Bug#790953: i40e: internal packet reflection breaks bridging
Package: linux-image-4.0.0-2-amd64
Severity: important
Dear Maintainer,
I have run into a bug while using Intel X710 NICs with the i40e driver.
This bug does *not* affect 3.16, but does affect the 4.0 kernel in sid.
The bug means that when in promiscuous mode, packets sent out the NIC
are also reflected back in. When adding a port to a bridge, the port is
put into promisc mode, and the reflected packets wreak havoc with the
FDB.
The problem is easily detectable when running a packet capture: any
packets sent out appear to be duplicated in the capture. When a VM is
part of a bridge its outgoing packets are forwarded out but also
reflected back in. This updates the bridge's FDB which now thinks the
VM's MAC is on the uplink port. The response then arrives but is
dropped because it arrives on the same port the bridge thinks it should
forward it out on (and hairpinning is disabled, and wouldn't help
here anyway).
When running lldpd, the local machine also appears as a remote machine
in its database.
The issue is discussed in https://communities.intel.com/message/305975
A patch working around the issue has gone into 4.1 as commit
fc60861e9b00388fd11d7995a60bf0b1e61dba93.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc60861e9b00388fd11d7995a60bf0b1e61dba93
Hope this helps!
Best regards,
Chris
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.0.0-2.tcl.1-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: