Web lists-archives.com

[Samba] Network Meltdown after Samba 4.9.0 Upgrade




Hi,

Last night I attempted to upgrade from Samba 4.8.5 to 4.9.0, with disastrous results. Upon starting Samba 4.9.0 my entire network came to a screaming halt a few seconds later, and upon shutting Samba down it came back to life again.

Just to be sure this wasn't a coincidence, I then started Samba again. Once again all connectivity stopped, but came back as soon as I was able to shut down Samba.

Network switches were all logging that they were shutting down physical ports due excessive numbers of broadcast packets being seen, and a Wireshark capture from my PC verified that indeed there really was a broadcast storm happening that was triggering this.

The capture showed that upon startup Samba 4.9.0 was sending thousands and thousands of broadcast packets onto the wire in very quick succession. Wireshark counted around 6500 broadcasts in about 300ms. The packets are all Host Announcement packets sent from the IPv4 address of the host to the broadcast address of the subnet the Samba is on.

Upon reverting back to 4.8.5 with no other config changes, everything is back to normal again.

The config is very basic:

thunderstorm ~ # testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[root]"
Processing section "[photos]"
Processing section "[store]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
        dns proxy = No
        domain master = Yes
        load printers = No
        log file = /var/log/samba/log.%m
        map to guest = Bad User
        max log size = 200
        pam password change = Yes
        preferred master = Yes
        printcap name = /dev/null
        security = USER
        server role = standalone server
        server string = Samba Server %v
        unix extensions = No
        unix password sync = Yes
        username map = /etc/samba/smbusers
        workgroup = REUB
        idmap config * : backend = tdb

There are four very basic shares specified after this.

There is a Win2k16 server on the network but it is not currently providing any services and is not configured to support domain logins (workgroup only).

I have uploaded the pcap file and the daemon logs to my web server:

https://www.reub.net/files/samba/Samba-Syslog.log
https://www.reub.net/files/samba/Samba-4.9.0-NetworkMeltdown.pcap

The system is a Gentoo Linux x86_64 kept very up to date. The server is a VM which has one interface that has 4 IPv4 and IPv6 addresses on it, as well as a second vNIC (currently used for backups only with no hosts on it right now).

Can anyone please assist in getting to the bottom of what appears to be a nasty bug? I'm keen to work on getting to the root cause of this.

Thanks,
Reuben

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba