lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Oct 2020 03:22:40 +0000 From: Hongbo Wang <hongbo.wang@....com> To: Vladimir Oltean <olteanv@...il.com> CC: Xiaoliang Yang <xiaoliang.yang_1@....com>, Po Liu <po.liu@....com>, Mingkai Hu <mingkai.hu@....com>, "allan.nielsen@...rochip.com" <allan.nielsen@...rochip.com>, Claudiu Manoil <claudiu.manoil@....com>, Alexandru Marginean <alexandru.marginean@....com>, Vladimir Oltean <vladimir.oltean@....com>, Leo Li <leoyang.li@....com>, "andrew@...n.ch" <andrew@...n.ch>, "f.fainelli@...il.com" <f.fainelli@...il.com>, "vivien.didelot@...il.com" <vivien.didelot@...il.com>, "davem@...emloft.net" <davem@...emloft.net>, "jiri@...nulli.us" <jiri@...nulli.us>, "idosch@...sch.org" <idosch@...sch.org>, "kuba@...nel.org" <kuba@...nel.org>, "vinicius.gomes@...el.com" <vinicius.gomes@...el.com>, "nikolay@...ulusnetworks.com" <nikolay@...ulusnetworks.com>, "roopa@...ulusnetworks.com" <roopa@...ulusnetworks.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "horatiu.vultur@...rochip.com" <horatiu.vultur@...rochip.com>, "alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>, "UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>, "ivecera@...hat.com" <ivecera@...hat.com> Subject: RE: [EXT] Re: [PATCH v6 3/3] net: dsa: ocelot: Add support for QinQ Operation Hi Vladimir, > > I asked this on the Microchip Support portal: > > -----------------------------[cut here]----------------------------- > > VLAN filtering only on specific TPID > ------------------------------------ > > I would like to configure a port with the following behavior: > - The VLAN table should contain 802.1ad VLANs 1 and 10. VLAN ingress > filtering > should be enabled. > - An untagged frame on ingress should be classified to 802.1ad (TAG_TYPE=1) > VLAN ID 1 (the port-based VLAN). The frame should be accepted because > 802.1ad > VLAN 1 is in the VLAN table. > - An ingress frame with 802.1Q (0x8100) header VLAN ID 100 should be > classified > to 802.1ad (TAG_TYPE=1) VLAN ID 1 (the port-based VLAN). The frame > should be > accepted because 802.1ad VLAN 1 is in the VLAN table. > - An ingress frame with 802.1ad (0x88a8) header VLAN ID 10 should be > classified > to 802.1ad (TAG_TYPE=1) VLAN ID 10. The frame should be accepted > because > 802.1ad VLAN 10 is in the VLAN table. > - An ingress frame with 802.1ad (0x88a8) header VLAN ID 100 should be > classified to 802.1ad (TAG_TYPE=1) VLAN ID 100. The frame should be > dropped > because 802.1ad VLAN 100 is not in the VLAN table. > How do I configure the switch to obtain this behavior? This is not what the > "Provider Bridges and Q-in-Q Operation" chapter in the reference manual is > explaining how to do. Instead, that chapter suggests to make > VLAN_CFG.VLAN_AWARE_ENA = 0. But I don't want to do this, because I need > to be able to drop the frames with 802.1ad VLAN ID 100 in the example above. > > -----------------------------[cut here]----------------------------- > > Judging from the fact that I received no answer whatsoever, I can only deduce > that offloading an 8021ad bridge, at least one that has the semantics that > Toshiaki Makita described here, > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.kern > el.org%2Fpub%2Fscm%2Flinux%2Fkernel%2Fgit%2Fnetdev%2Fnet-next.git%2F > commit%2F%3Fid%3D1a0b20b257326523ec2a6cb51dd6f26ef179eb84& > data=02%7C01%7Chongbo.wang%40nxp.com%7Cdcfd5e5df4e24455726408d > 86c4f0493%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6373784 > 33917654330&sdata=kk8WnA0iH9E5yPrLKC8BwSInD6jqm0qGftJ8Jw1Etk > 8%3D&reserved=0 > is not possible with this hardware. > > So I think there's little left to do here. > > If it helps, I am fairly certain that the sja1105 can offer the requested services, > if you play a little bit with the TPID and TPID2 values. Maybe that's a path > forward for your patches, if you still want to add the generic support in > switchdev and in DSA. > Thanks for your suggestion, I will research the related code, and will optimize my patches. Thanks, hongbo
Powered by blists - more mailing lists