lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 29 Aug 2019 15:15:43 +0200
From:   Andrew Lunn <andrew@...n.ch>
To:     Ivan Vecera <ivecera@...hat.com>
Cc:     Horatiu Vultur <horatiu.vultur@...rochip.com>,
        Jiri Pirko <jiri@...nulli.us>, alexandre.belloni@...tlin.com,
        UNGLinuxDriver@...rochip.com, davem@...emloft.net,
        allan.nielsen@...rochip.com, f.fainelli@...il.com,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/2] net: core: Notify on changes to dev->promiscuity.

On Thu, Aug 29, 2019 at 02:55:18PM +0200, Ivan Vecera wrote:
> On Thu, 29 Aug 2019 14:44:14 +0200
> Horatiu Vultur <horatiu.vultur@...rochip.com> wrote:
> 
> > When a port is added to a bridge, then the port gets in promisc mode.
> > But in our case the HW has bridge capabilities so it is not required
> > to set the port in promisc mode.
> > But if someone else requires the port to be in promisc mode (tcpdump
> > or any other application) then I would like to set the port in promisc
> > mode.
> > In previous emails Andrew came with the suggestion to look at
> > dev->promiscuity and check if the port is a bridge port. Using this
> > information I could see when to add the port in promisc mode. He also
> > suggested to add a new switchdev call(maybe I missunderstood him, or I
> > have done it at the wrong place) in case there are no callbacks in the
> > driver to get this information.
> 
> I would use the 1st suggestion.
> 
> for/in your driver:
> if (dev->promiscuity > 0) {
> 	if (dev->promiscuity == 1 && netif_is_bridge_port(dev)) {
> 		/* no need to set promisc mode because promiscuity
> 		 * was requested by bridge
> 		 */
> 		...
> 	} else {
> 		/* need to set promisc mode as someone else requested
> 		 * promiscuity
> 		 */
> 	}
> }

Hi Ivan

The problem with this is, the driver only gets called when promisc
goes from 0 to !0. So, the port is added to the bridge. Promisc goes
0->1, and the driver gets called. We can evaluate as you said above,
and leave the port filtering frames, not forwarding everything. When
tcpdump is started, the core does promisc 1->2, but does not call into
the driver. Also, currently sending a notification is not
unconditional.

What this patch adds is an unconditional call into the switchdev
driver so it can evaluate the condition above, with every change to
the promisc counter.

    Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ