lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9efc5407-84b5-6143-0e80-b8aa70a4aacf@gmail.com>
Date:   Fri, 31 May 2019 12:33:47 -0700
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Vivien Didelot <vivien.didelot@...il.com>
Cc:     Nikita Yushchenko <nikita.yoush@...entembedded.com>,
        Andrew Lunn <andrew@...n.ch>,
        "David S. Miller" <davem@...emloft.net>,
        Heiner Kallweit <hkallweit1@...il.com>,
        Marek BehĂșn <marek.behun@....cz>,
        Russell King <rmk+kernel@...linux.org.uk>,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        Chris Healy <cphealy@...il.com>
Subject: Re: [PATCH] net: dsa: mv88e6xxx: avoid error message on remove from
 VLAN 0

On 5/31/19 11:19 AM, Vivien Didelot wrote:
> Hi Florian,
> 
> On Fri, 31 May 2019 09:36:13 -0700, Florian Fainelli <f.fainelli@...il.com> wrote:
>>> But VID 0 has a special meaning for the kernel, it means the port's private
>>> database (when it is isolated, non-bridged), it is not meant to be programmed
>>> in the switch. That's why I would've put that knowledge into the DSA layer,
>>> which job is to translate the kernel operations to the (dumb) DSA drivers.
>>>
>>> I hope I'm seeing things correctly here.
>>
>> Your first part about the fact that it's the port private database is
>> true, the fact that it is not programmed into the HW actually depends on
>> what the switch is capable of doing. With mv88e6xxx you have per-port
>> VLAN filtering controls, but other switches that do not have that
>> capability need to program VID == 0 into the HW to continue maintaining
>> VLAN filtering on a non bridged port while a bridge has enslaved other
>> ports of the switch.
> 
> Are you saying that switches without per-port VLAN filtering controls
> will program VID 0, and thus put all non bridged ports into the same VLAN,
> allowing them to talk to each other?

Because VLAN filtering is global to the switch, non-bridged ports must
have a default VLAN programmed, otherwise any untagged frame would
result in a VID volation. That default VLAN (0 for non-bridged) cannot
be the same as the bridge's default_pvid (typically 1) otherwise other
things like multicast would break (it gets checked differently than UC
traffic).

There is an additional bitmask that controls whether ports can talk to
each other (at least with B53 switches).
-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ