lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 1 Nov 2017 09:58:01 +0900
From:   Toshiaki Makita <makita.toshiaki@....ntt.co.jp>
To:     "Keller, Jacob E" <jacob.e.keller@...el.com>,
        "vyasevic@...hat.com" <vyasevic@...hat.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Cc:     "Malek, Patryk" <patryk.malek@...el.com>
Subject: Re: removing bridge in vlan_filtering mode requests delete of
 attached ports main MAC address

On 2017/11/01 9:10, Keller, Jacob E wrote:
>> -----Original Message-----
>> From: Keller, Jacob E
>> Sent: Thursday, October 26, 2017 1:33 PM
>> To: Keller, Jacob E <jacob.e.keller@...el.com>; vyasevic@...hat.com;
>> netdev@...r.kernel.org
>> Cc: Malek, Patryk <patryk.malek@...el.com>
>> Subject: RE: removing bridge in vlan_filtering mode requests delete of attached
>> ports main MAC address
>>
>>> -----Original Message-----
>>> From: netdev-owner@...r.kernel.org [mailto:netdev-
>> owner@...r.kernel.org]
>>> On Behalf Of Keller, Jacob E
>>> Sent: Thursday, October 26, 2017 1:27 PM
>>> To: vyasevic@...hat.com; netdev@...r.kernel.org
>>> Cc: Malek, Patryk <patryk.malek@...el.com>
>>> Subject: RE: removing bridge in vlan_filtering mode requests delete of attached
>>> ports main MAC address
>>>
>>>> -----Original Message-----
>>>> From: Vlad Yasevich [mailto:vyasevic@...hat.com]
>>>> Sent: Thursday, October 26, 2017 3:22 AM
>>>> To: Keller, Jacob E <jacob.e.keller@...el.com>; netdev@...r.kernel.org
>>>> Cc: Malek, Patryk <patryk.malek@...el.com>
>>>> Subject: Re: removing bridge in vlan_filtering mode requests delete of
>> attached
>>>> ports main MAC address
>>>>
>>>> Hi Jake
>>>>
>>>> I think adding a !fdb->local should work.  local fdb contain the address of
>>> assigned
>>>> to
>>>> the ports of the bridge and those shouldn't be directly removed.
>>>>
>>>> If that works,  that looks like the right solution.
>>>>
>>>> -vlad
>>>>
>>>
>>> So this does prevent us from removing the port's address. However, if I add
>> two
>>> devices to the bridge, then after removing the bridge, each device now keeps
>>> both permanent addresses in their list, which isn't what we want is it?
>>>
>>> Do we even want to assign the local fdb addresses to every port?
>>>
>>> Obviously, I don't fully understand this code, so I think I'm missing something
>>> here.
>>>
>>> Regards,
>>> Jake
>>>
>>
>> Ok, I tried this again, and it didn't end up crossing the local device addresses to
>> each port. I'm not sure how that happened the first time yet, so maybe it is
>> correct to skip removing local addresses... but if we skip removing them, wouldn't
>> we want to skip adding them too?
>>
>> Thanks,
>> Jake
> 
> There's definitely some weirdness going on, because I've been able to get the local port addresses added to the wrong device under some circumstances. It seems to be some sort of race condition, since I can't reliably re-create the scenario.
> 
> Either way, some more insight on what the correct fix here would be nice.
> 
> I'm thinking we want to skip adding or removing local addresses when switching into the static mode configuration.

If we skip adding them, we cannot receive frames which should be
received on the bridge device during non-promiscuous mode.

-- 
Toshiaki Makita

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ