| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Oct 2019 13:33:29 +0200 From: Jiri Wiesner <jwiesner@...e.com> To: netdev@...r.kernel.org Cc: Mahesh Bandewar <maheshb@...gle.com> Subject: ipvlan forces promisc mode on vmxnet3 master There is a problem when ipvlan slaves are created on a master device that is a vmxnet3 device (ipvlan in VMware guests). The vmxnet3 driver does not support unicast address filtering. When ipvlan_open() brings up an ipvlan device, the ipvlan driver calls dev_uc_add() to add the hardware address of the vmxnet3 master device to the unicast address list, phy_dev->uc. This inevitably leads to the master device being forced into promiscuous mode by __dev_set_rx_mode(). I have, so far, failed to find any purpose in calling dev_uc_add() from ipvlan_open(). Promiscuous mode is switched on the master despite the fact that there is still only one hardware address that the master device should use for filtering. The comment above struct net_device describes the uc_promisc member as a "counter, that indicates, that promiscuous mode has been enabled due to the need to listen to additional unicast addresses in a device that does not implement ndo_set_rx_mode()". Moreover, the design of ipvlan guarantees that only the hardware address of a master device, phy_dev->dev_addr, will be used to transmit and receive all packets from its slaves. So, my question is: Could removing the calls to dev_uc_add() and dev_uc_del() from ipvlan_open() and ipvlan_stop(), respectively, be a viable solution for cases when the ipvlan driver is used with a master device that does not support unicast filtering? Kind Regards, Jiri
Powered by blists - more mailing lists