lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2015 07:28:28 -0700 From: Scott Feldman <sfeldma@...il.com> To: Jiri Pirko <jiri@...nulli.us> Cc: roopa <roopa@...ulusnetworks.com>, Florian Fainelli <f.fainelli@...il.com>, Guenter Roeck <linux@...ck-us.net>, John Fastabend <john.fastabend@...il.com>, Andrew Lunn <andrew@...n.ch>, David Miller <davem@...emloft.net>, "Arad, Ronen" <ronen.arad@...el.com>, Netdev <netdev@...r.kernel.org> Subject: Re: [PATCH net-next RFC v2] switchdev: bridge: drop hardware forwarded packets On Thu, Mar 26, 2015 at 1:20 AM, Jiri Pirko <jiri@...nulli.us> wrote: > Thu, Mar 26, 2015 at 08:44:27AM CET, sfeldma@...il.com wrote: >>On Wed, Mar 25, 2015 at 10:01 AM, roopa <roopa@...ulusnetworks.com> wrote: >> >>[cut] >> >>So just to keep the discussion alive (because we really need to solve >>this problem), my current thinking is back to Roopa's RFC patch to >>mark the skb to avoid fwding in bridge driver. One idea (sorry if >>this was already suggested, thread is long) is to use >>swdev_parent_id_get op in the following way: >> >>1) when port interface is added to bridge, bridge calls >>swdev_parent_id_get() on port to get switch id. >>swdev_parent_id_get() needs to be modified to work on stacked drivers. >>For example, if a bond is the new bridge port, swdev_parent_id_get() >>on the bond interface should get switch_id for bond member. We stash >>the switch_id in the bridge port private structure for later >>comparison. > > Nope, that cannot work. You can bond 2 ports each belonging to a > different switch. Are you thinking about two switch ASICs in the same box, and bonding ports from each? Or are you thinking about bonding ports from different boxes, ala MLAG? In the first case the bond would report NULL switch_id if the member ports don't all have the same switch_id. If bond switch_id is NULL, the bridge driver would fwd pkts to bond and now bond would make same check as bridge: if dst port switch_id is same as skb switch_id, then drop pkt. In bridge, if bond switch_id is non-NULL and matches skb switch_id, then drop pkt. So it works as desired for this case. It requires the bonding/teaming driver to modify the default behavior for swdev_parent_id_get() to only return switch_id if all ports agree on switch_id. For second case using MLAG, I suspect bond member port switch_ids would likely be different, and so with same logic in bonding/bridge drivers as above in first case, the pkt would be fwded down. Is there another case to consider? I think converting swdev_parent_id_get() to use same algo we have for stp, allowing for any layer to override like in my bonding example, will have benefits down the road. What is the argument for not allowing stacked version of swdev_parent_id_get()? -scott -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists