lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 23 Jul 2020 21:27:54 +0000
From:   Chris Packham <Chris.Packham@...iedtelesis.co.nz>
To:     Marek BehĂșn <marek.behun@....cz>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     "andrew@...n.ch" <andrew@...n.ch>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>,
        Florian Fainelli <f.fainelli@...il.com>
Subject: Re: dsa: mv88e6xxx losing DHCPv6 solicit packets / IPv6 multicast
 packets?

Hi Marek,

On 24/07/20 2:46 am, Marek BehĂșn wrote:
> Hi,
>
> a customer of ours filed a ticket saying that when using upstream kernel
> (5.8.0-rc6 on Debian 10) on Turris MOX (88e6190 switch) with DSA with
> default configuration, the switch is losing DHCPv6 solicit packets /
> IPv6 multicast packets sent to ff02::1::2 address.
>
>> Specifically, it seems the 88E6190 hardware switches in the Peridot
>> module is swallowing IPv6 multicast packets (sent to ff02::1:2 ).
>> We tested this by mirroring the Mox LAN port on the switch and saw the
>> DHCPv6 solicit packet arriving out of the switch but the Mox kernel
>> didn't see it (using tcpdump).
> Is this issue known?

I can't speak to the Peridot specifically but other Marvell silicon I've 
dealt with does try to avoid trapping packets to the CPU. Normally you 
would set specific registers/table entries to declare interest in 
particular reserved multicast groups.

I had a quick skim of the Peridot docs and the references to reserved 
multicast I see are all about the 802.1D BPDUs.

It might be necessary to configure MLD snooping or add an FDB entry to 
get the ff02::1::2 packets to the CPU.

There is also the possibility that the CPUs Ethernet port is dropping 
the packets for similar reasons. I'd expect Linux to handle that 
correctly put perhaps with a DSA configuration it skips the multicast 
reception config.

As another thought do you know what DHCPv6 client/server is being used. 
There was a fairly recent bugfix for busybox that was needed because the 
v6 code was using the wrong MAC address.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ