lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 07 Mar 2022 10:21:28 +0100
From:   Tobias Waldekranz <tobias@...dekranz.com>
To:     Andrew Lunn <andrew@...n.ch>
Cc:     netdev <netdev@...r.kernel.org>,
        Vladimir Oltean <vladimir.oltean@....com>,
        emeric.dupont@....aero
Subject: Re: Regression with improved multi chip isolation

On Sun, Mar 06, 2022 at 20:15, Andrew Lunn <andrew@...n.ch> wrote:
> Hi Tobias
>
> I just found a regression with:
>
> d352b20f4174a6bd998992329b773ab513232880 is the first bad commit
> commit d352b20f4174a6bd998992329b773ab513232880
> Author: Tobias Waldekranz <tobias@...dekranz.com>
> Date:   Thu Feb 3 11:16:56 2022 +0100
>
>     net: dsa: mv88e6xxx: Improve multichip isolation of standalone ports
>     
>     Given that standalone ports are now configured to bypass the ATU and
>     forward all frames towards the upstream port, extend the ATU bypass to
>     multichip systems.

Sorry about that.

> I have a ZII devel B setup:
>
> brctl addbr br0                                                                 
> brctl addif br0 lan0                                                            
> brctl addif br0 lan1                                                            
>                                                                                 
> ip link set br0 up                                                              
> ip link set lan0 up                                                             
> ip link set lan1 up                                                             
>                                                                                 
> ip link add link br0 name br0.11 type vlan id 11                                
> ip link set br0.11 up                                                           
> ip addr add 10.42.11.1/24 dev br0.11
>
> Has it happens, lan0 has link, and i run tcpdump on the link peer. lan1
> does not have link.
>
> I then ping 10.42.11.2.
>
> I found that the ARP Request who-has 10.42.11.2 tell 10.42.11.1 are
> getting dropped. I also see:
>
>      p06_sw_in_filtered: 122
>      p06_sw_out_filtered: 90
>      p06_atu_member_violation: 0
>      p06_atu_miss_violation: 0
>      p06_atu_full_violation: 0
>      p06_vtu_member_violation: 0
>      p06_vtu_miss_violation: 121
>
> port 6 is the CPU port. Both p06_vtu_miss_violation and
> p06_sw_in_filtered are incrementing with each ARP Request broadcast
> from the host.
>
> The bridge should be vlan unaware, vlan_filtering is 0.

Huh, a VLAN upper without filtering enabled; didn't consider that
use-case...

Vladimir has already correctly diagnosed the problem. I'm working on a
fix right now, which I aim to send later today.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ