lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 9 Jul 2020 09:44:40 +0200
From:   Linus Walleij <linus.walleij@...aro.org>
To:     Florian Fainelli <f.fainelli@...il.com>
Cc:     Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...il.com>,
        netdev <netdev@...r.kernel.org>,
        "David S . Miller" <davem@...emloft.net>,
        DENG Qingfang <dqfext@...il.com>,
        Mauri Sandberg <sandberg@...lfence.com>,
        Vladimir Oltean <olteanv@...il.com>
Subject: Re: [net-next PATCH 3/3 v1] net: dsa: rtl8366: Use DSA core to set up VLAN

On Thu, Jul 9, 2020 at 4:29 AM Florian Fainelli <f.fainelli@...il.com> wrote:
> Me
> > The tested scenarios sure work fine with this
> > set-up including video streaming from a NAS device.
>
> Does this maintain the requirement that by default, all DSA ports must
> be isolated from one another? For instance, if you have broadcast
> traffic on port 2, by virtue of having port 1 and port 2 now in VLAN ID
> 1, do you see that broadcast traffic from port 1?

Unfortunately yes :(

I test this by setting a host (169.254.1.1) to ping the router
(169.254.1.2) and if I connect a machine to one of the other
ports I can see the ARP requests on that machine
as "who-has (...) tell 169.254.1.1"

> If you do, then you need to find a way to maintain isolation between ports.
>
> It looks like the FID is used for implementing VLAN filtering so maybe
> you need to dedicate a FID per port number here, and add them all to VLAN 1?

The FID exist in the source code but neither the vendor driver
not the OpenWrt driver make any use of them, their way of
separating the ports is by using one VLAN per port and setting
the PVID for each port to that VLAN, in the way described
in the commit message.

Is there an example of some driver using a FID for this?

What do you think about the option to teach the core to set
up VLANs like the driver currently does with one VLAN per
port and PVID set for each? I haven't even been able to
locate the code that associates all ports with VLAN1 but
I figured it can't be too hard? (Famous last words.)

Yours,
Linus Walleij

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ