lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 16 Jan 2019 12:00:48 -0800
From:   Florian Fainelli <f.fainelli@...il.com>
To:     netdev@...r.kernel.org
Cc:     Florian Fainelli <f.fainelli@...il.com>, andrew@...n.ch,
        vivien.didelot@...il.com, davem@...emloft.net, idosch@...lanox.com,
        jiri@...lanox.com, ilias.apalodimas@...aro.org,
        ivan.khoronzhuk@...aro.org, roopa@...ulusnetworks.com,
        nikolay@...ulusnetworks.com
Subject: [PATCH net-next 00/14] net: dsa: management mode for bcm_sf2

Hi all,

This patch series does a number of things in order to enable
management mode for bcm_sf2 (which could be easily extended to b53 with
proper testing later on). In order to get there, there were several use
cases that did not work correctly and that needed to be fixed:

- VLAN devices on top of switch ports not being member of a bridge, with
  other switch ports being bridged, with the bridge having VLAN
  filtering enabled.

- lack of multicast filtering by default on network ports which should
  be happening in order for the non-bridged DSA ports to behave strictly
  as Ethernet NICs with proper filering. This is accomplished by hooking
  a ndo_set_rx_mode() function to the DSA slave network devices

- when VLAN filtering is globally enabled on the switch (because at
  least a bridge device requires it), then we also need to make sure
  that when doing multicast over VLAN devices over a switch port
  (bridged or not) happens with the correct MDB address *and* VID

Hopefully the changes to net/8021q and net/bridge are deemed acceptable.

The Broadcom switches have a switch-wide VLAN filtering attribute,
which is why we must always make sure there is a valid VLAN entry even
for switch ports which are not part of a bridge device, yet there is at
least one bridge device spanning the switch.

Multicast flooding can be done on a per-port basis, including for the
CPU/management port, however, once multicast reception is enabled on the
CPU port, it bypasses the ARL (Address Resolution Logic), so we receive
*all* multicast, even from ports do not have their flooding bit set,
which is unfortunate. This is the reason why we must continue adding
enough HOST_MDB notifications to let the CPU port continue to filter
multicast traffic.

Here are some of the uses cases that were tested after this patch series
(all commands are running on the device being tested) and
iperf/ping/etc. should be working for/after all steps:

echo "file drivers/net/dsa/b53/b53_common.c +p" > /sys/kernel/debug/dynamic_debug/control
echo 8 7 4 1 > /proc/sys/kernel/printk
killall udhcpc
ip addr flush dev gphy
ip link add dev br0 type bridge
echo 1 > /sys/class/net/br0/bridge/vlan_filtering
ip link set dev gphy master br0
udhcpc -i br0
ip ro add 226.94.1.1/32 dev br0
iperf -s -B 226.94.1.1 -u &
vconfig add rgmii_1 100
ifconfig rgmii_1.100 192.168.100.10
ping -c 5 192.168.100.1
ip ro add 226.95.1.2/32 dev rgmii_1.100
iperf -s -B 226.95.1.2 -u &
vconfig add br0 42
bridge vlan add vid 42 dev gphy
bridge vlan add vid 42 dev br0 self
ifconfig br0.42 192.168.42.2
ip ro add 226.96.1.3/32 dev br0.42

Florian Fainelli (14):
  net: bridge: multicast: Propagate br_mc_disabled_update() return
  net: dsa: b53: Fix default VLAN ID
  net: dsa: b53: Properly account for VLAN filtering
  net: systemport: Fix reception of BPDUs
  net: dsa: b53: Define registers for IGMP snooping
  net: dsa: b53: Add support for MDB
  net: dsa: Add ability to program multicast filter for CPU port
  net: dsa: Add ndo_vlan_rx_{add,kill}_vid implementation
  net: bridge: Propagate MC addresses with VID through switchdev
  net: vlan: Propagate MC addresses with VID through switchdev
  net: dsa: Make VLAN filtering use DSA notifiers
  net: dsa: Wire up multicast IGMP snooping attribute notification
  net: dsa: b53: Add support for toggling IGMP snooping
  net: dsa: bcm_sf2: Enable management mode

 drivers/net/dsa/b53/b53_common.c           | 219 ++++++++++++++++++---
 drivers/net/dsa/b53/b53_priv.h             |  14 +-
 drivers/net/dsa/b53/b53_regs.h             |  22 +++
 drivers/net/dsa/bcm_sf2.c                  |  56 ++++--
 drivers/net/dsa/bcm_sf2_regs.h             |   5 +
 drivers/net/ethernet/broadcom/bcmsysport.c |   4 +
 include/net/dsa.h                          |   2 +
 net/8021q/vlan_dev.c                       |  40 ++++
 net/bridge/br_device.c                     |  55 ++++++
 net/bridge/br_multicast.c                  |  19 +-
 net/dsa/dsa_priv.h                         |  22 ++-
 net/dsa/port.c                             |  42 ++--
 net/dsa/slave.c                            | 107 +++++++++-
 net/dsa/switch.c                           |  57 ++++++
 14 files changed, 607 insertions(+), 57 deletions(-)

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ