lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 11 Nov 2020 18:47:27 +0200
From:   Vladimir Oltean <olteanv@...il.com>
To:     Florian Fainelli <f.fainelli@...il.com>
Cc:     Jakub Kicinski <kuba@...nel.org>,
        Markus Blöchl <markus.bloechl@...tronik.com>,
        Ido Schimmel <idosch@...sch.org>, Andrew Lunn <andrew@...n.ch>,
        Alexander Duyck <alexander.duyck@...il.com>,
        Woojung Huh <woojung.huh@...rochip.com>,
        "David S. Miller" <davem@...emloft.net>,
        Microchip Linux Driver Support <UNGLinuxDriver@...rochip.com>,
        netdev@...r.kernel.org
Subject: Re: [PATCH net] net: lan78xx: Disable hardware vlan filtering in
 promiscuous mode

On Wed, Nov 11, 2020 at 07:56:58AM -0800, Florian Fainelli wrote:
> The semantics of promiscuous are pretty clear though, and if you have a
> NIC with VLAN filtering capability which could prevent the stack from
> seeing *all* packets, that would be considered a bug. I suppose that you
> could not disable VLAN filtering but instead install all 4096 - N VLANs
> (N being currently used) into the filter to guarantee receiving those
> VLAN tagged frames?

Are they?

IEEE 802.3 clause 30.3.1.1.16 aPromiscuousStatus says:

APPROPRIATE SYNTAX:
BOOLEAN

BEHAVIOUR DEFINED AS:
A GET operation returns the value “true” for promiscuous mode enabled, and “false” otherwise.

Frames without errors received solely because this attribute has the value “true” are counted as
frames received correctly; frames received in this mode that do contain errors update the
appropriate error counters.

A SET operation to the value “true” provides a means to cause the LayerMgmtRecognizeAddress
function to accept frames regardless of their destination address.

A SET operation to the value “false” causes the MAC sublayer to return to the normal operation
of carrying out address recognition procedures for station, broadcast, and multicast group
addresses (LayerMgmtRecognizeAddress function).;


As for IEEE 802.1Q, there's nothing about promiscuity in the context of
VLAN there.

Sadly, I think promiscuity refers only to address recognition for the
purpose of packet termination. I cannot find any reference to VLAN in
the context of promiscuity, or, for that matter, I cannot find any
reference coming from a standards body that promiscuity would mean
"accept all packets".

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ