisions on epair[n]b devices
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: Hiroki Sato
URL: https://reviews.freebsd.org/D15329
Keywords:
: 176671 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-11-21 17:40 UTC by Shawn Webb
Modified: 2018-07-23 05:52 UTC (History)
6 users (show)

See Also:

Attachments
file.diff (1.05 KB, patch)
2013-11-21 17:40 UTC, Shawn Webb 		no flags Details | Diff
Another possible fix (1.75 KB, patch)
2018-05-06 20:56 UTC, Luca Pizzamiglio 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Shawn Webb 2013-11-21 17:40:01 UTC 
Certain epair[n]b devices can get collisions with other epair[n]b devices due to the MAC address not being random enough. I have a box with a number of vnet jails. Devices epair9b and epair13b shared the same IPv6 link-local address due to how the link-local address was automatically generated from the MAC address. Patch for review included.

How-To-Repeat: ifconfig bridge0 create
ifconfig epair9a create
ifconfig bridge0 addm epair9a
ifconfig epair13a create
ifconfig bridge0 addm epair13a
ifconfg epair9a up
ifconfig epair13a up
ifconfig epair9b up
ifconfig epair13b up
Comment 1 fullermd 2015-02-13 04:15:36 UTC 
This just bit me, when I found a jail mysteriously disappearing off net when another one appeared that happened to collide   :(
Comment 2 Hiroki Sato freebsd_committer freebsd_triage 2015-02-16 06:30:05 UTC 
Before randomizing organization part of the MAC address I would like to know what addresses were actually assigned.  Are epairs created in the host environment only or created/moved across multiple jails?  

A command line example in the original report looks that it happens even if all of epairs and a bridge are created in the host environment or the same vnet jail.  Is it a correct understanding?  If it is true, I do not understand which addresses actually conflict with each other and why it happened.

It is possible that two identical MAC addresses are assigned to two epairNb in different vnet jails because MAC address uses ifindex and it is jail-local.  I am working on a patch to fix it.
Comment 3 Luca Pizzamiglio freebsd_committer freebsd_triage 2018-05-06 20:56:48 UTC 
Created attachment 193114 [details]
Another possible fix

This patch fix the issue, reusing the epair a if_index also for epair b.

Moreover, I've added hostid bits in the MAC to avoid that multiple servers that shares the same configuration (failover), will have the same epair MAC address (see  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176671)
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-05-23 13:11:13 UTC 
A commit references this bug:

Author: pizzamig
Date: Wed May 23 13:10:58 UTC 2018
New revision: 334094
URL: https://svnweb.freebsd.org/changeset/base/334094

Log:
  Improve MAC address uniqueness on if_epair(4).

  As reported in PR184149, it can happen that epair devices can have the same
  MAC address.
  This solution is based on a 32-bit hash, obtained combining the if_index of
  the a interface and the hostid.
  If the hostid is zero, a random number is used.

  PR:		184149
  Reviewed by:	wollman, eugen
  Approved by:	cognet
  Differential Revision:	https://reviews.freebsd.org/D15329

Changes:
  head/sys/net/if_epair.c
Comment 5 Luca Pizzamiglio freebsd_committer freebsd_triage 2018-05-23 13:23:07 UTC 
*** Bug 176671 has been marked as a duplicate of this bug. ***