lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191231161020.stzil224ziyduepd@pali>
Date:   Tue, 31 Dec 2019 17:10:20 +0100
From:   Pali Rohár <pali.rohar@...il.com>
To:     Russell King - ARM Linux admin <linux@...linux.org.uk>
Cc:     netdev@...r.kernel.org, Jiri Pirko <jiri@...nulli.us>,
        Ivan Vecera <ivecera@...hat.com>, Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...il.com>
Subject: Re: [RFC 0/3] VLANs, DSA switches and multiple bridges

On Sunday 22 December 2019 19:22:35 Russell King - ARM Linux admin wrote:
> Hi,
> 
> I've been trying to configure DSA for VLANs and not having much success.
> The setup is quite simple:
> 
> - The main network is untagged
> - The wifi network is a vlan tagged with id $VN running over the main
>   network.
> 
> I have an Armada 388 Clearfog with a PCIe wifi card which I'm trying to
> setup to provide wifi access to the vlan $VN network, while the switch
> is also part of the main network.

Hello, I do not know if it is related, but I have a problem with DSa,
VLAN and mv88e6085 on Espressobin board (armada-3720).

My setup/topology is similar:

eth0 --> main interface for mv88e6085 switch
wan --> first RJ45 port from eth0
lan0 --> second RJ45 port from eth0
wan.10 --> unpacked VLAN with id 10 packets from wan

Just one note, wan and wan.10 uses different MAC addresses. Also lan0
has another MAC address.

Basically on upstream wan are two different/separated networks. First
one is untagged, second one is tagged with vlan id 10 and tagged packets
should come on wan interface (linux kernel then pass untagged packets to
wan and vlan id 10 tagged as "untagged" to wan.10). lan0 is downstream
network and in this configuration Espressobin works as router. So there
is no switching between RJ45 ports, all packets should come to CPU and
Linux's iptables do all stuff.

And now the problem. All (untagged) traffic for first network on wan
works fine (incoming + outgoing). Also all outgoing packets from wan.10
interface are correctly transmitted (other side see on first RJ45 port
that packets are properly tagged by id 10). But for unknown reason all
incoming packets with vlan id 10 on first RJ45 port are dropped. Even
tcpdump on eth0 does not see them.

Could be this problem related to one which Russel described? I tried to
debug this problem but I give up 2 days before Russel send this email
with patches, so I have not had a chance to test it.

One very strange behavior is that sometimes mv88e6085 starts accepting
those vlan id 10 packets and kernel them properly send to wan.10
interface and userspacee applications see them. And once they start
appearing it works for 5 minutes, exactly 300s. After 300s they are
again silently somehow dropped (tcpdump again does not see them). I was
not able to detect anything which could cause that kernel started seeing
them. Looks for me it was really random. But exact time 300s is really
strange.

I used default Debian Buster kernel (without any custom patches). Also
one from Debian Buster backports, but behavior was still same.

-- 
Pali Rohár
pali.rohar@...il.com

Download attachment "signature.asc" of type "application/pgp-signature" (196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ