| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Feb 2014 13:02:33 +0000 From: Zoltan Kiss <zoltan.kiss@...rix.com> To: "Luis R. Rodriguez" <mcgrof@...not-panic.com> CC: Stephen Hemminger <stephen@...workplumber.org>, Ian Campbell <Ian.Campbell@...rix.com>, <kvm@...r.kernel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, <bridge@...ts.linux-foundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, <xen-devel@...ts.xenproject.org> Subject: Re: [Xen-devel] [RFC v2 1/4] bridge: enable interfaces to opt out from becoming the root bridge On 20/02/14 20:01, Luis R. Rodriguez wrote: > On Thu, Feb 20, 2014 at 5:19 AM, Zoltan Kiss <zoltan.kiss@...rix.com> wrote: >> How about this: netback sets the root_block flag and a random MAC by >> default. So the default behaviour won't change, DAD will be happy, and >> userspace don't have to do anything unless it's using netback for STP root >> bridge (I don't think there are too many toolstacks doing that), in which >> case it has to remove the root_block flag instead of setting a random MAC. > > :D that's exactly what I ended up proposing too. I mentioned how > xen-netback could do this as well, we'd keep or rename the flag I > added, and then the bridge could would look at it and enable the root > block if the flag is set. Stephen however does not like having the > bridge code look at magic flags for this behavior and would prefer for > us to get the tools to ask for the root block. Let's follow more up on > that thread We don't need that new flag, just forget about it. Set that root_block flag from netback device init, around the time you generate the random MAC, or at the earliest possible time. Nothing else has to be done from kernel side. If someone wants netback to be a root port, then remove root_block from their tools, instead of changing the the MAC address, as it happens now. Another problem with the random addresses, pointed out by Ian earlier, that when adding/removing interfaces, the bridge does recalculate it's MAC address, and choose the lowest one. In the general usecase I think that's normal, but in case of Xen networking, we would like to keep the bridge using the physical interface's MAC, because the local port of the bridge is used for Dom0 network traffic, therefore changing the bridge MAC when a netback device has lower MAC breaks that traffic. I think the best is to address this from userspace: if it set the MAC of the bridge explicitly, dev_set_mac_address() does dev->addr_assign_type = NET_ADDR_SET;, so br_stp_recalculate_bridge_id() will exit before changing anything. And when I say userspace, I mean Xen specific tools which does networking configuration, e.g. xapi in XenServer case. Not brctl, it doesn't have to know whether this is a xenbrX device or a bridge used for another purposes. Zoli -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists