lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130502111414.0ae8f216@nehalam.linuxnetplumber.net>
Date:	Thu, 2 May 2013 11:14:14 -0700
From:	Stephen Hemminger <stephen@...workplumber.org>
To:	vyasevic@...hat.com
Cc:	netdev@...r.kernel.org, bridge@...ts.linux-foundation.org,
	mst@...hat.com
Subject: Re: [PATCH v2 net-next 0/6] Allow bridge to function in non-promisc
 mode

On Thu, 02 May 2013 13:41:05 -0400
Vlad Yasevich <vyasevic@...hat.com> wrote:

> On 05/02/2013 01:23 PM, Stephen Hemminger wrote:
> > Doing research on another problem, I noticed that this would
> > break user mode spanning tree (RSTP) code.
> >
> > The daemon assumes that bridge is promicious mode and therefore
> > will receive all link-level multicast packets.
> >
> 
> Just took another look at RSTP code and I see that's its using
> a packet socket with filter to catch STP frames.
> 
> Would setting IFF_ALL_MULTI solve the problem?  STP packets
> are all multicast.
> 
> Thanks
> -vlad

See opening of the packet.c in RSTP daemon.

/*
 * Open up a raw packet socket to catch all 802.2 packets.
 * and install a packet filter to only see STP (SAP 42)
 *
 * Since any bridged devices are already in promiscious mode
 * no need to add multicast address.
 */
int packet_sock_init(void)
{
	int s;
	struct sock_fprog prog = {
		.len = sizeof(stp_filter) / sizeof(stp_filter[0]),
		.filter = stp_filter,
	};

	s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_802_2));
	if (s < 0) {
		ERROR("socket failed: %m");
		return -1;
	}

	if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, &prog, sizeof(prog)) < 0) 
		ERROR("setsockopt packet filter failed: %m");
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ