lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Jul 2020 06:48:15 -0700 From: Florian Fainelli <f.fainelli@...il.com> To: "Gaube, Marvin (THSE-TL1)" <Marvin.Gaube@...at.de>, Woojung Huh <woojung.huh@...rochip.com>, Microchip Linux Driver Support <UNGLinuxDriver@...rochip.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: PROBLEM: (DSA/Microchip): 802.1Q-Header lost on KSZ9477-DSA ingress without bridge On 7/28/2020 11:05 PM, Gaube, Marvin (THSE-TL1) wrote: > Summary: 802.1Q-Header lost on KSZ9477-DSA ingress without bridge > Keywords: networking, dsa, microchip, 802.1q, vlan > Full description: > > Hello, > we're trying to get 802.1Q-Tagged Ethernet Frames through an KSZ9477 DSA-enabled switch without creating a bridge on the kernel side. Does it work if you have a bridge that is VLAN aware though? If it does, this would suggest that the default VLAN behavior without a bridge is too restrictive and needs changing. > Following setup: > Switchport 1 <-- KSZ9477 --> eth1 (CPU-Port) <---> lan1 This representation is confusing, is switchport 1 a network device or is this meant to be physical switch port number of 1 of the KSZ9477? > > No bridge is configured, only the interface directly. Untagged packets are working without problems. The Switch uses the ksz9477-DSA-Driver with Tail-Tagging ("DSA_TAG_PROTO_KSZ9477"). > When sending packets with 802.1Q-Header (tagged VLAN) into the Switchport, I see them including the 802.1Q-Header on eth1. > They also appear on lan1, but with the 802.1Q-Header missing. > When I create an VLAN-Interface over lan1 (e.g. lan1.21), nothing arrives there. > The other way around, everything works fine: Packets transmitted into lan1.21 are appearing in 802.1Q-VLAN 21 on the Switchport 1. > > I assume that is not the intended behavior. > I haven't found an obvious reason for this behavior yet, but I suspect the VLAN-Header gets stripped of anywhere around "dsa_switch_rcv" in net/dsa/dsa.c or "ksz9477_rcv" in net/dsa/tag_ksz.c. Not sure how though, ksz9477_rcv() only removes the trail tag, this should leave any header intact. It seems to me that the switch is incorrectly configured and is not VLAN aware at all, nor passing VLAN tagged frames through on ingress to CPU when it should. -- Florian
Powered by blists - more mailing lists