lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 13 Sep 2011 15:29:51 -0400
From:	Benjamin Poirier <benjamin.poirier@...il.com>
To:	Stephen Hemminger <shemminger@...ux-foundation.org>
Cc:	David Lamparter <equinox@...c24.net>,
	Nick Carter <ncarter100@...il.com>, netdev@...r.kernel.org,
	Michał Mirosław <mirqus@...il.com>,
	davem@...emloft.net, Ed Swierk <eswierk@...switch.com>
Subject: Re: [PATCH] bridge: mask forwarding of IEEE 802 local multicast
 groups

On 11-07-28 08:41, Stephen Hemminger wrote:
> On Wed, 27 Jul 2011 13:17:15 +0200
> David Lamparter <equinox@...c24.net> wrote:
> 
> > On Fri, Jul 15, 2011 at 06:33:45PM +0200, David Lamparter wrote:
> > > On Fri, Jul 15, 2011 at 06:03:57PM +0200, David Lamparter wrote:
> > > > On Fri, Jul 15, 2011 at 04:44:50PM +0100, Nick Carter wrote:
> > > > > On 12 July 2011 12:36, David Lamparter <equinox@...c24.net> wrote:
> > > > > > On Mon, Jul 11, 2011 at 08:27:55AM -0700, Stephen Hemminger wrote:
> > > > > >> I am still undecided on this. Understand the need, but don't like idea
> > > > > >> of bridge behaving in non-conforming manner. Will see if IEEE 802 committee
> > > > > >> has any input.
> > > > > >
> > > > > > The patch doesn't make the bridge behave nonconformant. The default mask
> > > > > > is 0, which just keeps the old behaviour.
> > > 
> > > P.S.: I'd like to once more stress this. In my opinion the patch should
> > > be merged because it provides desireable functionality at a small cost
> > > (one test, one knob) and __does not change any default behaviour__.
> > 
> > Stephen, anything new on this?
> 
> No.
> Don't like adding yet another hack user visible API which will have
> to be maintained for too long. But on the other hand I don't have
> a better solution at my finger tips. If better idea doesn't come
> along, then we can go with yours.

For virtualization-related problems, how about using macvtap? No need to
change the bridging code.

I had also previously submitted a patch to forward reserved group
addresses through the bridge. This was towards the goal of forwarding
EAPOL frames for virtual machines. I have since come to the realization
that one can use macvtap to achieve that instead. This forgoes the
bridge and offers better performance too.

I have tested macvtap + kvm to authenticate/authorize a virtual machine
connected to a 802.1X enabled switch. I used the instructions here for
macvtap:
http://virt.kernelnewbies.org/MacVTap
and tested with an HP switch and wpa_supplicant on the guest.

-Ben
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ