| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Apr 2014 17:20:21 -0400 From: Vlad Yasevich <vyasevic@...hat.com> To: netdev@...r.kernel.org Cc: bridge@...ts.linux-foundation.org, shemminger@...tta.com, jhs@...atatu.com, john.r.fastabend@...el.com, mst@...hat.com, Vlad Yasevich <vyasevic@...hat.com> Subject: [RFC PATCH v2 net-next 0/7] Non-promisc bidge ports support This patch series is a re-implementation of prior attempts to support non-promiscuous bridge ports. The basic concept is the same as before. The bridge keeps track of the ports that support learning and flooding packets to unknown destinations. We call these ports auto-discovery ports since they automatically discover who is behind them through learning and flooding. If flooding and learning are disabled via flags, then the port requires static configuration to tell it which mac addresses are behind it. This is accomplished through adding of fdbs. These fdbs should be static as dynamic fdbs can expire and systems will become unreachable due to lack of flooding. If the user marks all ports are needing static configuration then we can safely make them non-promiscuous, we will know all the information about them. If the user leaves only 1 port as automatic, then we can mark that port as not-promiscuous as well. One could think of this a edge relay similar to what's support by embedded switches in SRIOV devices. Since we have all the information about the other ports, we can just program the mac addresses into the single automatic port to receive all necessary traffic. In other cases, we keep all ports promiscuous as before. There are some other cases when promiscuous mode has to be turned back on. One is when the bridge itself if placed in promiscuous mode (use sets promisc flag). The other is if vlan filtering is turned off. Since this is the default configuration, the default bridge operation is not changed. Changes since v1: - Removed private list. We now traverse the fdb hashtable itself to write necessary addresses to the ports (Stephen's concern) - Add learning flag to the mask for flags that decides if the port is 'auto' or not (suggest by MST and Jamal). - Simplified tracking of such ports at the cost of a loop over all ports (suggested by MST) I've played with quite a large number of ports and the current approach seems to work fairly well. Thanks -vlad Vlad Yasevich (7): bridge: Turn flag change macro into a function. bridge: Keep track of ports capable of automatic discovery. bridge: Add functionality to sync static fdb entries to hw bridge: Automatically manage port promiscuous mode. bridge: Add addresses from static fdbs to non-promisc ports bridge: Correctly manage promiscuity when user requested it. bridge: Automatically manage promisc mode when vlan filtering is on. net/bridge/br_device.c | 7 +++ net/bridge/br_fdb.c | 132 ++++++++++++++++++++++++++++++++++++++++++++--- net/bridge/br_if.c | 119 ++++++++++++++++++++++++++++++++++++++++-- net/bridge/br_netlink.c | 3 ++ net/bridge/br_private.h | 20 +++++++ net/bridge/br_sysfs_if.c | 31 +++++++---- net/bridge/br_vlan.c | 1 + 7 files changed, 293 insertions(+), 20 deletions(-) -- 1.9.0 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists