[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#951399: marked as done (buster-pu: package softflowd/0.9.9-5)

Your message dated Sat, 09 May 2020 11:53:52 +0100
with message-id <fd7fa4d56896c35aab49a5a51cb69727dc60e87a.camel@adam-barratt.org.uk>
and subject line Closing requests included in 10.4 point release
has caused the Debian Bug report #951399,
regarding buster-pu: package softflowd/0.9.9-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
951399: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951399
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hello release team,

a nasty bug made it into the Debian 10 ("buster") version of softflowd,
and I'd like to fix that in a stable point release.

Due to a broken flow aggregation, the flow table might overflow,
resulting in forced flow expiration. Which, as I was told, can lead to
constant 100% CPU usage of the softflowd process. Another effect is the
resulting flow files captured by nfcapd(1) (from the nfdump package)
are way bigger then before the upgrade, and nfcapd creating a lot of
noise in the syslog as well.

This was fixed upstream although not quite in an obvious way - thanks
to bisecting this wasn't a big problem anyway. According to tests done
by the reporter the fix ended the massive CPU usage, for the other
effects I can confirm the desired behaviour as seen in the previous
Debian 9 ("stretch") version is restored as well.

For the next stable point release, version 0.9.9-5+deb10u1 was already
uploaded to the applicable queue.

Suggested one-line description: Fix broken netflow aggregation

Regards,

    Christoph

-- System Information:
Debian Release: 10.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.19 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect


diff -Nru softflowd-0.9.9/debian/changelog softflowd-0.9.9/debian/changelog
--- softflowd-0.9.9/debian/changelog	2018-10-26 17:10:09.000000000 +0200
+++ softflowd-0.9.9/debian/changelog	2019-12-05 00:21:02.000000000 +0100
@@ -1,3 +1,10 @@
+softflowd (0.9.9-5+deb10u1) buster; urgency=medium
+
+  * Fix roken flow aggregation which might result in flow table overflow
+    and 100% CPU usage.
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Thu, 05 Dec 2019 00:21:02 +0100
+
 softflowd (0.9.9-5) unstable; urgency=high
 
   * Don't migrate legacy config if it wasn't modified. Closes: #910214
diff -Nru softflowd-0.9.9/debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch softflowd-0.9.9/debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch
--- softflowd-0.9.9/debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch	1970-01-01 01:00:00.000000000 +0100
+++ softflowd-0.9.9/debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch	2019-12-05 00:21:02.000000000 +0100
@@ -0,0 +1,68 @@
+Subject: [ Add option "-a" for reading pcap file and ] fix some bugs
+Origin: softflowd-0.9.9-22-ge6d29a1 <https://github.com/irino/softflowd/commit/e6d29a1>
+Upstream-Author: Hitoshi Irino <irino@sfc.wide.ad.jp>
+Date: Sun May 26 23:00:41 2019 +0900
+Comment: Fixes a regression introduced in buster: The flow aggregation
+ is broken, causing a new flow to generated for virtually each packet.
+ If the daemon sees a lot of traffic, the flow table might overflow,
+ resulting in forced expiration and 100% CPU usage.
+ .
+ Thanks Johanna Jerzembeck for reporting and testing.
+
+    - fix flow_compare for comparing vlan and ether
+    [ - fix missing sequence in netflow v9 ]
+
+
+--- a/softflowd.c
++++ b/softflowd.c
+@@ -55,6 +55,8 @@
+ static int verbose_flag = 0;		/* Debugging flag */
+ static u_int16_t if_index = 0;		/* "manual" interface index */
+ 
++static int track_level;
++
+ /* Signal handler flags */
+ static volatile sig_atomic_t graceful_shutdown_request = 0;	
+ 
+@@ -144,15 +146,21 @@
+ {
+ 	/* Be careful to avoid signed vs unsigned issues here */
+ 	int r;
++	if (track_level == TRACK_FULL_VLAN || track_level == TRACK_FULL_VLAN_ETHER) {
++		if (a->vlanid[0] != b->vlanid[0])
++			return (a->vlanid[0] > b->vlanid[0] ? 1 : -1);
++
++		if (a->vlanid[1] != b->vlanid[1])
++			return (a->vlanid[1] > b->vlanid[1] ? 1 : -1);
++        }
+ 
+-	if (a->vlanid != b->vlanid)
+-		return (a->vlanid > b->vlanid ? 1 : -1);
+-
++	if (track_level == TRACK_FULL_VLAN_ETHER) {
+ 	if ((r = memcmp(&a->ethermac[0], &b->ethermac[0], 6)) != 0)
+ 		return (r > 0 ? 1 : -1);
+ 
+ 	if ((r = memcmp(&a->ethermac[1], &b->ethermac[1], 6)) != 0)
+ 		return (r > 0 ? 1 : -1);
++	}
+ 
+ 	if (a->af != b->af)
+ 		return (a->af > b->af ? 1 : -1);
+@@ -1526,7 +1534,7 @@
+ 
+ 	ft->param.max_flows = DEFAULT_MAX_FLOWS;
+ 
+-	ft->param.track_level = TRACK_FULL;
++	track_level = ft->param.track_level = TRACK_FULL;
+ 
+ 	ft->param.tcp_timeout = DEFAULT_TCP_TIMEOUT;
+ 	ft->param.tcp_rst_timeout = DEFAULT_TCP_RST_TIMEOUT;
+@@ -1882,6 +1890,7 @@
+ 				usage();
+ 				exit(1);
+ 			}
++			track_level = flowtrack.param.track_level;
+ 			break;
+ 		case 'L':
+ 			hoplimit = atoi(optarg);
diff -Nru softflowd-0.9.9/debian/patches/series softflowd-0.9.9/debian/patches/series
--- softflowd-0.9.9/debian/patches/series	2018-09-14 19:40:33.000000000 +0200
+++ softflowd-0.9.9/debian/patches/series	2019-12-05 00:21:02.000000000 +0100
@@ -14,3 +14,4 @@
 cherry-pick.softflowd-0.9.9-13-g49c039a.added-define-default-source-line-to-avoid-warning-in-linux.patch
 cherry-pick.softflowd-0.9.9-14-g8a47e87.adding-current-repository-information-in-readme.patch
 cherry-pick.softflowd-0.9.9-16-gbbd0685.add-check-of-the-length-of-string-for-i-interface-option.patch
+cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.4

Hi,

Each of the uploads referred to by these bugs was included in today's
stable point release.

Regards,

Adam

--- End Message ---
Reply to: