Version in base suite: 0.9.9-5 Base version: softflowd_0.9.9-5 Target version: softflowd_0.9.9-5+deb10u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/softflowd/softflowd_0.9.9-5.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/s/softflowd/softflowd_0.9.9-5+deb10u1.dsc changelog | 7 + patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch | 68 ++++++++++ patches/series | 1 3 files changed, 76 insertions(+) diff -Nru softflowd-0.9.9/debian/changelog softflowd-0.9.9/debian/changelog --- softflowd-0.9.9/debian/changelog 2018-10-26 15:10:09.000000000 +0000 +++ softflowd-0.9.9/debian/changelog 2019-12-04 23:21:02.000000000 +0000 @@ -1,3 +1,10 @@ +softflowd (0.9.9-5+deb10u1) buster; urgency=medium + + * Fix roken flow aggregation which might result in flow table overflow + and 100% CPU usage. + + -- Christoph Biedl Thu, 05 Dec 2019 00:21:02 +0100 + softflowd (0.9.9-5) unstable; urgency=high * Don't migrate legacy config if it wasn't modified. Closes: #910214 diff -Nru softflowd-0.9.9/debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch softflowd-0.9.9/debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch --- softflowd-0.9.9/debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch 1970-01-01 00:00:00.000000000 +0000 +++ softflowd-0.9.9/debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch 2019-12-04 23:21:02.000000000 +0000 @@ -0,0 +1,68 @@ +Subject: [ Add option "-a" for reading pcap file and ] fix some bugs +Origin: softflowd-0.9.9-22-ge6d29a1 +Upstream-Author: Hitoshi Irino +Date: Sun May 26 23:00:41 2019 +0900 +Comment: Fixes a regression introduced in buster: The flow aggregation + is broken, causing a new flow to generated for virtually each packet. + If the daemon sees a lot of traffic, the flow table might overflow, + resulting in forced expiration and 100% CPU usage. + . + Thanks Johanna Jerzembeck for reporting and testing. + + - fix flow_compare for comparing vlan and ether + [ - fix missing sequence in netflow v9 ] + + +--- a/softflowd.c ++++ b/softflowd.c +@@ -55,6 +55,8 @@ + static int verbose_flag = 0; /* Debugging flag */ + static u_int16_t if_index = 0; /* "manual" interface index */ + ++static int track_level; ++ + /* Signal handler flags */ + static volatile sig_atomic_t graceful_shutdown_request = 0; + +@@ -144,15 +146,21 @@ + { + /* Be careful to avoid signed vs unsigned issues here */ + int r; ++ if (track_level == TRACK_FULL_VLAN || track_level == TRACK_FULL_VLAN_ETHER) { ++ if (a->vlanid[0] != b->vlanid[0]) ++ return (a->vlanid[0] > b->vlanid[0] ? 1 : -1); ++ ++ if (a->vlanid[1] != b->vlanid[1]) ++ return (a->vlanid[1] > b->vlanid[1] ? 1 : -1); ++ } + +- if (a->vlanid != b->vlanid) +- return (a->vlanid > b->vlanid ? 1 : -1); +- ++ if (track_level == TRACK_FULL_VLAN_ETHER) { + if ((r = memcmp(&a->ethermac[0], &b->ethermac[0], 6)) != 0) + return (r > 0 ? 1 : -1); + + if ((r = memcmp(&a->ethermac[1], &b->ethermac[1], 6)) != 0) + return (r > 0 ? 1 : -1); ++ } + + if (a->af != b->af) + return (a->af > b->af ? 1 : -1); +@@ -1526,7 +1534,7 @@ + + ft->param.max_flows = DEFAULT_MAX_FLOWS; + +- ft->param.track_level = TRACK_FULL; ++ track_level = ft->param.track_level = TRACK_FULL; + + ft->param.tcp_timeout = DEFAULT_TCP_TIMEOUT; + ft->param.tcp_rst_timeout = DEFAULT_TCP_RST_TIMEOUT; +@@ -1882,6 +1890,7 @@ + usage(); + exit(1); + } ++ track_level = flowtrack.param.track_level; + break; + case 'L': + hoplimit = atoi(optarg); diff -Nru softflowd-0.9.9/debian/patches/series softflowd-0.9.9/debian/patches/series --- softflowd-0.9.9/debian/patches/series 2018-09-14 17:40:33.000000000 +0000 +++ softflowd-0.9.9/debian/patches/series 2019-12-04 23:21:02.000000000 +0000 @@ -14,3 +14,4 @@ cherry-pick.softflowd-0.9.9-13-g49c039a.added-define-default-source-line-to-avoid-warning-in-linux.patch cherry-pick.softflowd-0.9.9-14-g8a47e87.adding-current-repository-information-in-readme.patch cherry-pick.softflowd-0.9.9-16-gbbd0685.add-check-of-the-length-of-string-for-i-interface-option.patch +cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch