lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1393427905-6811-7-git-send-email-vyasevic@redhat.com>
Date:	Wed, 26 Feb 2014 10:18:24 -0500
From:	Vlad Yasevich <vyasevic@...hat.com>
To:	netdev@...r.kernel.org
Cc:	bridge@...ts.linux-foundation.org, shemminger@...tta.com,
	mst@...hat.com, jhs@...atatu.com, john.r.fastabend@...el.com,
	Vlad Yasevich <vyasevic@...hat.com>
Subject: [PATCH 6/7] bridge: Manage promisc mode when vlans are configured on top of a bridge

If the user configures vlan interfaces on top of the bridge and the bridge
doesn't have vlan filtering enabled, we have to place all the ports in
promsic mode so that we can correctly receive tagged frames.
When vlan filtering is enabled, the vlan configuration will be provided
via filtering interface.
When the vlan filtering is toggled, we also have mange promiscuity.

Signed-off-by: Vlad Yasevich <vyasevic@...hat.com>
---
 net/bridge/br_device.c  | 14 ++++++++++++++
 net/bridge/br_if.c      | 17 +++++++++++++----
 net/bridge/br_private.h |  9 +++++++++
 net/bridge/br_vlan.c    |  1 +
 4 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 0af9d6c..967abb3 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -297,6 +297,18 @@ void br_netpoll_disable(struct net_bridge_port *p)
 
 #endif
 
+static int br_dev_rx_add_vid(struct net_device *br_dev, __be16 proto, u16 vid)
+{
+	br_manage_promisc(netdev_priv(br_dev));
+	return 0;
+}
+
+static int br_dev_rx_kill_vid(struct net_device *br_dev, __be16 proto, u16 vid)
+{
+	br_manage_promisc(netdev_priv(br_dev));
+	return 0;
+}
+
 static int br_add_slave(struct net_device *dev, struct net_device *slave_dev)
 
 {
@@ -328,6 +340,8 @@ static const struct net_device_ops br_netdev_ops = {
 	.ndo_change_rx_flags	 = br_dev_change_rx_flags,
 	.ndo_change_mtu		 = br_change_mtu,
 	.ndo_do_ioctl		 = br_dev_ioctl,
+	.ndo_vlan_rx_add_vid	 = br_dev_rx_add_vid,
+	.ndo_vlan_rx_kill_vid	 = br_dev_rx_kill_vid,
 #ifdef CONFIG_NET_POLL_CONTROLLER
 	.ndo_netpoll_setup	 = br_netpoll_setup,
 	.ndo_netpoll_cleanup	 = br_netpoll_cleanup,
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 7e92bd0..55e4e28 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -497,12 +497,21 @@ static void br_port_clear_promisc(struct net_bridge_port *p)
 void br_manage_promisc(struct net_bridge *br)
 {
 	struct net_bridge_port *p;
+	int set_all = false;
+
+	if (br->dev->flags & IFF_PROMISC)
+		set_all = true;
+
+	/* If vlan filtering is disabled and there are any VLANs
+	 * configured on top of the bridge, set promisc on all
+	 * ports.
+	 */
+	if (!br_vlan_enabled(br) && vlan_uses_dev(br->dev))
+		set_all = true;
 
 	list_for_each_entry(p, &br->port_list, list) {
-		if (br->dev->flags & IFF_PROMISC) {
-			/* PROMISC flag has been turned on for the bridge
-			 * itself.  Turn on promisc on all ports.
-			 */
+		if (set_all) {
+			/* Set all the ports to promisc mode.  */
 			br_port_set_promisc(p);
 
 		} else {
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 4042f86..87dcc09 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -641,6 +641,10 @@ static inline u16 br_get_pvid(const struct net_port_vlans *v)
 	return v->pvid ?: VLAN_N_VID;
 }
 
+static inline int br_vlan_enabled(struct net_bridge *br)
+{
+	return br->vlan_enabled;
+}
 #else
 static inline bool br_allowed_ingress(struct net_bridge *br,
 				      struct net_port_vlans *v,
@@ -721,6 +725,11 @@ static inline u16 br_get_pvid(const struct net_port_vlans *v)
 {
 	return VLAN_N_VID;	/* Returns invalid vid */
 }
+
+static inline int br_vlan_enabled(struct net_bridge *br);
+{
+	return 0;
+}
 #endif
 
 /* br_netfilter.c */
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index 8249ca7..eddc2f6 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -321,6 +321,7 @@ int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
 		goto unlock;
 
 	br->vlan_enabled = val;
+	br_manage_promisc(br);
 
 unlock:
 	rtnl_unlock();
-- 
1.8.5.3

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ