lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 25 Mar 2019 19:41:48 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Vladimir Oltean <olteanv@...il.com>, davem@...emloft.net,
        netdev@...r.kernel.org
Cc:     andrew@...n.ch, vivien.didelot@...il.com, linus.walleij@...aro.org
Subject: Re: [RFC PATCH net-next 08/13] net: dsa: sja1105: Add support for
 VLAN operations



On 3/23/2019 8:23 PM, Vladimir Oltean wrote:
> VLAN filtering cannot be properly disabled in SJA1105. So in order to
> emulate the "no VLAN awareness" behavior (not dropping traffic that is
> tagged with a VID that isn't configured on the port), we need to hack
> another switch feature: programmable TPID (which is 0x8100 for 802.1Q).
> We are reprogramming the TPID to a bogus value (ETH_P_EDSA) which leaves
> the switch thinking that all traffic is untagged, and therefore accepts
> it.
> 
> Under a vlan_filtering bridge, the proper TPID of ETH_P_8021Q is
> installed again, and the switch starts identifying 802.1Q-tagged
> traffic.
> 
> Signed-off-by: Vladimir Oltean <olteanv@...il.com>
> ---

[snip]

> +	for (i = 0; i < SJA1105_NUM_PORTS; i++) {
> +		struct net_device *bridge_dev;
> +
> +		bridge_dev = dsa_to_port(ds, i)->bridge_dev;
> +		if (bridge_dev &&
> +		    bridge_dev != dsa_to_port(ds, port)->bridge_dev &&
> +		    br_vlan_enabled(bridge_dev) != enabled) {
> +			netdev_err(bridge_dev,
> +				   "VLAN filtering is global to the switch!\n");
> +			return -EINVAL;
> +		}

We might want to move this to the DSA core at some point, I had some
patches lying around for doing that but got side tracked with adding
management support for b53/bcm_sf2. Not a big problem for now.

Reviewed-by: Florian Fainelli <f.fainelli@...il.com>
-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ