lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEyr1FS-8uBEMBS+7U4K8wBLJgPZD0Lxa4FyzuvYZ0RGhTH8fA@mail.gmail.com>
Date:   Mon, 22 Jul 2019 18:57:52 +0200
From:   Anand Raj Manickam <anandrm@...il.com>
To:     f.fainelli@...il.com, netdev@...r.kernel.org, andrew@...n.ch
Subject: b53 DSA : vlan tagging broken ?

Hi ,
I had working DSA with 4.9.184 kernel, with BCM53125, rev 4 hardware .
It had 2 bridges with
br0            8000.00       no              lan1
                                                        lan2
                                                        lan3
                                                        eth0.101

br1            8000.01     no             eth0.102
                                                    wan
# bridge vlan
port    vlan ids
wan      102 PVID Egress Untagged
wan      102 PVID Egress Untagged
lan3     101 PVID Egress Untagged
lan3     101 PVID Egress Untagged
lan2     101 PVID Egress Untagged
lan2     101 PVID Egress Untagged
lan1     101 PVID Egress Untagged
lan1     101 PVID Egress Untagged
eth0.102  102 PVID
eth0.102
br1     1 PVID Egress Untagged
eth0.101  101 PVID
eth0.101
br0     1 PVID Egress Untagged

I upgrade the kernel to 5.2 . The behavior is broken. I had to rip the
config and check what was broken from the init scripts.
the bridge vlan commands failed to add , as the newer kernel requires
the vlan interfaces to be up .
https://lkml.org/lkml/2018/5/22/887  - i had the same behaviour as this thread .
I re added them manually  , so the we have the same bridge to vlan
mapping as the previous kernel .
but the ingress packets for WAN where going to LAN(bridge) and the
egress packets where on WAN(bridge)  but the packets never leaves the
interface .

I test this with a simple config :
 ip link add link eth0 name eth0.101 type vlan id 101
 ip link add link eth0 name eth0.102 type vlan id 102
 ip link set eth0.101 up
 ip link set eth0.102 up
 ip link add br0 type bridge
  ip link add br1 type bridge
  ip link set lan1 master br1
  ip link set lan2 master br1
  ip link set lan3 master br1
  ip link set wan master br0
  bridge vlan add vid 101 dev lan1 pvid untagged
  bridge vlan add vid 101 dev lan2 pvid untagged
  bridge vlan add vid 101 dev lan3 pvid untagged
  bridge vlan add vid 102 dev wan pvid untagged
  bridge vlan del vid 1 dev wan
  bridge vlan del vid 1 dev lan1
  bridge vlan del vid 1 dev lan2
  bridge vlan del vid 1 dev lan3
  ip link set eth0.101 master br1
  ip link set eth0.102 master br0
  bridge vlan del vid 1 dev eth0.102
 bridge vlan del vid 1 dev eth0.101
  bridge vlan add vid 102 dev eth0.102 pvid
  bridge vlan add vid 101 dev eth0.101 pvid
  ifconfig br0 up
  ifconfig br1 up
  ifconfig wan up
  ifconfig lan1 up
  ifconfig lan2 up
  ifconfig lan3 up

I donot see any packets with a tag on eth0
~# bridge vlan
port    vlan ids
wan      102 PVID Egress Untagged
lan3     101 PVID Egress Untagged
lan2     101 PVID Egress Untagged
lan1     101 PVID Egress Untagged
eth0.101         101 PVID
eth0.102         102 PVID
br0      1 PVID Egress Untagged
br1      1 PVID Egress Untagged

These are the loaded modules:
# lsmod
Module                  Size  Used by
b53_mdio               16384  0
b53_mmap               16384  0
b53_common             28672  2 b53_mdio,b53_mmap
tag_8021q              16384  0
dsa_core               32768  9 b53_mdio,b53_common,b53_mmap,tag_8021q
phylink                20480  2 b53_common,dsa_core

if i re config
#bridge vlan add vid 102 dev wan pvid untagged
#bridge vlan add vid 102 dev eth0.102 pvid
Then i see the tags for ingress packets . but no packets are
transmitted out on the wire , but the stats in ifconfig show as
transmitted .
# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.17.33.137  netmask 255.255.255.0  broadcast 10.17.33.255
        inet6 fe80::3ef8:4aff:fe9c:5a04  prefixlen 64  scopeid 0x20<link>
        ether 3c:f8:4a:9c:5a:04  txqueuelen 1000  (Ethernet)
        RX packets 616  bytes 32351 (31.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 679  bytes 30286 (29.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

#ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::d6:5ff:fec2:93af  prefixlen 64  scopeid 0x20<link>
        ether 02:d6:05:c2:93:af  txqueuelen 1000  (Ethernet)
        RX packets 58017  bytes 4004093 (3.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4322  bytes 301365 (294.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 56

Can some shed some light on this config .
-Anand

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ