lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 25 Jun 2019 23:49:29 +0300
From:   Vladimir Oltean <olteanv@...il.com>
To:     netdev <netdev@...r.kernel.org>, Andrew Lunn <andrew@...n.ch>,
        Florian Fainelli <f.fainelli@...il.com>,
        Vivien Didelot <vivien.didelot@...il.com>,
        stephen@...workplumber.org
Subject: What to do when a bridge port gets its pvid deleted?

Hi,

A number of DSA drivers (BCM53XX, Microchip KSZ94XX, Mediatek MT7530
at the very least), as well as Mellanox Spectrum (I didn't look at all
the pure switchdev drivers) try to restore the pvid to a default value
on .port_vlan_del.
Sure, the port stops receiving traffic when its pvid is a VLAN ID that
is not installed in its hw filter, but as far as the bridge core is
concerned, this is to be expected:

# bridge vlan add dev swp2 vid 100 pvid untagged
# bridge vlan
port    vlan ids
swp5     1 PVID Egress Untagged

swp2     1 Egress Untagged
         100 PVID Egress Untagged

swp3     1 PVID Egress Untagged

swp4     1 PVID Egress Untagged

br0      1 PVID Egress Untagged
# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.682 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.299 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.251 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.324 ms
64 bytes from 10.0.0.1: icmp_seq=5 ttl=64 time=0.257 ms
^C
--- 10.0.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4188ms
rtt min/avg/max/mdev = 0.251/0.362/0.682/0.163 ms
# bridge vlan del dev swp2 vid 100
# bridge vlan
port    vlan ids
swp5     1 PVID Egress Untagged

swp2     1 Egress Untagged

swp3     1 PVID Egress Untagged

swp4     1 PVID Egress Untagged

br0      1 PVID Egress Untagged

# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
^C
--- 10.0.0.1 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7267ms

What is the consensus here? Is there a reason why the bridge driver
doesn't take care of this? Do switchdev drivers have to restore the
pvid to always be operational, even if their state becomes
inconsistent with the upper dev? Is it just 'nice to have'? What if
VID 1 isn't in the hw filter either (perfectly legal)?

Thanks!
-Vladimir

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ