lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 1 Jul 2011 19:59:29 +0200
From:	Michał Mirosław <mirqus@...il.com>
To:	David Lamparter <equinox@...c24.net>
Cc:	Stephen Hemminger <shemminger@...ux-foundation.org>,
	Nick Carter <ncarter100@...il.com>, netdev@...r.kernel.org,
	davem@...emloft.net
Subject: Re: bridge vs. bonding/pause frames (was: Forward EAPOL...)

W dniu 1 lipca 2011 17:16 użytkownik David Lamparter
<equinox@...c24.net> napisał:
> On Fri, Jul 01, 2011 at 04:58:56PM +0200, Michał Mirosław wrote:
> [...]
>> > We _MUST_NOT_ pass bonding frames in any case, but we
>> > currently do that if STP is off. (cf. my earlier patch 1/2)
>>
>> If you use linux box as a (invisible) L2 network tap, then you want to
>> pass everything in the hub mode (including LACP/whatever).
>
> We must not do that by default, this breaks bridges with bonding devices
> as ports. I'm actively band-aiding that problem with ebtables on one of
> my boxes currently.
>
> How about I change "stp_forward_802local" to "forward_802local" and it
> gets 3 values like:
> - 0 (default) behave like a switch, if STP is on then drop all 16
>  groups, if STP is off then drop :01 and :02
> - 1 forward regular groups - drop :01 and :02, forward everything else
> - 2 forward everything ("invisible tap mode")
> optional:
> - -1 drop all 16 groups even if STP is off (not needed, can be done with
>  ebtables...)
>
> btw, since the drivers should eat up pause frames, you're not a fully
> invisible L2 tap anyway.

If -1 can be done with ebtables what is different for 0 and 1 cases?

Another idea: you could make this a 16-bit bitmap (bit per group) x2
(STP vs non-STP) - that would cover all uses with the same amount of
code.

Best Regards,
Michał Mirosław
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ