| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 May 2020 23:56:03 +0800
From: DENG Qingfang <dqfext@...il.com>
To: Florian Fainelli <f.fainelli@...il.com>
Cc: netdev <netdev@...r.kernel.org>,
Sean Wang <sean.wang@...iatek.com>,
Andrew Lunn <andrew@...n.ch>,
Vivien Didelot <vivien.didelot@...il.com>,
"David S . Miller" <davem@...emloft.net>,
"moderated list:ARM/Mediatek SoC support"
<linux-mediatek@...ts.infradead.org>,
Russell King <linux@...linux.org.uk>,
Matthias Brugger <matthias.bgg@...il.com>,
René van Dorst <opensource@...rst.com>,
Tom James <tj17@...com>,
Stijn Segers <foss@...atilesystems.org>,
riddlariddla@...mail.com, Szabolcs Hubai <szab.hu@...il.com>,
Paul Fertser <fercerpav@...il.com>
Subject: Re: [PATCH net-next] net: dsa: mt7530: set CPU port to fallback mode
Hi Florian
On Wed, May 13, 2020 at 11:46 PM Florian Fainelli <f.fainelli@...il.com> wrote:
>
>
>
> On 5/13/2020 8:37 AM, DENG Qingfang wrote:
> > Currently, setting a bridge's self PVID to other value and deleting
> > the default VID 1 renders untagged ports of that VLAN unable to talk to
> > the CPU port:
> >
> > bridge vlan add dev br0 vid 2 pvid untagged self
> > bridge vlan del dev br0 vid 1 self
> > bridge vlan add dev sw0p0 vid 2 pvid untagged
> > bridge vlan del dev sw0p0 vid 1
> > # br0 cannot send untagged frames out of sw0p0 anymore
> >
> > That is because the CPU port is set to security mode and its PVID is
> > still 1, and untagged frames are dropped due to VLAN member violation.
> >
> > Set the CPU port to fallback mode so untagged frames can pass through.
>
> How about if the bridge has vlan_filtering=1? The use case you present
> seems to be valid to me, that is, you may create a VLAN just for the
> user ports and not have the CPU port be part of it at all.
I forgot to mention that this is ONLY for vlan_filtering=1
`bridge vlan` simply won't do anything if VLAN filtering is disabled.
>
> >
> > Fixes: 83163f7dca56 ("net: dsa: mediatek: add VLAN support for MT7530")
> > Signed-off-by: DENG Qingfang <dqfext@...il.com>
> > ---
> > drivers/net/dsa/mt7530.c | 11 ++++++++---
> > drivers/net/dsa/mt7530.h | 6 ++++++
> > 2 files changed, 14 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c
> > index 5c444cd722bd..a063d914c23f 100644
> > --- a/drivers/net/dsa/mt7530.c
> > +++ b/drivers/net/dsa/mt7530.c
> > @@ -810,10 +810,15 @@ mt7530_port_set_vlan_aware(struct dsa_switch *ds, int port)
> > PCR_MATRIX_MASK, PCR_MATRIX(MT7530_ALL_MEMBERS));
> >
> > /* Trapped into security mode allows packet forwarding through VLAN
> > - * table lookup.
> > + * table lookup. CPU port is set to fallback mode to let untagged
> > + * frames pass through.
> > */
> > - mt7530_rmw(priv, MT7530_PCR_P(port), PCR_PORT_VLAN_MASK,
> > - MT7530_PORT_SECURITY_MODE);
> > + if (dsa_is_cpu_port(ds, port))
> > + mt7530_rmw(priv, MT7530_PCR_P(port), PCR_PORT_VLAN_MASK,
> > + MT7530_PORT_FALLBACK_MODE);
> > + else
> > + mt7530_rmw(priv, MT7530_PCR_P(port), PCR_PORT_VLAN_MASK,
> > + MT7530_PORT_SECURITY_MODE);
> >
> > /* Set the port as a user port which is to be able to recognize VID
> > * from incoming packets before fetching entry within the VLAN table.
> > diff --git a/drivers/net/dsa/mt7530.h b/drivers/net/dsa/mt7530.h
> > index 979bb6374678..d45eb7540703 100644
> > --- a/drivers/net/dsa/mt7530.h
> > +++ b/drivers/net/dsa/mt7530.h
> > @@ -152,6 +152,12 @@ enum mt7530_port_mode {
> > /* Port Matrix Mode: Frames are forwarded by the PCR_MATRIX members. */
> > MT7530_PORT_MATRIX_MODE = PORT_VLAN(0),
> >
> > + /* Fallback Mode: Forward received frames with ingress ports that do
> > + * not belong to the VLAN member. Frames whose VID is not listed on
> > + * the VLAN table are forwarded by the PCR_MATRIX members.
> > + */
> > + MT7530_PORT_FALLBACK_MODE = PORT_VLAN(1),
> > +
> > /* Security Mode: Discard any frame due to ingress membership
> > * violation or VID missed on the VLAN table.
> > */
> >
>
> --
> Florian
Powered by blists - more mailing lists