lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 16 Oct 2020 14:11:06 +0200
From:   Kurt Kanzenbach <>
To:     Vladimir Oltean <>
Cc:     Andrew Lunn <>,
        Vivien Didelot <>,
        Florian Fainelli <>,
        "David S. Miller" <>,
        Jakub Kicinski <>,,
        Rob Herring <>,,
        Sebastian Andrzej Siewior <>,
        Richard Cochran <>,
        Kamil Alkhouri <>,
Subject: Re: [PATCH net-next v6 2/7] net: dsa: Add DSA driver for Hirschmann Hellcreek switches

On Mon Oct 12 2020, Kurt Kanzenbach wrote:
> On Sun Oct 11 2020, Vladimir Oltean wrote:
>> On Sun, Oct 11, 2020 at 02:29:08PM +0200, Kurt Kanzenbach wrote:
>>> On Tue Oct 06 2020, Vladimir Oltean wrote:
>>> > It would be interesting to see if you could simply turn off VLAN
>>> > awareness in standalone mode, and still use unique pvids per port.
>>> That doesn't work, just tested. When VLAN awareness is disabled,
>>> everything is switched regardless of VLAN tags and table.
>> That's strange, do you happen to know where things are going wrong?
> No I don't. I'll clarify with the hardware engineer.

When VLAN awareness is disabled, the packet is still classified with the
pvid. But, later all rules regarding VLANs (except for the PCP field)
are ignored then. So, the programmed pvid doesn't matter in this case.

The only way to implement the non-filtering bridge behavior is this
flag. However, this has some more implications. For instance when
there's a non filtering bridge, then standalone mode doesn't work
anymore due to the VLAN unawareness. This is not a problem at the
moment, because there are only two ports. But, later when there are more
ports, then having two ports in a non-filtering bridge and one in
standalone mode doesn't work. That's another limitation that needs to be
considered when adding more ports later on.

Besides that problem everything else seem to work now in accordance to
the expected Linux behavior with roper restrictions in place.


Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)

Powered by blists - more mailing lists