| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Oct 2013 14:04:35 +0200 From: Felix Fietkau <nbd@...nwrt.org> To: Jamal Hadi Salim <jhs@...atatu.com>, Florian Fainelli <f.fainelli@...il.com>, Neil Horman <nhorman@...driver.com> CC: John Fastabend <john.r.fastabend@...el.com>, netdev <netdev@...r.kernel.org>, David Miller <davem@...emloft.net>, Sascha Hauer <s.hauer@...gutronix.de>, John Crispin <blogic@...nwrt.org>, Jonas Gorski <jogo@...nwrt.org>, Gary Thomas <gary@...assoc.com>, Vlad Yasevich <vyasevic@...hat.com>, Stephen Hemminger <stephen@...workplumber.org> Subject: Re: [PATCH 1/4 net-next] net: phy: add Generic Netlink Ethernet switch configuration API On 2013-10-23 1:47 PM, Jamal Hadi Salim wrote: > Florian, > > I think it would be fantastic if you adopt the FDB API. The comment > to use rtnetlink configure is valid. You can configure hardware > switches as John has shown. I realize you guys have invested > tons of time and this stuff has been tested by tons of people and this > is a painful exercise to go through, but: > having more than one approach for configuring/controlling kernel > switch interfaces is not ideal. If you use the rtnetlink API then one > can configure both the Linux bridge, embedded intel switches, etc with > iproute2. i.e the switch becomes a bridge. I see a lot of commonolity > between your model based on what you described and the current bridge. > Pull the latest iproute2 code and look at "bridge" command. > > Essentially, the current bridged could be described as an entity > that does L2 switching: > a) it has bridge ports which are any netdevs on Linux > b) it has an FDB which constitutes a MAC address as the lookup and > optionally a VLAN. You can control learning and flooding. > c) it has vlan filtering capabilities which you can turn on/off. The > vlan capability to sellect PVIDs is also built in. > d) It has multicast snooping > > I think your model needs #a and #b, you can ignore the rest. > I am not quiet sure how vlan port membership will apply; an fdb for > each entry will have a vlan. You could also create one bridge per vlan > (not the best approach) - ccing Vlad and Stephen. I still don't understand how this is supposed to work with the kind of switches that we're supporting with swconfig. A typical switch has something like 5-8 ports (+ one port that goes to the CPU), and handles the entire forwarding path on its own. It usually allows creating VLANs and assigning ports to them (tagged, untagged), but many (probably most) switches do not support controlling the forwarding path via a MAC address based FDB. Many also do not have support for a packet header to indicate the incoming/outgoing switch port, so creating one netdev per port will work only for link status, not for the data path. - Felix -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists