[lxc-devel] [PATCH] Set high byte of mac addresses for host veth devices to 0xfe

Tue Jan 3 14:40:41 UTC 2012

Hi - thanks for the update.  Assuming the only thing you changed was
catching the errno (there's no changelog but I assume so and don't
want to take another close look),

Acked-by: Serge Hallyn <serge.hallyn at canonical.com>

Let's apply and finally close this mysterious and aggravating (for some)
chapter!  :)

thanks,
-serge

Quoting Christian Seiler (christian at iwakd.de):
> Hi again,
> 
> > Sorry I didn't reply earlier.
> > 
> >> Thanks, sorry for the trouble.  Looks good, with one exception - if 
> >> ioctl failed, then you may end up returning the wrong errno (from the 
> >> close syscall).  With that fixed, please do apply.
> > 
> > Oh, yes, nice catch. I've attached a fixed patch.
> 
> I shouldn't be fixing patches so late at night, I only caught the first
> instance of this. Now I've attached a version which really fixes the
> problem. (Hopefully.)
> 
> Sorry about the confusion.
> 
> Christian

> From 83f4ee619ed322be2845fd8ae988730cae2f36b5 Mon Sep 17 00:00:00 2001
> From: Christian Seiler <christian at iwakd.de>
> Date: Tue, 15 Nov 2011 18:53:53 +0100
> Subject: [PATCH] Set high byte of mac addresses for host veth devices to 0xfe
> 
> When used in conjunction with a bridge, veth devices with random addresses
> may change the mac address of the bridge itself if the mac address of the
> interface newly added is numerically lower than the previous mac address
> of the bridge. This is documented kernel behavior. To avoid changing the
> host's mac address back and forth when starting and/or stopping containers,
> this patch ensures that the high byte of the mac address of the veth
> interface visible from the host side is set to 0xfe.
> 
> A similar logic has previously also been implemented by the libvirt
> developers for libvirt.
> 
> Fixes SF bug #3411497
> See also: <http://thread.gmane.org/gmane.linux.kernel.containers.lxc.general/2709>
> ---
>  src/lxc/conf.c |   43 +++++++++++++++++++++++++++++++++++++++++++
>  1 files changed, 43 insertions(+), 0 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 613e476..517edec 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1402,6 +1402,39 @@ static int setup_network(struct lxc_list *network)
>  	return 0;
>  }
>  
> +static int setup_private_host_hw_addr(char *veth1)
> +{
> +	struct ifreq ifr;
> +	int err;
> +	int saved_errno;
> +	int sockfd;
> +	
> +	sockfd = socket(AF_INET, SOCK_DGRAM, 0);
> +	if (sockfd < 0)
> +		return -errno;
> +	
> +	snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
> +	err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
> +	if (err < 0) {
> +		saved_errno = errno;
> +		close(sockfd);
> +		return -saved_errno;
> +	}
> +	
> +	ifr.ifr_hwaddr.sa_data[0] = 0xfe;
> +	err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
> +	saved_errno = errno;
> +	close(sockfd);
> +	if (err < 0)
> +		return -saved_errno;
> +	
> +	DEBUG("mac address of host interface '%s' changed to private %02x:%02x:%02x:%02x:%02x:%02x",
> +	      veth1, ifr.ifr_hwaddr.sa_data[0] & 0xff, ifr.ifr_hwaddr.sa_data[1] & 0xff, ifr.ifr_hwaddr.sa_data[2] & 0xff,
> +	      ifr.ifr_hwaddr.sa_data[3] & 0xff, ifr.ifr_hwaddr.sa_data[4] & 0xff, ifr.ifr_hwaddr.sa_data[5] & 0xff);
> +	
> +	return 0;
> +}
> +
>  struct lxc_conf *lxc_conf_init(void)
>  {
>  	struct lxc_conf *new;
> @@ -1455,6 +1488,16 @@ static int instanciate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
>  		      strerror(-err));
>  		return -1;
>  	}
> +	
> +	/* changing the high byte of the mac address to 0xfe, the bridge interface
> +	 * will always keep the host's mac address and not take the mac address
> +	 * of a container */
> +	err = setup_private_host_hw_addr(veth1);
> +	if (err) {
> +		ERROR("failed to change mac address of host interface '%s' : %s",
> +			veth1, strerror(-err));
> +		goto out_delete;
> +	}
>  
>  	if (netdev->mtu) {
>  		err = lxc_netdev_set_mtu(veth1, atoi(netdev->mtu));
> -- 
> 1.7.2.5
> 