lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aee63928-a99e-3849-c8b4-dee9b660247c@gmail.com>
Date:   Fri, 23 Aug 2019 02:51:22 +0300
From:   Vladimir Oltean <olteanv@...il.com>
To:     Vivien Didelot <vivien.didelot@...il.com>, netdev@...r.kernel.org
Cc:     davem@...emloft.net, f.fainelli@...il.com, andrew@...n.ch
Subject: Re: [PATCH net-next 6/6] net: dsa: clear VLAN flags for CPU port

On 8/22/19 11:13 PM, Vivien Didelot wrote:
> When the bridge offloads a VLAN on a slave port, we also need to
> program its dedicated CPU port as a member of the VLAN.
> 
> Drivers may handle the CPU port's membership as they want. For example,
> Marvell as a special "Unmodified" mode to pass frames as is through
> such ports.
> 
> Even though DSA expects the drivers to handle the CPU port membership,
> they are unlikely to program such VLANs untagged, and certainly not as
> PVID. This patch clears the VLAN flags before programming the CPU port.
> 
> Signed-off-by: Vivien Didelot <vivien.didelot@...il.com>
> Suggested-by: Vladimir Oltean <olteanv@...il.com>
> ---
>   net/dsa/slave.c | 6 ++++++
>   1 file changed, 6 insertions(+)
> 
> diff --git a/net/dsa/slave.c b/net/dsa/slave.c
> index 8267c156a51a..48df48f76c67 100644
> --- a/net/dsa/slave.c
> +++ b/net/dsa/slave.c
> @@ -332,6 +332,12 @@ static int dsa_slave_vlan_add(struct net_device *dev,
>   	if (err)
>   		return err;
>   
> +	/* We need the dedicated CPU port to be a member of the VLAN as well.
> +	 * Even though drivers often handle CPU membership in special ways,
> +	 * CPU ports are likely to be tagged, so clear the VLAN flags.
> +	 */
> +	vlan.flags = 0;
> +

How does this work exactly?
If I run 'sudo bridge vlan add vid 1 dev swp4 pvid untagged', then the 
CPU port starts sending VLAN-tagged traffic. I see this in tcpdump on 
the DSA master port, but if I tcpdump on swp4, the VLAN tag is removed. 
Who is doing that?

>   	err = dsa_port_vlan_add(dp->cpu_dp, &vlan, trans);
>   	if (err)
>   		return err;
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ