| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191105155954.GE17620@lunn.ch>
Date: Tue, 5 Nov 2019 16:59:54 +0100
From: Andrew Lunn <andrew@...n.ch>
To: Ioana Ciornei <ioana.ciornei@....com>
Cc: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"f.fainelli@...il.com" <f.fainelli@...il.com>
Subject: Re: [PATCH 06/12] staging: dpaa2-ethsw: add ACL entry to redirect
STP to CPU
> The control queues do not form an actual interface in the sense that
> the CPU does not receive unknown unicast, broadcast and multicast
> frames by default. For each frame that we want to direct to the CPU
> we must add an ACL entry.
So this appears to be one of the dumbest switches so far :-(
Can you add an ACL which is all L2 broadcast/multicast? That would be
a good first step.
Does the ACL stop further processing of the frame? Ideally you want
the switch to also flood broadcast/multicast out other ports, if they
are in a bridge. If it cannot, you end up with the software bridge
doing the flooding.
So i also assume it does not perform learning on CPU frames? That
probably means you need to connect up the fdb add/remove calls to add
in ACLs. And you will need to implement ndo_set_rx_mode. Each unicast
and multicast address needs to be turned into an ACL. What i don't
know is if the network stack will automatically add the interfaces own
MAC address. You might have to handle that special case.
Andrew
Powered by blists - more mailing lists