lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 May 2020 08:46:35 -0700 From: Florian Fainelli <f.fainelli@...il.com> To: DENG Qingfang <dqfext@...il.com>, netdev@...r.kernel.org Cc: Sean Wang <sean.wang@...iatek.com>, Andrew Lunn <andrew@...n.ch>, Vivien Didelot <vivien.didelot@...il.com>, "David S . Miller" <davem@...emloft.net>, linux-mediatek@...ts.infradead.org, Russell King <linux@...linux.org.uk>, Matthias Brugger <matthias.bgg@...il.com>, René van Dorst <opensource@...rst.com>, Tom James <tj17@...com>, Stijn Segers <foss@...atilesystems.org>, riddlariddla@...mail.com, Szabolcs Hubai <szab.hu@...il.com>, Paul Fertser <fercerpav@...il.com> Subject: Re: [PATCH net-next] net: dsa: mt7530: set CPU port to fallback mode On 5/13/2020 8:37 AM, DENG Qingfang wrote: > Currently, setting a bridge's self PVID to other value and deleting > the default VID 1 renders untagged ports of that VLAN unable to talk to > the CPU port: > > bridge vlan add dev br0 vid 2 pvid untagged self > bridge vlan del dev br0 vid 1 self > bridge vlan add dev sw0p0 vid 2 pvid untagged > bridge vlan del dev sw0p0 vid 1 > # br0 cannot send untagged frames out of sw0p0 anymore > > That is because the CPU port is set to security mode and its PVID is > still 1, and untagged frames are dropped due to VLAN member violation. > > Set the CPU port to fallback mode so untagged frames can pass through. How about if the bridge has vlan_filtering=1? The use case you present seems to be valid to me, that is, you may create a VLAN just for the user ports and not have the CPU port be part of it at all. > > Fixes: 83163f7dca56 ("net: dsa: mediatek: add VLAN support for MT7530") > Signed-off-by: DENG Qingfang <dqfext@...il.com> > --- > drivers/net/dsa/mt7530.c | 11 ++++++++--- > drivers/net/dsa/mt7530.h | 6 ++++++ > 2 files changed, 14 insertions(+), 3 deletions(-) > > diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c > index 5c444cd722bd..a063d914c23f 100644 > --- a/drivers/net/dsa/mt7530.c > +++ b/drivers/net/dsa/mt7530.c > @@ -810,10 +810,15 @@ mt7530_port_set_vlan_aware(struct dsa_switch *ds, int port) > PCR_MATRIX_MASK, PCR_MATRIX(MT7530_ALL_MEMBERS)); > > /* Trapped into security mode allows packet forwarding through VLAN > - * table lookup. > + * table lookup. CPU port is set to fallback mode to let untagged > + * frames pass through. > */ > - mt7530_rmw(priv, MT7530_PCR_P(port), PCR_PORT_VLAN_MASK, > - MT7530_PORT_SECURITY_MODE); > + if (dsa_is_cpu_port(ds, port)) > + mt7530_rmw(priv, MT7530_PCR_P(port), PCR_PORT_VLAN_MASK, > + MT7530_PORT_FALLBACK_MODE); > + else > + mt7530_rmw(priv, MT7530_PCR_P(port), PCR_PORT_VLAN_MASK, > + MT7530_PORT_SECURITY_MODE); > > /* Set the port as a user port which is to be able to recognize VID > * from incoming packets before fetching entry within the VLAN table. > diff --git a/drivers/net/dsa/mt7530.h b/drivers/net/dsa/mt7530.h > index 979bb6374678..d45eb7540703 100644 > --- a/drivers/net/dsa/mt7530.h > +++ b/drivers/net/dsa/mt7530.h > @@ -152,6 +152,12 @@ enum mt7530_port_mode { > /* Port Matrix Mode: Frames are forwarded by the PCR_MATRIX members. */ > MT7530_PORT_MATRIX_MODE = PORT_VLAN(0), > > + /* Fallback Mode: Forward received frames with ingress ports that do > + * not belong to the VLAN member. Frames whose VID is not listed on > + * the VLAN table are forwarded by the PCR_MATRIX members. > + */ > + MT7530_PORT_FALLBACK_MODE = PORT_VLAN(1), > + > /* Security Mode: Discard any frame due to ingress membership > * violation or VID missed on the VLAN table. > */ > -- Florian
Powered by blists - more mailing lists