lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Aug 2018 16:58:10 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Ilias Apalodimas <ilias.apalodimas@...aro.org>,
        Petr Machata <petrm@...lanox.com>
Cc:     netdev@...r.kernel.org, jiri@...lanox.com,
        Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...oirfairelinux.com>,
        "David S. Miller" <davem@...emloft.net>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RFT] net: dsa: Allow configuring CPU port VLANs

On 06/25/2018 02:17 AM, Ilias Apalodimas wrote:
> On Mon, Jun 25, 2018 at 12:13:10PM +0300, Petr Machata wrote:
>> Florian Fainelli <f.fainelli@...il.com> writes:
>>
>>>  	if (netif_is_bridge_master(vlan->obj.orig_dev))
>>> -		return -EOPNOTSUPP;
>>> +		info.port = dp->cpu_dp->index;
>>
>> The condition above will trigger also when a VLAN is added on a member
>> port, and there's no other port with that VLAN. In that case the VLAN
>> comes without the BRIDGE_VLAN_INFO_BRENTRY flag. In mlxsw we have this
>> to get the bridge VLANs:
>>
>> 	if (netif_is_bridge_master(orig_dev)) {
>> 		[...]
>> 		if ((vlan->flags & BRIDGE_VLAN_INFO_BRENTRY) &&
>> 		[...]
>>
>> This doesn't appear to be done in DSA unless I'm missing something.
> Petr's right. This will trigger for VLANs added on 'not cpu ports' if the VLAN
> is not already a member. 
> 
> This command has BRIDGE_VLAN_INFO_BRENTRY set:
> bridge vlan add dev br0 vid 100 pvid untagged self 
> I had the same issue on my CPSW RFC and solved it
> exactly the same was as Petr suggested.

Humm, there must be something obvious I am missing, but the following
don't exactly result in what I would expect after adding a check for
vlan->flags & BRIDGE_VLAN_INFO_BRENTRY:

brctl addbr br0
echo 1 > /sys/class/net/br0/bridge/vlan_filtering
brctl addif br0 lan1

#1 results in lan1 being programmed with VID 1, PVID, untagged, but not
the CPU port. I would have sort of expected that the bridge layer would
also push the configuration to br0/CPU port since this is the default VLAN:

bridge vlan show dev br0
port	vlan ids
br0	1 PVID Egress Untagged

But it does not.

bridge vlan add vid 2 dev lan1

#2 same thing, results in only lan1 being programmed with VID 2, tagged
but that is expected because we are creating the VLAN only for the
user-facing port.

bridge vlan add vid 3 dev br0 self

#3 results in the CPU port being programmed with VID 3, tagged, again,
this is expected because we are only programming the bridge master/CPU
port here.

Does #1 also happen for cpsw and mlxsw or do you actually get events
about the bridge's default VLAN configuration? Or does the switch driver
actually need to obtain that at the time the port is enslaved somehow?

Thanks!
-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ