| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2020 12:25:20 +0200
From: Vladimir Oltean <olteanv@...il.com>
To: Ido Schimmel <idosch@...sch.org>
Cc: Andrew Lunn <andrew@...n.ch>,
Florian Fainelli <f.fainelli@...il.com>,
Vivien Didelot <vivien.didelot@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <jakub.kicinski@...ronome.com>,
murali.policharla@...adcom.com,
Stephen Hemminger <stephen@...workplumber.org>,
Jiri Pirko <jiri@...nulli.us>,
Jakub Kicinski <kuba@...nel.org>,
Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH v2 net-next 10/10] net: bridge: implement
auto-normalization of MTU for hardware datapath
Hi Ido,
On Thu, 26 Mar 2020 at 12:17, Ido Schimmel <idosch@...sch.org> wrote:
>
> Hi Vladimir,
>
> On Wed, Mar 25, 2020 at 05:22:09PM +0200, Vladimir Oltean wrote:
> > From: Vladimir Oltean <vladimir.oltean@....com>
> >
> > In the initial attempt to add MTU configuration for DSA:
> >
> > https://patchwork.ozlabs.org/cover/1199868/
> >
> > Florian raised a concern about the bridge MTU normalization logic (when
> > you bridge an interface with MTU 9000 and one with MTU 1500). His
> > expectation was that the bridge would automatically change the MTU of
> > all its slave ports to the minimum MTU, if those slaves are part of the
> > same hardware bridge. However, it doesn't do that, and for good reason,
> > I think. What br_mtu_auto_adjust() does is it adjusts the MTU of the
> > bridge net device itself, and not that of any slave port. If it were to
> > modify the MTU of the slave ports, the effect would be that the user
> > wouldn't be able to increase the MTU of any bridge slave port as long as
> > it was part of the bridge, which would be a bit annoying to say the
> > least.
> >
> > The idea behind this behavior is that normal termination from Linux over
> > the L2 forwarding domain described by DSA should happen over the bridge
> > net device, which _is_ properly limited by the minimum MTU. And
> > termination over individual slave device is possible even if those are
> > bridged. But that is not "forwarding", so there's no reason to do
> > normalization there, since only a single interface sees that packet.
> >
> > The real problem is with the offloaded data path, where of course, the
> > bridge net device MTU is ignored. So a packet received on an interface
> > with MTU 9000 would still be forwarded to an interface with MTU 1500.
> > And that is exactly what this patch is trying to prevent from happening.
>
> How is that different from the software data path where the CPU needs to
> forward the packet between port A with MTU X and port B with MTU X/2 ?
>
> I don't really understand what problem you are trying to solve here. It
> seems like the user did some misconfiguration and now you're introducing
> a policy to mitigate it? If so, it should be something the user can
> disable. It also seems like something that can be easily handled by a
> user space application. You get netlink notifications for all these
> operations.
>
Actually I think the problem can be better understood if I explain
what the switches I'm dealing with look like.
None of them really has a 'MTU' register. They perform length-based
admission control on RX. At this moment in time I don't think anybody
wants to introduce an MRU knob in iproute2, so we're adjusting that
maximum ingress length through the MTU. But it becomes an inverted
problem, since the 'MTU' needs to be controlled for all possible
sources of traffic that are going to egress on this port, in order for
the real MTU on the port itself to be observed.
Regards,
-Vladimir
Powered by blists - more mailing lists