lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 04 Sep 2014 17:01:12 -0400
From:	Vlad Yasevich <vyasevic@...hat.com>
To:	Alexei Starovoitov <alexei.starovoitov@...il.com>,
	Vlad Yasevich <vyasevich@...il.com>
CC:	Jiri Pirko <jiri@...nulli.us>, netdev@...r.kernel.org,
	Florian Zumbiehl <florz@...rz.de>,
	Eric Dumazet <eric.dumazet@...il.com>,
	Matthew Rosato <mjrosato@...ux.vnet.ibm.com>
Subject: Re: [PATCH net] core: Untag packets after rx_handler has run.

On 09/04/2014 04:43 PM, Alexei Starovoitov wrote:
> On Thu, Sep 04, 2014 at 03:29:00PM -0400, Vlad Yasevich wrote:
>>> nack. This will definitelly break several stacked setups.
>>
>> Which ones?  The only thing I can see that would behave differently
>> is something like:
>>
>>     vlan0      bridge0
>>      |           |
>>      +-------- eth0
>>
>> In this case, the old code would give an untagged packet to the bridge
>> and the new code would give a tagged packet.
>>
>> This set-up is a bit ambiguous.  Remove the vlan, and bridge gets a tagged
>> traffic even though the vlan has no relationship to the bridge.
>>
>> I've tested a couple of different stacked setups and they all seem to work.
> 
> 2nd nack.
> It will break user space, including our setup that has:
>  vlanX     OVS
>    |        |
>    +------ eth0
> 
> vlan device has IP assigned and all tagged traffic goes through the stack
> and into control plane process. ovs datapath keeps managing eth0 with
> all other vlans.
> 

Did you specially configure OVS to pass the traffic up the stack?  I see
OVS will only pass LOOPBACK packets.  All others it seems to consume.

Can the same be accomplished with a tagged internal port?

The reason I am asking, is I am trying to figure out if this is
a valid config.  It seems very hard to get right and seems to work almost
by accident at times.  For example, in the bridge scenario I described.
vlan and bridge have to share a mac address for that work.

-vlad
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ