lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 5 Aug 2020 01:02:46 +0200
From:   "Steinar H. Gunderson" <steinar+kernel@...derson.no>
To:     Vladimir Oltean <olteanv@...il.com>
Cc:     Eric Dumazet <edumazet@...gle.com>,
        "Gaube, Marvin (THSE-TL1)" <Marvin.Gaube@...at.de>,
        Florian Fainelli <f.fainelli@...il.com>,
        Woojung Huh <woojung.huh@...rochip.com>,
        Microchip Linux Driver Support <UNGLinuxDriver@...rochip.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: PROBLEM: (DSA/Microchip): 802.1Q-Header lost on KSZ9477-DSA
 ingress without bridge

On Wed, Aug 05, 2020 at 01:44:30AM +0300, Vladimir Oltean wrote:
>>>> What bug? What repro? You just said you don't have any.
>>> Ask Steinar ?
>>> 
>> Hi Steinar, do you have a reproducer for the bug that Eric fixed in
>> commit d4b812dea4a2 ("vlan: mask vlan prio bits")?
> The Google email address from the original report bounces back. Adding
> another address found by searching for your name on netdev.

Yeah, I don't work at Google anymore, so sesse@...gle.com does not exist.
(Hi, Eric! Hoping you're fine despite the pandemic.)

By accident, I'm actually sitting right next to the router in question
right now. But the setup has changed at least twice since 2013, and it
doesn't use sit anymore since native IPv6 is where it's at. So no, I don't
have a reproducer anymore. I also really cannot remember the details;
I think maybe the outgoing sit device was for 6rd? And the priority tag was
added by a fairly cheap Zyxel switch that might still be in the loop, but now
there's tagged VLANs anyway...

If you want to spend time to try to reproduce this with the old kernel
(to verify you have a reproducer that you can use to test the bug with),
this is probably what I'd test: Send untagged packets with 802.1p priority
set (most cheap managed switches allow you to force that somehow, I believe;
tcpdump -e will show an 802.1q tag with VLAN 0), try to route them into a sit
tunnel, and see if they become corrupted or not. That's the only thing I can
recommend, sorry. I hoard a lot of things, but reproducers for fixed bugs
from 2013 at my parents' house isn't among them :-)

/* Steinar */
-- 
Homepage: https://www.sesse.net/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ