lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 23 Jul 2020 04:05:10 +0000
From:   Hongbo Wang <hongbo.wang@....com>
To:     Vladimir Oltean <olteanv@...il.com>
CC:     Xiaoliang Yang <xiaoliang.yang_1@....com>,
        "allan.nielsen@...rochip.com" <allan.nielsen@...rochip.com>,
        Po Liu <po.liu@....com>,
        Claudiu Manoil <claudiu.manoil@....com>,
        Alexandru Marginean <alexandru.marginean@....com>,
        Vladimir Oltean <vladimir.oltean@....com>,
        Leo Li <leoyang.li@....com>, Mingkai Hu <mingkai.hu@....com>,
        "andrew@...n.ch" <andrew@...n.ch>,
        "f.fainelli@...il.com" <f.fainelli@...il.com>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "jiri@...nulli.us" <jiri@...nulli.us>,
        "idosch@...sch.org" <idosch@...sch.org>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "vinicius.gomes@...el.com" <vinicius.gomes@...el.com>,
        "nikolay@...ulusnetworks.com" <nikolay@...ulusnetworks.com>,
        "roopa@...ulusnetworks.com" <roopa@...ulusnetworks.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "horatiu.vultur@...rochip.com" <horatiu.vultur@...rochip.com>,
        "alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>,
        "UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>,
        "ivecera@...hat.com" <ivecera@...hat.com>
Subject: RE: [EXT] Re: [PATCH v3 2/2] net: dsa: ocelot: Add support for QinQ
 Operation

> Instead of writing a long email, let me just say this.
> I ran your commands on 2 random network cards (not ocelot/felix ports).
> They don't produce the same results as you. In fact, no frame with VLAN
> 111 C-TAG is forwarded (or received) at all by the bridge, not to mention that
> no VLAN 1000 S-TAG is pushed on egress.
> 
> 
> Have you tried playing with these commands?
> 
> ip link add dev br0 type bridge vlan_filtering 1 vlan_protocol 802.1ad ip link
> set eth0 master br0 ip link set eth1 master br0 bridge vlan add dev eth0 vid
> 100 pvid bridge vlan add dev eth1 vid 100
> 
> They produce the same output as yours, but have the benefit of using the
> network stack's abstractions and not glue between the 802.1q and the bridge
> module, hidden in the network driver.
> 
> I am sending the following packet towards eth0:
> 
> 00:04:9f:05:f4:ad > 00:01:02:03:04:05, ethertype 802.1Q (0x8100), length
> 102: \
>         vlan 111, p 0, ethertype IPv4, 10.0.111.1 > 10.0.111.3: \
>         ICMP echo request, id 63493, seq 991, length 64
> 
> and collecting it on the partner of eth1 as follows:
> 
> 00:04:9f:05:f4:ad > 00:01:02:03:04:05, ethertype 802.1Q-QinQ (0x88a8),
> length 106: \
>         vlan 100, p 0, ethertype 802.1Q, vlan 111, p 0, ethertype IPv4, \
>         10.0.111.1 > 10.0.111.3: ICMP echo request, id 63493, seq 991,
> length 64
> 
> Thanks,
> -Vladimir

Hi Vladimir,
  the command " ip link add dev br0 type bridge vlan_filtering 1 vlan_protocol 
802.1ad " will influence all ports within the bridge, it will enable all ports vlan_filtering
flag and 802.1ad mode, if ocelot port enable vlan_filtering, it will set VLAN_AWARE_ENA
and VLAN_POP_CNT(1), the code is in ocelot_port_vlan_filtering in ocelot.c. it will
pop one tag from ingress frame, it's not my need, so I don't set vlan_filtering.

  If enable vlan_filtering, it needs enable VCAP ES0 push double VLAN tag, the code
is in another patch, it's based on VCAP ES0 related code, I will post it after ES0 code
be accepted.

  In this case, I only want the egress port(swp1) in QinQ mode, the mode will change swp1's
REW_TAG value, don't need swp0 enter QinQ mode, another issue is that if use " ip link add dev 
br0 type bridge ...", it can't pass proto to port driver, in dsa_slave_vlan_rx_add_vid, it will walk
into here:
		ret = br_vlan_get_info(dp->bridge_dev, vid, &info);
		if (ret == 0)  // ret is 0
			return -EBUSY;
so I use "ip link add link swp1 name swp1.111 type vlan protocol 802.1ad id 111" to enable only
port swp1's QinQ mode.

Thanks,
hongbo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ