lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 24 May 2016 18:09:59 +0300
From:	Ido Schimmel <idosch@...lanox.com>
To:	Vivien Didelot <vivien.didelot@...oirfairelinux.com>
CC:	Florian Fainelli <f.fainelli@...il.com>, <netdev@...r.kernel.org>,
	<davem@...emloft.net>, <andrew@...n.ch>
Subject: Re: [PATCH net 3/3] Documentation: networking: dsa: Describe
 port_vlan_filtering

Hi Vivien, Florian,

Tue, May 24, 2016 at 05:32:33PM IDT, vivien.didelot@...oirfairelinux.com wrote:
>Hi Florian,
>
>Florian Fainelli <f.fainelli@...il.com> writes:
>
>> Described what the port_vlan_filtering function is supposed to
>> accomplish.
>>
>> Fixes: fb2dabad69f0 ("net: dsa: support VLAN filtering switchdev attr")
>> Signed-off-by: Florian Fainelli <f.fainelli@...il.com>
>> ---
>>  Documentation/networking/dsa/dsa.txt | 6 ++++++
>>  1 file changed, 6 insertions(+)
>>
>> diff --git a/Documentation/networking/dsa/dsa.txt b/Documentation/networking/dsa/dsa.txt
>> index 411b57fd73aa..a42fd2ec32a5 100644
>> --- a/Documentation/networking/dsa/dsa.txt
>> +++ b/Documentation/networking/dsa/dsa.txt
>> @@ -535,6 +535,12 @@ Bridge layer
>>  Bridge VLAN filtering
>>  ---------------------
>>  
>> +- port_vlan_filtering: bridge layer function invoked when the bridge gets
>> +  configured for turning on or off VLAN filtering. If nothing specific needs to
>> +  be done at the hardware level, 0 must be returned. When VLAN filtering is
>> +  turned on, the hardware must be programmed with rejecting non-802.1Q frames,
>> +  when turned off the switch must accept any 802.1Q frames.
>
>Note that port_vlan_filtering is optional so a driver don't need to
>implement it if nothing specific needs to be done at the hardware level.
>
>Also I'd think that with VLAN filtering on, the hardware must not reject
>untagged frames, only 802.1Q frames which don't respect the programmed
>VLAN rules.

With VLAN filtering on I believe you only need to reject untagged frames
when there's no PVID on the port. See __allowed_ingress() in
net/bridge/br_vlan.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ