lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 23 Jul 2019 16:26:14 +0200
From:   Anand Raj Manickam <anandrm@...il.com>
To:     f.fainelli@...il.com, netdev@...r.kernel.org, andrew@...n.ch
Subject: Re: b53 DSA : vlan tagging broken ?

The issue is resolved by enabling vlan_filtering for the bridge and
fix the phy-mode to "rgmii" from "rgmii-txid" in the dts file.


On Mon, Jul 22, 2019 at 6:57 PM Anand Raj Manickam <anandrm@...il.com> wrote:
>
> Hi ,
> I had working DSA with 4.9.184 kernel, with BCM53125, rev 4 hardware .
> It had 2 bridges with
> br0            8000.00       no              lan1
>                                                         lan2
>                                                         lan3
>                                                         eth0.101
>
> br1            8000.01     no             eth0.102
>                                                     wan
> # bridge vlan
> port    vlan ids
> wan      102 PVID Egress Untagged
> wan      102 PVID Egress Untagged
> lan3     101 PVID Egress Untagged
> lan3     101 PVID Egress Untagged
> lan2     101 PVID Egress Untagged
> lan2     101 PVID Egress Untagged
> lan1     101 PVID Egress Untagged
> lan1     101 PVID Egress Untagged
> eth0.102  102 PVID
> eth0.102
> br1     1 PVID Egress Untagged
> eth0.101  101 PVID
> eth0.101
> br0     1 PVID Egress Untagged
>
> I upgrade the kernel to 5.2 . The behavior is broken. I had to rip the
> config and check what was broken from the init scripts.
> the bridge vlan commands failed to add , as the newer kernel requires
> the vlan interfaces to be up .
> https://lkml.org/lkml/2018/5/22/887  - i had the same behaviour as this thread .
> I re added them manually  , so the we have the same bridge to vlan
> mapping as the previous kernel .
> but the ingress packets for WAN where going to LAN(bridge) and the
> egress packets where on WAN(bridge)  but the packets never leaves the
> interface .
>
> I test this with a simple config :
>  ip link add link eth0 name eth0.101 type vlan id 101
>  ip link add link eth0 name eth0.102 type vlan id 102
>  ip link set eth0.101 up
>  ip link set eth0.102 up
>  ip link add br0 type bridge
>   ip link add br1 type bridge
>   ip link set lan1 master br1
>   ip link set lan2 master br1
>   ip link set lan3 master br1
>   ip link set wan master br0
>   bridge vlan add vid 101 dev lan1 pvid untagged
>   bridge vlan add vid 101 dev lan2 pvid untagged
>   bridge vlan add vid 101 dev lan3 pvid untagged
>   bridge vlan add vid 102 dev wan pvid untagged
>   bridge vlan del vid 1 dev wan
>   bridge vlan del vid 1 dev lan1
>   bridge vlan del vid 1 dev lan2
>   bridge vlan del vid 1 dev lan3
>   ip link set eth0.101 master br1
>   ip link set eth0.102 master br0
>   bridge vlan del vid 1 dev eth0.102
>  bridge vlan del vid 1 dev eth0.101
>   bridge vlan add vid 102 dev eth0.102 pvid
>   bridge vlan add vid 101 dev eth0.101 pvid
>   ifconfig br0 up
>   ifconfig br1 up
>   ifconfig wan up
>   ifconfig lan1 up
>   ifconfig lan2 up
>   ifconfig lan3 up
>
> I donot see any packets with a tag on eth0
> ~# bridge vlan
> port    vlan ids
> wan      102 PVID Egress Untagged
> lan3     101 PVID Egress Untagged
> lan2     101 PVID Egress Untagged
> lan1     101 PVID Egress Untagged
> eth0.101         101 PVID
> eth0.102         102 PVID
> br0      1 PVID Egress Untagged
> br1      1 PVID Egress Untagged
>
> These are the loaded modules:
> # lsmod
> Module                  Size  Used by
> b53_mdio               16384  0
> b53_mmap               16384  0
> b53_common             28672  2 b53_mdio,b53_mmap
> tag_8021q              16384  0
> dsa_core               32768  9 b53_mdio,b53_common,b53_mmap,tag_8021q
> phylink                20480  2 b53_common,dsa_core
>
> if i re config
> #bridge vlan add vid 102 dev wan pvid untagged
> #bridge vlan add vid 102 dev eth0.102 pvid
> Then i see the tags for ingress packets . but no packets are
> transmitted out on the wire , but the stats in ifconfig show as
> transmitted .
> # ifconfig br0
> br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>         inet 10.17.33.137  netmask 255.255.255.0  broadcast 10.17.33.255
>         inet6 fe80::3ef8:4aff:fe9c:5a04  prefixlen 64  scopeid 0x20<link>
>         ether 3c:f8:4a:9c:5a:04  txqueuelen 1000  (Ethernet)
>         RX packets 616  bytes 32351 (31.5 KiB)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 679  bytes 30286 (29.5 KiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> #ifconfig eth0
> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>         inet6 fe80::d6:5ff:fec2:93af  prefixlen 64  scopeid 0x20<link>
>         ether 02:d6:05:c2:93:af  txqueuelen 1000  (Ethernet)
>         RX packets 58017  bytes 4004093 (3.8 MiB)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 4322  bytes 301365 (294.3 KiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>         device interrupt 56
>
> Can some shed some light on this config .
> -Anand

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ