lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+h21hrpXbzAhT26JJt56MtxT4XfwWxWFs8KTw4kmM=OB+11uA@mail.gmail.com>
Date:   Wed, 26 Jun 2019 00:05:52 +0300
From:   Vladimir Oltean <olteanv@...il.com>
To:     netdev <netdev@...r.kernel.org>, Andrew Lunn <andrew@...n.ch>,
        Florian Fainelli <f.fainelli@...il.com>,
        Vivien Didelot <vivien.didelot@...il.com>,
        stephen@...workplumber.org
Subject: Re: What to do when a bridge port gets its pvid deleted?

On Tue, 25 Jun 2019 at 23:49, Vladimir Oltean <olteanv@...il.com> wrote:
>
> Hi,
>
> A number of DSA drivers (BCM53XX, Microchip KSZ94XX, Mediatek MT7530
> at the very least), as well as Mellanox Spectrum (I didn't look at all
> the pure switchdev drivers) try to restore the pvid to a default value
> on .port_vlan_del.
> Sure, the port stops receiving traffic when its pvid is a VLAN ID that
> is not installed in its hw filter, but as far as the bridge core is
> concerned, this is to be expected:
>
> # bridge vlan add dev swp2 vid 100 pvid untagged
> # bridge vlan
> port    vlan ids
> swp5     1 PVID Egress Untagged
>
> swp2     1 Egress Untagged
>          100 PVID Egress Untagged
>
> swp3     1 PVID Egress Untagged
>
> swp4     1 PVID Egress Untagged
>
> br0      1 PVID Egress Untagged
> # ping 10.0.0.1
> PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
> 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.682 ms
> 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.299 ms
> 64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.251 ms
> 64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.324 ms
> 64 bytes from 10.0.0.1: icmp_seq=5 ttl=64 time=0.257 ms
> ^C
> --- 10.0.0.1 ping statistics ---
> 5 packets transmitted, 5 received, 0% packet loss, time 4188ms
> rtt min/avg/max/mdev = 0.251/0.362/0.682/0.163 ms
> # bridge vlan del dev swp2 vid 100
> # bridge vlan
> port    vlan ids
> swp5     1 PVID Egress Untagged
>
> swp2     1 Egress Untagged
>
> swp3     1 PVID Egress Untagged
>
> swp4     1 PVID Egress Untagged
>
> br0      1 PVID Egress Untagged
>
> # ping 10.0.0.1
> PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
> ^C
> --- 10.0.0.1 ping statistics ---
> 8 packets transmitted, 0 received, 100% packet loss, time 7267ms
>
> What is the consensus here? Is there a reason why the bridge driver
> doesn't take care of this? Do switchdev drivers have to restore the
> pvid to always be operational, even if their state becomes
> inconsistent with the upper dev? Is it just 'nice to have'? What if
> VID 1 isn't in the hw filter either (perfectly legal)?
>
> Thanks!
> -Vladimir

Or rather, let me put it differently.
I am not only asking to figure out whether I should put this extra
logic or not in a switchdev driver - I can understand the "you don't
want it, don't put it" concept.
But let's say that for various reasons, MSTP is not supported in the
Linux kernel and I'm trying to create an ad-hoc MSTP setup where I
break the loop manually in the pvid. Is there any good reason why a
switchdev driver would oppose fierce resistance to me trying to do
that? Again, this is perfectly valid - the switch will no longer
receive untagged traffic but it will continue to forward frames in
other VLANs.

-Vladimir

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ