| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jan 2019 16:55:36 -0800
From: Florian Fainelli <f.fainelli@...il.com>
To: netdev@...r.kernel.org
Cc: Florian Fainelli <f.fainelli@...il.com>, andrew@...n.ch,
vivien.didelot@...il.com, davem@...emloft.net, idosch@...lanox.com,
jiri@...lanox.com, ilias.apalodimas@...aro.org,
ivan.khoronzhuk@...aro.org, roopa@...ulusnetworks.com,
nikolay@...ulusnetworks.com
Subject: [PATCH net-next v2 00/12] net: dsa: management mode for bcm_sf2
Hi all,
This patch series does a number of things in order to enable management
mode for bcm_sf2 (which could be easily extended to b53 with proper
testing later on). In order to get there, there were several use cases
that did not work correctly and that needed to be fixed:
- VLAN devices on top of switch ports not being member of a bridge, with
other switch ports being bridged, with the bridge having VLAN
filtering enabled.
- lack of multicast filtering by default on network ports which should
be happening in order for the non-bridged DSA ports to behave strictly
as Ethernet NICs with proper filering. This is accomplished by hooking
a ndo_set_rx_mode() function to the DSA slave network devices
- when VLAN filtering is globally enabled on the switch (because at
least a bridge device requires it), then we also need to make sure
that when doing multicast over VLAN devices over a switch port
(bridged or not) happens with the correct MDB address *and* VID
Hopefully the changes to net/8021q and net/bridge are deemed acceptable.
The Broadcom switches have a switch-wide VLAN filtering attribute,
which is why we must always make sure there is a valid VLAN entry even
for switch ports which are not part of a bridge device, yet there is at
least one bridge device spanning the switch.
Multicast flooding can be done on a per-port basis, including for the
CPU/management port, however, once multicast reception is enabled on the
CPU port, it bypasses the ARL (Address Resolution Logic), so we receive
*all* multicast, even from ports do not have their flooding bit set,
which is unfortunate. This is the reason why we must continue adding
enough HOST_MDB notifications to let the CPU port continue to filter
multicast traffic.
Changes in v2:
- correctly propagate return from br_mc_disabled_update() called from
br_multicast_toggle
- dropped changes to VLAN and bridge code that was pushing multicast
entries with VID and instead refuse disabling multicast snooping in
b53 when there is another standalone port, or that there are other
bridged ports with multicast snooping enabled
Florian Fainelli (12):
net: bridge: multicast: Propagate br_mc_disabled_update() return
net: dsa: b53: Fix default VLAN ID
net: dsa: b53: Properly account for VLAN filtering
net: systemport: Fix reception of BPDUs
net: dsa: b53: Define registers for IGMP snooping
net: dsa: b53: Add support for MDB
net: dsa: Add ability to program multicast filter for CPU port
net: dsa: Add ndo_vlan_rx_{add,kill}_vid implementation
net: dsa: Make VLAN filtering use DSA notifiers
net: dsa: Wire up multicast IGMP snooping attribute notification
net: dsa: b53: Add support for toggling IGMP snooping
net: dsa: bcm_sf2: Enable management mode
drivers/net/dsa/b53/b53_common.c | 257 +++++++++++++++++++--
drivers/net/dsa/b53/b53_priv.h | 14 +-
drivers/net/dsa/b53/b53_regs.h | 22 ++
drivers/net/dsa/bcm_sf2.c | 56 +++--
drivers/net/dsa/bcm_sf2_regs.h | 5 +
drivers/net/ethernet/broadcom/bcmsysport.c | 4 +
include/net/dsa.h | 2 +
net/bridge/br_multicast.c | 23 +-
net/dsa/dsa_priv.h | 22 +-
net/dsa/port.c | 42 +++-
net/dsa/slave.c | 107 ++++++++-
net/dsa/switch.c | 57 +++++
12 files changed, 552 insertions(+), 59 deletions(-)
--
2.17.1
Powered by blists - more mailing lists