lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Dec 2014 06:17:45 -0800 From: roopa <roopa@...ulusnetworks.com> To: "Arad, Ronen" <ronen.arad@...el.com> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "shemminger@...tta.com" <shemminger@...tta.com>, "vyasevic@...hat.com" <vyasevic@...hat.com>, Wilson kok <wkok@...ulusnetworks.com> Subject: Re: [PATCH 3/6] bridge: modify IFLA_AF_SPEC parser to parse IFLA_BRIDGE_VLAN_RANGE_INFO On 12/30/14, 12:40 AM, Arad, Ronen wrote: > >> -----Original Message----- >> From: netdev-owner@...r.kernel.org [mailto:netdev-owner@...r.kernel.org] On >> Behalf Of roopa@...ulusnetworks.com >> Sent: Monday, December 29, 2014 11:05 PM >> To: netdev@...r.kernel.org; shemminger@...tta.com; vyasevic@...hat.com >> Cc: Roopa Prabhu; Wilson kok >> Subject: [PATCH 3/6] bridge: modify IFLA_AF_SPEC parser to parse >> IFLA_BRIDGE_VLAN_RANGE_INFO >> >> From: Roopa Prabhu <roopa@...ulusnetworks.com> >> >> This patch modifies br_afspec to parse incoming IFLA_BRIDGE_VLAN_RANGE_INFO >> >> Signed-off-by: Wilson kok <wkok@...ulusnetworks.com> >> Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com> >> --- >> net/bridge/br_netlink.c | 70 +++++++++++++++++++++++++++++++++------------- >> - >> 1 file changed, 49 insertions(+), 21 deletions(-) >> >> diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c >> index e7d1fc0..4c47ba0 100644 >> --- a/net/bridge/br_netlink.c >> +++ b/net/bridge/br_netlink.c >> @@ -227,48 +227,76 @@ static const struct nla_policy >> ifla_br_policy[IFLA_MAX+1] = { >> .len = sizeof(struct bridge_vlan_range_info), }, >> }; >> >> +static int br_afspec_vlan_add(struct net_bridge *br, >> + struct net_bridge_port *p, >> + u16 vid, u16 flags) >> +{ >> + int err = 0; >> + >> + if (p) { >> + err = nbp_vlan_add(p, vid, flags); >> + if (err) >> + return err; >> + >> + if (flags & BRIDGE_VLAN_INFO_MASTER) >> + err = br_vlan_add(p->br, vid, flags); >> + } else { >> + err = br_vlan_add(br, vid, flags); >> + } >> + >> + return err; >> +} >> + >> +static void br_afspec_vlan_del(struct net_bridge *br, >> + struct net_bridge_port *p, >> + u16 vid, u16 flags) >> +{ >> + if (p) { >> + nbp_vlan_delete(p, vid); >> + if (flags & BRIDGE_VLAN_INFO_MASTER) >> + br_vlan_delete(p->br, vid); >> + } else { >> + br_vlan_delete(br, vid); >> + } >> +} >> + >> static int br_afspec(struct net_bridge *br, >> struct net_bridge_port *p, >> struct nlattr *af_spec, >> int cmd) >> { >> - struct bridge_vlan_info *vinfo; >> - int err = 0; >> + struct bridge_vlan_range_info *vinfo; >> struct nlattr *attr; >> int err = 0; >> int rem; >> u16 vid; >> >> nla_for_each_nested(attr, af_spec, rem) { >> - if (nla_type(attr) != IFLA_BRIDGE_VLAN_INFO) >> + if (nla_type(attr) != IFLA_BRIDGE_VLAN_INFO && >> + nla_type(attr) != IFLA_BRIDGE_VLAN_RANGE_INFO) >> continue; >> - >> vinfo = nla_data(attr); >> - if (!vinfo->vid || vinfo->vid >= VLAN_VID_MASK) >> + >> + if (nla_type(attr) == IFLA_BRIDGE_VLAN_INFO) >> + vinfo->vid_end = vinfo->vid; >> + >> + if (!vinfo->vid || vinfo->vid >= VLAN_VID_MASK || >> + vinfo->vid_end >= VLAN_VID_MASK || >> + vinfo->vid > vinfo->vid_end) >> return -EINVAL; >> >> switch (cmd) { >> case RTM_SETLINK: >> - if (p) { >> - err = nbp_vlan_add(p, vinfo->vid, vinfo->flags); >> + for (vid = vinfo->vid; vid <= vinfo->vid_end; vid++) { >> + err = br_afspec_vlan_add(br, p, vid, >> + vinfo->flags); > vinfo->flags could have BRIDGE_VLAN_INFO_PVID set. It is really a port property and there could only be a single PVID for a port. The loop will make the port pvid set, in turn, to each vid in the range until it finally set to vid_end. > This could be avoided by turning off this flag for all but the last vid in range: > > err = br_afspec_vlan_addr(br, p, vid, > ((vid == vinfo->vid_end) > ? vinfo->flags > : vinfo->flags & ~BRIDGE_VLAN_INFO_PVID)); > Another alternative could be to add explicit pvid field to bridge_vlan_range_info and disallow PVID flag. > This allows for setting the port pvid to any vid in the range. > > If both alternatives seem somewhat complex we could just disallow PVID flag in IFLA_BRIDGE_VLAN_RANGE_INFO and allow it only in IFLA_BRIDGE_VLAN_INFO. I believe it is a user error to set PVID flag on a range of vlans using IFLA_BRIDGE_VLAN_RANGE_INFO or for that matter using multiple IFLA_BRIDGE_VLAN_INFO with pvid flag set. Today, the last one probably sticks. I will check current behavior and mimic that or return EINVAL when multiple attributes come in with the PVID flag. > > >> if (err) >> break; >> - >> - if (vinfo->flags & BRIDGE_VLAN_INFO_MASTER) >> - err = br_vlan_add(p->br, vinfo->vid, >> - vinfo->flags); >> - } else >> - err = br_vlan_add(br, vinfo->vid, vinfo->flags); >> - >> + } >> break; >> - >> case RTM_DELLINK: >> - if (p) { >> - nbp_vlan_delete(p, vinfo->vid); >> - if (vinfo->flags & BRIDGE_VLAN_INFO_MASTER) >> - br_vlan_delete(p->br, vinfo->vid); >> - } else >> - br_vlan_delete(br, vinfo->vid); >> + for (vid = vinfo->vid; vid <= vinfo->vid_end; vid++) >> + br_afspec_vlan_del(br, p, vid, vinfo->flags); >> break; >> } >> } >> -- >> 1.7.10.4 >> >> -- >> To unsubscribe from this list: send the line "unsubscribe netdev" in >> the body of a message to majordomo@...r.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists