lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 4 Sep 2014 14:54:35 -0700
From:	Alexei Starovoitov <alexei.starovoitov@...il.com>
To:	vyasevic@...hat.com
Cc:	Vlad Yasevich <vyasevich@...il.com>, Jiri Pirko <jiri@...nulli.us>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	Florian Zumbiehl <florz@...rz.de>,
	Eric Dumazet <eric.dumazet@...il.com>,
	Matthew Rosato <mjrosato@...ux.vnet.ibm.com>
Subject: Re: [PATCH net] core: Untag packets after rx_handler has run.

On Thu, Sep 4, 2014 at 2:01 PM, Vlad Yasevich <vyasevic@...hat.com> wrote:
> On 09/04/2014 04:43 PM, Alexei Starovoitov wrote:
>> On Thu, Sep 04, 2014 at 03:29:00PM -0400, Vlad Yasevich wrote:
>>>> nack. This will definitelly break several stacked setups.
>>>
>>> Which ones?  The only thing I can see that would behave differently
>>> is something like:
>>>
>>>     vlan0      bridge0
>>>      |           |
>>>      +-------- eth0
>>>
>>> In this case, the old code would give an untagged packet to the bridge
>>> and the new code would give a tagged packet.
>>>
>>> This set-up is a bit ambiguous.  Remove the vlan, and bridge gets a tagged
>>> traffic even though the vlan has no relationship to the bridge.
>>>
>>> I've tested a couple of different stacked setups and they all seem to work.
>>
>> 2nd nack.
>> It will break user space, including our setup that has:
>>  vlanX     OVS
>>    |        |
>>    +------ eth0
>>
>> vlan device has IP assigned and all tagged traffic goes through the stack
>> and into control plane process. ovs datapath keeps managing eth0 with
>> all other vlans.
>>
>
> Did you specially configure OVS to pass the traffic up the stack?  I see
> OVS will only pass LOOPBACK packets.  All others it seems to consume.
>
> Can the same be accomplished with a tagged internal port?

our ovs config is not using internal port. vlan device is used as
control interface and should be independent of ovs datapath.
Theoretically it may be possible to use ovs for both, but very dangerous,
when control and data are going through the same datapath.
Any ovs programming mistake will kill control plane and whole
hypervisor will become inaccessible.

> The reason I am asking, is I am trying to figure out if this is
> a valid config.  It seems very hard to get right and seems to work almost
> by accident at times.  For example, in the bridge scenario I described.
> vlan and bridge have to share a mac address for that work.

I think it's not valid vs invalid config.
this was the behavior of vlan devices for long time. vlan was parsed
and send to vlan_dev _before_ rx_handler. I suspect there is more
than one user app that is relying on that.
I can change our stuff to do something different, but I think we
should not be breaking vlan behavior for others.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ