lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140227075336.GF16484@redhat.com>
Date:	Thu, 27 Feb 2014 09:53:36 +0200
From:	"Michael S. Tsirkin" <mst@...hat.com>
To:	Vlad Yasevich <vyasevic@...hat.com>
Cc:	Stephen Hemminger <stephen@...workplumber.org>,
	netdev@...r.kernel.org, bridge@...ts.linux-foundation.org,
	shemminger@...tta.com, jhs@...atatu.com, john.r.fastabend@...el.com
Subject: Re: [PATCH 3/7] bridge: Add addresses from static fdbs to bridge
 address list

On Wed, Feb 26, 2014 at 12:35:08PM -0500, Vlad Yasevich wrote:
> On 02/26/2014 11:57 AM, Stephen Hemminger wrote:
> > On Wed, 26 Feb 2014 10:18:21 -0500
> > Vlad Yasevich <vyasevic@...hat.com> wrote:
> > 
> >> When a static fdb entry is created, add the mac address to the bridge
> >> address list.  This list is used to program the proper port's
> >> address list.
> >>
> >> Signed-off-by: Vlad Yasevich <vyasevic@...hat.com>
> > 
> > I don't like this level of bookkeeping it starts to mix
> > layers between the bridge network interface as entity for talking to the
> > local host, and forwarding table entries.
> 
> Actually this is one of the reasons this isn't done through the
> br->dev->uc.  Forwarding table entries are still per-port.
> 
> > 
> > Many times static entries are used as alternative to flooding in
> > environments which don't trust STP.
> 
> Ok, and how would this be problematic?  If one wants to turn off
> promisc in this environment, then receive filters needs to be properly
> programmed.
> 
> > 
> > Plus, it looks like another major source of bugs.
> > 
> 
> Any new code is a potential source of issues.  Are you saying
> No to any new code in bridge?
> 
> -vlad

I'm guessing Stephen merely worries about
multiple data structures that need to stay in
sync, and asks that you revisit
using private hw address list in the bridge.

What's the issue with walking fdb exactly?
You say
 1)  I tried using the fdb table itself as main repository, but
      this caused difficulties in synchronizing this table with
      the interface filters later on.

I'm guessing you refer to writing addresses out to ports
directly when walking the hash being impossible
since this datastructure uses rcu and spinlocks?
Fair enough but the entries you care about
seem to only be modified under RTNL so just
copy them out to a temporary list.
This might be less efficient, but will be simpler I think.

-- 
MST
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ