Web lists-archives.com

Re: [Samba] Network Meltdown after Samba 4.9.0 Upgrade




On Sat, 2018-09-15 at 12:52 +1000, Reuben Farrelly via samba wrote:
> Hi,
> 
> Last night I attempted to upgrade from Samba 4.8.5 to 4.9.0, with 
> disastrous results.  Upon starting Samba 4.9.0 my entire network came
> to 
> a screaming halt a few seconds later, and upon shutting Samba down
> it 
> came back to life again.

> Just to be sure this wasn't a coincidence, I then started Samba
> again. 
> Once again all connectivity stopped, but came back as soon as I was
> able 
> to shut down Samba.
> 
> Network switches were all logging that they were shutting down
> physical 
> ports due excessive numbers of broadcast packets being seen, and a 
> Wireshark capture from my PC verified that indeed there really was a 
> broadcast storm happening that was triggering this.
> 
> The capture showed that upon startup Samba 4.9.0 was sending
> thousands 
> and thousands of broadcast packets onto the wire in very quick 
> succession.  Wireshark counted around 6500 broadcasts in about
> 300ms. 
> The packets are all Host Announcement packets sent from the IPv4
> address 
> of the host to the broadcast address of the subnet the Samba is on.
> 
> Upon reverting back to 4.8.5 with no other config changes, everything
> is 
> back to normal again.
> 
> The config is very basic:
> 
> thunderstorm ~ # testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384)
> Processing section "[homes]"
> Processing section "[root]"
> Processing section "[photos]"
> Processing section "[store]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> 
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
>          dns proxy = No
>          domain master = Yes
>          load printers = No
>          log file = /var/log/samba/log.%m
>          map to guest = Bad User
>          max log size = 200
>          pam password change = Yes
>          preferred master = Yes
>          printcap name = /dev/null
>          security = USER
>          server role = standalone server
>          server string = Samba Server %v
>          unix extensions = No
>          unix password sync = Yes
>          username map = /etc/samba/smbusers
>          workgroup = REUB
>          idmap config * : backend = tdb
> 
> There are four very basic shares specified after this.
> 
> There is a Win2k16 server on the network but it is not currently 
> providing any services and is not configured to support domain
> logins 
> (workgroup only).
> 
> I have uploaded the pcap file and the daemon logs to my web server:
> 
> https://www.reub.net/files/samba/Samba-Syslog.log
> https://www.reub.net/files/samba/Samba-4.9.0-NetworkMeltdown.pcap

It certainly is defending it's name very aggressively!  Ouch!

> The system is a Gentoo Linux x86_64 kept very up to date.  The server
> is 
> a VM which has one interface that has 4 IPv4 and IPv6 addresses on
> it, 
> as well as a second vNIC (currently used for backups only with no
> hosts 
> on it right now).
> 
> Can anyone please assist in getting to the bottom of what appears to
> be 
> a nasty bug?  I'm keen to work on getting to the root cause of this.

Can you try reverting 3a383038ee7f74e5a9d2326a761b27950a14eb83?

nmbd does not change much, and this is one of the few changes between
4.8 and 4.9.

I've attached such a revert (it probably won't go to list recipients)
for your testing.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


From 6a324eb8bdf4bb2d661aaf60efb270c55562f62f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@xxxxxxxxx>
Date: Sat, 15 Sep 2018 05:42:11 -0700
Subject: [PATCH] Revert "s3:nmbd: Fix possible integer overflow"

This reverts commit 3a383038ee7f74e5a9d2326a761b27950a14eb83.
---
 source3/nmbd/nmbd_sendannounce.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/source3/nmbd/nmbd_sendannounce.c b/source3/nmbd/nmbd_sendannounce.c
index 44d67e7..1d557c4 100644
--- a/source3/nmbd/nmbd_sendannounce.c
+++ b/source3/nmbd/nmbd_sendannounce.c
@@ -288,10 +288,8 @@ void announce_my_server_names(time_t t)
 			}
 
 			/* Announce every minute at first then progress to every 12 mins */
-			if (t > work->lastannounce_time &&
-			    (t - work->lastannounce_time) < work->announce_interval) {
+			if ((t - work->lastannounce_time) < work->announce_interval)
 				continue;
-			}
 
 			if (work->announce_interval < (CHECK_TIME_MAX_HOST_ANNCE * 60))
 				work->announce_interval += 60;
-- 
2.7.4

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba