From nobody Fri Apr 21 10:17:54 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q2r7k4KjTz46ChM; Fri, 21 Apr 2023 10:17:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q2r7k36Ctz3QNj; Fri, 21 Apr 2023 10:17:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1682072274; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QKUDyboT6Ok35JIXVvo/cbcSzW/IUU10sU9zIrbTnco=; b=FEPmtEPQIAjdeHOu/u9t2/kXVJ/AoaamgssML1WZu/VkP0yy9TbHSZ9tjCEmksjIlKuczn UBkLDVOu6py/orUpEEVJOC3CTb21fZkABMByuZ7j1J5+suG5xyDC/LuLG6R8ZEmM46CwgV NUV72yErimsoCvQYgazVpGxpqmWlpSZHFzu8xHSE8Ujcpp3pS9YaO69qCfDtivhT5KxXRg SBTWQZ9sbp5G3pDmpnPdWjCEMm0ATAm9bRalwmF8/YjKuQ7cqoWDQ8nckUbrl7YJPP+M4g lZUvN2MrcjZnUqa5GdRkj0xOSN7KIzJg7zupqMP+c2Lmhzl8H5BSmgaqDatG1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1682072274; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QKUDyboT6Ok35JIXVvo/cbcSzW/IUU10sU9zIrbTnco=; b=mWT9zEssqFGYb+fvEWkbkOGOAY4TaB662JQP1M03e64dmWHgXlTRF37BsbYoTvNuxt58L/ a6OqtYFykVqq+V6lbB11MRNqApVwDZijahIwK5P60A9xeFAVm2JK+4YRjt+BWQKFfbZV/a ZoPNCx6u2JoBn5jCL6fj3jAdaeozTSe6ZHfVTNXVqFhALebwp8tltJyEhSNwxUWRBETFGp oWzxE1alDs6dC1NVd/cw2liVmVsot6kmEkhLYz34KvIT1AvmA/Swjj5WAHCyJytb9bJRRk cPnmro5FmsTibdgRAM36LuDFjpbg8A3p5f7qU9Ng+u8hHvSNF9BisGJmhtgIvw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1682072274; a=rsa-sha256; cv=none; b=qo9yc7QPS8s7cMaDfg+2vXdTc0DMroR+WSixVt4f/XtWV06DstLj17WtKsYIypdzJht7we 95P60Q/dVz4q2QDbb9THdhQdMlYz5tUXei84Fm3SgTJWhdFe1D+zaPzi4OO/IkSPTvA49F IgfCEWktoPM9yrgDMyi+XtsfDyH1BQYduiU8w09+O/GOzruiKn1Uh8tj6WEvVOzc8l65/J sA6DxN+ZKRyZB+s0UbPAeoUagu9Ix1UTikbcpfppNEMYQz62TzzFSjUpFBoeZhdhj7zDiS UgXnG50lFw/9FGSJpC+/mGc5pHxlVmnpXLsKRe47Xwe57FVo6HdmHD3brzgEzg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q2r7k2Bv4zGgs; Fri, 21 Apr 2023 10:17:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33LAHsZp024953; Fri, 21 Apr 2023 10:17:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33LAHsp6024952; Fri, 21 Apr 2023 10:17:54 GMT (envelope-from git) Date: Fri, 21 Apr 2023 10:17:54 GMT Message-Id: <202304211017.33LAHsp6024952@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Zhenlei Huang Subject: git: 303d9a593bdd - stable/12 - bridge: Log MAC address port flapping List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 303d9a593bddb7e0d83c490052041b4c665f4b45 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=303d9a593bddb7e0d83c490052041b4c665f4b45 commit 303d9a593bddb7e0d83c490052041b4c665f4b45 Author: Zhenlei Huang AuthorDate: 2023-04-07 14:25:41 +0000 Commit: Zhenlei Huang CommitDate: 2023-04-21 10:16:10 +0000 bridge: Log MAC address port flapping MAC flapping occurs when a bridge receives packets with the same source MAC address on different member interfaces. The common reasons are: - user roams from one bridge port to another - user has wrong network setup, bridge loops e.g. - someone set duplicated ethernet address on his/her nic - some bad guy / virus / trojan send spoofed packets if_bridge currently updates the bridge routing entry silently hence it is hard to diagnose. Emit logs when MAC address port flapping occurs to make it easier to diagnose. Reviewed by: kp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D39375 Differential Revision: https://reviews.freebsd.org/D39542 (cherry picked from commit 2d3614fb132b1cb8efd1e0accdd0c98ce6893efa) (cherry picked from commit 9af6f4268ac3cc8203f34c746d955b4405279099) (cherry picked from commit de53ebb0f20e9735a6167230eb38fd4695aa9c51) --- sys/net/if_bridge.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index 67ab983cd4a7..28e8e8856b8e 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -469,6 +469,21 @@ SYSCTL_INT(_net_link_bridge, OID_AUTO, allow_llz_overlap, "Allow overlap of link-local scope " "zones of a bridge interface and the member interfaces"); +/* log MAC address port flapping */ +VNET_DEFINE_STATIC(bool, log_mac_flap) = true; +#define V_log_mac_flap VNET(log_mac_flap) +SYSCTL_BOOL(_net_link_bridge, OID_AUTO, log_mac_flap, + CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(log_mac_flap), true, + "Log MAC address port flapping"); + +VNET_DEFINE_STATIC(int, log_interval) = 5; +VNET_DEFINE_STATIC(int, log_count) = 0; +VNET_DEFINE_STATIC(struct timeval, log_last) = { 0 }; + +#define V_log_interval VNET(log_interval) +#define V_log_count VNET(log_count) +#define V_log_last VNET(log_last) + struct bridge_control { int (*bc_func)(struct bridge_softc *, void *); int bc_argsize; @@ -2806,6 +2821,7 @@ bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan, struct bridge_iflist *bif, int setflags, uint8_t flags) { struct bridge_rtnode *brt; + struct bridge_iflist *obif; int error; BRIDGE_LOCK_OR_NET_EPOCH_ASSERT(sc); @@ -2829,7 +2845,7 @@ bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan, /* Check again, now that we have the lock. There could have * been a race and we only want to insert this once. */ - if ((brt = bridge_rtnode_lookup(sc, dst, vlan)) != NULL) { + if (bridge_rtnode_lookup(sc, dst, vlan) != NULL) { BRIDGE_RT_UNLOCK(sc); return (0); } @@ -2878,12 +2894,23 @@ bridge_rtupdate(struct bridge_softc *sc, const uint8_t *dst, uint16_t vlan, } if ((brt->brt_flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC && - brt->brt_dst != bif) { + (obif = brt->brt_dst) != bif) { BRIDGE_RT_LOCK(sc); brt->brt_dst->bif_addrcnt--; brt->brt_dst = bif; brt->brt_dst->bif_addrcnt++; BRIDGE_RT_UNLOCK(sc); + + if (V_log_mac_flap && + ppsratecheck(&V_log_last, &V_log_count, V_log_interval)) { + log(LOG_NOTICE, + "%s: mac address %6D vlan %d moved from %s to %s\n", + sc->sc_ifp->if_xname, + &brt->brt_addr[0], ":", + brt->brt_vlan, + obif->bif_ifp->if_xname, + bif->bif_ifp->if_xname); + } } if ((flags & IFBAF_TYPEMASK) == IFBAF_DYNAMIC)