lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAPx+-5u1k_JfTGpRz7hSbGug1CgU5EZzOpbOEM9phH6kaaxKgQ@mail.gmail.com>
Date: Sun, 27 Apr 2025 15:34:32 +0800
From: Qiang Zhang <dtzq01@...il.com>
To: Jamal Hadi Salim <jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com>, 
	Jiri Pirko <jiri@...nulli.us>
Cc: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, 
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: tc-vlan push 1ad vlan on 1Q packet at ingress abnormal

Hi, all.
I met an problem when I tried to use bridge forward QinQ packet.
Use tc vlan instead of pvid due to I wanna push different vlans on rules.
It seemed that 1ad vlan pushed abnormal on 1q packet at ingress for the bridge.
The steps to reproduce the issue:
/*
        PC0                              PC1
        br  1ad
ens37            ens38   ------- ens36--vlan2
                                             32.24
 */
1. Config on PC0:
  ip link add dev br up type bridge vlan_protocol 802.1ad vlan_filtering 1
  ip link set ens37 master br
  ip link set ens38 master br
  bridge vlan add vid 2 dev ens37
  bridge vlan add vid 2 dev ens38
  //Del the default vlan
  bridge vlan del vid 1 dev ens37
  bridge vlan del vid 1 dev ens38
  bridge vlan del vid 1 dev br self
  tc qdisc add dev ens38 clsact
  //Use tc vlan to add 1ad vlan 2.
  tc filter add dev ens38 ingress matchall action vlan push id 2
protocol 802.1ad

2. Config on PC1:
  ip link add vlan2 up link ens37 type vlan id 2
  ip addr add dev vlan2 192.168.32.24/24

3. Ping on PC1, then capture packet on ens37 and ens38 on PC0.
Find that dst mac and src mac changed, and 1q vlan 2 missed.
Expect that 1ad vlan 2 inserted between src mac and 1q vlan.
Details are below:
  PC1:
  # ping 192.168.32.1 -W1 -c1
  PING 192.168.32.1 (192.168.32.1) 56(84) bytes of data.

  --- 192.168.32.1 ping statistics ---
  1 packets transmitted, 0 received, 100% packet loss, time 0ms

  PC0:
  #tcpdump -iens38 -nnvvepXX
  tcpdump: listening on ens38, link-type EN10MB (Ethernet), snapshot
length 262144 bytes
  06:56:11.491285 00:0c:29:1a:32:8c > ff:ff:ff:ff:ff:ff, ethertype
802.1Q (0x8100),
  length 64: vlan 2, p 0, ethertype ARP (0x0806), Ethernet (len 6),
IPv4 (len 4),
  Request who-has 192.168.32.1 tell 192.168.32.24, length 46
  0x0000:  ffff ffff ffff 000c 291a 328c 8100 0002  ........).2.....
  0x0010:  0806 0001 0800 0604 0001 000c 291a 328c  ............).2.
  0x0020:  c0a8 2018 0000 0000 0000 c0a8 2001 0000  ................
  0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................

  #tcpdump -iens37 -nnvvepXX
  tcpdump: listening on ens37, link-type EN10MB (Ethernet), snapshot
length 262144 bytes
  06:56:11.491548 32:8c:81:00:00:02 > ff:ff:00:0c:29:1a, ethertype
802.1Q-QinQ (0x88a8),
  length 64: vlan 2, p 0, ethertype ARP (0x0806), Ethernet (len 6),
IPv4 (len 4),
  Request who-has 192.168.32.1 tell 192.168.32.24, length 46
  0x0000:  ffff 000c 291a 328c 8100 0002 88a8 0002  ....).2.........
  0x0010:  0806 0001 0800 0604 0001 000c 291a 328c  ............).2.
  0x0020:  c0a8 2018 0000 0000 0000 c0a8 2001 0000  ................
  0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................

  Display config on PC0:
  # bridge vlan
  port              vlan-id
  ens37             2
  ens38             2

  # tc -s filter ls dev ens38 ingress
  filter protocol all pref 49152 matchall chain 0
  filter protocol all pref 49152 matchall chain 0 handle 0x1
    not_in_hw (rule hit 3)
  action order 1: vlan  push id 2 protocol 802.1ad priority 0 pipe
  index 1 ref 1 bind 1 installed 506 sec used 365 sec firstused 367 sec
  Action statistics:
  Sent 138 bytes 3 pkt (dropped 0, overlimits 0 requeues 0)
  backlog 0b 0p requeues 0

  # ip -d link ls dev br
  17: br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP mode DEFAULT group default qlen 1000
    link/ether ca:dc:7a:b2:df:f0 brd ff:ff:ff:ff:ff:ff promiscuity 0
minmtu 68 maxmtu 65535
    bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time
30000 stp_state 0 priority 32768 vlan_filtering 1 vlan_protocol
802.1ad bridge_id 8000.ca:dc:7a:b2:df:f0 designated_root
8000.ca:dc:7a:b2:df:f0 root_port 0 root_path_cost 0 topology_change 0
topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00
topology_change_timer    0.00 gc_timer  158.49 vlan_default_pvid 1
vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0
group_address 01:80:c2:00:00:08 mcast_snooping 1 mcast_router 1
mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16
mcast_hash_max 4096 mcast_last_member_count 2
mcast_startup_query_count 2 mcast_last_member_interval 100
mcast_membership_interval 26000 mcast_querier_interval 25500
mcast_query_interval 12500 mcast_query_response_interval 1000
mcast_startup_query_interval 3125 mcast_stats_enabled 0
mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0
nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues
1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
  # uname -a
  Linux code 5.15.0-131-lowlatency #141-Ubuntu SMP PREEMPT Thu Jan 16
18:36:23 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ