lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 30 Dec 2014 06:17:45 -0800
From:	roopa <roopa@...ulusnetworks.com>
To:	"Arad, Ronen" <ronen.arad@...el.com>
CC:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"shemminger@...tta.com" <shemminger@...tta.com>,
	"vyasevic@...hat.com" <vyasevic@...hat.com>,
	Wilson kok <wkok@...ulusnetworks.com>
Subject: Re: [PATCH 3/6] bridge: modify IFLA_AF_SPEC parser to parse IFLA_BRIDGE_VLAN_RANGE_INFO

On 12/30/14, 12:40 AM, Arad, Ronen wrote:
>
>> -----Original Message-----
>> From: netdev-owner@...r.kernel.org [mailto:netdev-owner@...r.kernel.org] On
>> Behalf Of roopa@...ulusnetworks.com
>> Sent: Monday, December 29, 2014 11:05 PM
>> To: netdev@...r.kernel.org; shemminger@...tta.com; vyasevic@...hat.com
>> Cc: Roopa Prabhu; Wilson kok
>> Subject: [PATCH 3/6] bridge: modify IFLA_AF_SPEC parser to parse
>> IFLA_BRIDGE_VLAN_RANGE_INFO
>>
>> From: Roopa Prabhu <roopa@...ulusnetworks.com>
>>
>> This patch modifies br_afspec to parse incoming IFLA_BRIDGE_VLAN_RANGE_INFO
>>
>> Signed-off-by: Wilson kok <wkok@...ulusnetworks.com>
>> Signed-off-by: Roopa Prabhu <roopa@...ulusnetworks.com>
>> ---
>> net/bridge/br_netlink.c |   70 +++++++++++++++++++++++++++++++++-------------
>> -
>> 1 file changed, 49 insertions(+), 21 deletions(-)
>>
>> diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
>> index e7d1fc0..4c47ba0 100644
>> --- a/net/bridge/br_netlink.c
>> +++ b/net/bridge/br_netlink.c
>> @@ -227,48 +227,76 @@ static const struct nla_policy
>> ifla_br_policy[IFLA_MAX+1] = {
>> 			 .len = sizeof(struct bridge_vlan_range_info), },
>> };
>>
>> +static int br_afspec_vlan_add(struct net_bridge *br,
>> +			      struct net_bridge_port *p,
>> +			      u16 vid, u16 flags)
>> +{
>> +	int err = 0;
>> +
>> +	if (p) {
>> +		err = nbp_vlan_add(p, vid, flags);
>> +		if (err)
>> +			return err;
>> +
>> +		if (flags & BRIDGE_VLAN_INFO_MASTER)
>> +			err = br_vlan_add(p->br, vid, flags);
>> +	} else {
>> +		err = br_vlan_add(br, vid, flags);
>> +	}
>> +
>> +	return err;
>> +}
>> +
>> +static void br_afspec_vlan_del(struct net_bridge *br,
>> +			       struct net_bridge_port *p,
>> +			       u16 vid, u16 flags)
>> +{
>> +	if (p) {
>> +		nbp_vlan_delete(p, vid);
>> +		if (flags & BRIDGE_VLAN_INFO_MASTER)
>> +			br_vlan_delete(p->br, vid);
>> +	} else {
>> +		br_vlan_delete(br, vid);
>> +	}
>> +}
>> +
>> static int br_afspec(struct net_bridge *br,
>> 		     struct net_bridge_port *p,
>> 		     struct nlattr *af_spec,
>> 		     int cmd)
>> {
>> -	struct bridge_vlan_info *vinfo;
>> -	int err = 0;
>> +	struct bridge_vlan_range_info *vinfo;
>> 	struct nlattr *attr;
>> 	int err = 0;
>> 	int rem;
>> 	u16 vid;
>>
>> 	nla_for_each_nested(attr, af_spec, rem) {
>> -		if (nla_type(attr) != IFLA_BRIDGE_VLAN_INFO)
>> +		if (nla_type(attr) != IFLA_BRIDGE_VLAN_INFO &&
>> +		    nla_type(attr) != IFLA_BRIDGE_VLAN_RANGE_INFO)
>> 			continue;
>> -
>> 		vinfo = nla_data(attr);
>> -		if (!vinfo->vid || vinfo->vid >= VLAN_VID_MASK)
>> +
>> +		if (nla_type(attr) == IFLA_BRIDGE_VLAN_INFO)
>> +			vinfo->vid_end = vinfo->vid;
>> +
>> +		if (!vinfo->vid || vinfo->vid >= VLAN_VID_MASK ||
>> +		    vinfo->vid_end >= VLAN_VID_MASK ||
>> +		    vinfo->vid > vinfo->vid_end)
>> 			return -EINVAL;
>>
>> 		switch (cmd) {
>> 		case RTM_SETLINK:
>> -			if (p) {
>> -				err = nbp_vlan_add(p, vinfo->vid, vinfo->flags);
>> +			for (vid = vinfo->vid; vid <= vinfo->vid_end; vid++) {
>> +				err = br_afspec_vlan_add(br, p, vid,
>> +							 vinfo->flags);
> vinfo->flags could have BRIDGE_VLAN_INFO_PVID set. It is really a port property and there could only be a single PVID for a port. The loop will make the port pvid set, in turn, to each vid in the range until it finally set to vid_end.
> This could be avoided by turning off this flag for all but the last vid in range:
>
> 				err = br_afspec_vlan_addr(br, p, vid,
>                                                      ((vid == vinfo->vid_end)
>                                                       ? vinfo->flags
>                                                       : vinfo->flags & ~BRIDGE_VLAN_INFO_PVID));
> Another alternative could be to add explicit pvid field to bridge_vlan_range_info and disallow PVID flag.
> This allows for setting the port pvid to any vid in the range.
>
> If both alternatives seem somewhat complex we could just disallow PVID flag in IFLA_BRIDGE_VLAN_RANGE_INFO and allow it only in IFLA_BRIDGE_VLAN_INFO.

I believe it is a user error to set PVID flag on a range of vlans using 
IFLA_BRIDGE_VLAN_RANGE_INFO
or for that matter using multiple IFLA_BRIDGE_VLAN_INFO with pvid flag 
set. Today, the last one probably sticks.
I will check current behavior and mimic that or return EINVAL when 
multiple attributes come in with the PVID flag.



>
>   
>> 				if (err)
>> 					break;
>> -
>> -				if (vinfo->flags & BRIDGE_VLAN_INFO_MASTER)
>> -					err = br_vlan_add(p->br, vinfo->vid,
>> -							  vinfo->flags);
>> -			} else
>> -				err = br_vlan_add(br, vinfo->vid, vinfo->flags);
>> -
>> +			}
>> 			break;
>> -
>> 		case RTM_DELLINK:
>> -			if (p) {
>> -				nbp_vlan_delete(p, vinfo->vid);
>> -				if (vinfo->flags & BRIDGE_VLAN_INFO_MASTER)
>> -					br_vlan_delete(p->br, vinfo->vid);
>> -			} else
>> -				br_vlan_delete(br, vinfo->vid);
>> +			for (vid = vinfo->vid; vid <= vinfo->vid_end; vid++)
>> +				br_afspec_vlan_del(br, p, vid, vinfo->flags);
>> 			break;
>> 		}
>> 	}
>> --
>> 1.7.10.4
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> the body of a message to majordomo@...r.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists