lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20130207130227.GF13989@macbook.localnet>
Date:	Thu, 7 Feb 2013 14:02:30 +0100
From:	Patrick McHardy <kaber@...sh.net>
To:	Stefan Priebe - Profihost AG <s.priebe@...fihost.ag>
Cc:	Linux Netdev List <netdev@...r.kernel.org>,
	David Miller <davem@...emloft.net>,
	LKML <linux-kernel@...r.kernel.org>,
	Alexandre DERUMIER <aderumier@...so.com>
Subject: Re: Problem with GVRP on eth while having a bridge

On Thu, Feb 07, 2013 at 12:58:01PM +0100, Stefan Priebe - Profihost AG wrote:
> Hi Patrick,
> 
> thanks for your fast response.
> 
> > So please describe the entire GVRP message exchange that's going
> > on.
> I've attached two small pcap files.
> 
> has_bridge.pcap: is where eth1 has a bridge and the dynamic vlan
> disappears after a few seconds.
> 
> no_bridge.pcap: no bridge is assigned to eth1 - the dynamic vlan stays
> as long as i remove it
> 
> > Also you probably want to add the VLAN device on top of the bridge
> > device, otherwise it will get passed to the bridge after untagging,
> > which might not work, depending on the MAC addresses used.
> 
> That's working fine in vanilla kernel 3.7.6 but it does not with RHEL 6.
> Also i looks more complicated as i need another bridge on top of the
> vlan to assign the needed tap devices. I looked at ovirt for the network
> setup:
> http://www.ovirt.org/Vdsm_Network
> 
> and they also add the vlan directly on top of the nic and then the
> bridge on top of the VLANs.

What seems to be happening is that the switch is constantly requesting
GVRP updates. Once eth0 is added to the bridge, the bridge has preference
over local protocol (LLC) delivery. Since the packet has a link local
destination and your bridge doesn't seem to have STP enabled, the
bridge decides to forward the packet. Since its a multicast destination,
the packet is finally passed up to LLC, but the receiving device is
the bridge, not eth0. When the packet reaches the GARP input handler,
no garp_port is associated to the device and the packet is dropped.
This result is that the GARP protocol doesn't notice that the switch
expects an update and the switch finally removes the VLAN.

So the solution is: put the VLAN on the bridge device.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ