| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210118220616.ql2i3uigyz6tiuhz@skbuf>
Date: Tue, 19 Jan 2021 00:06:16 +0200
From: Vladimir Oltean <olteanv@...il.com>
To: Nikolay Aleksandrov <nikolay@...dia.com>
Cc: Tobias Waldekranz <tobias@...dekranz.com>, davem@...emloft.net,
kuba@...nel.org, andrew@...n.ch, vivien.didelot@...il.com,
f.fainelli@...il.com, roopa@...dia.com, netdev@...r.kernel.org,
jiri@...nulli.us, idosch@...sch.org, stephen@...workplumber.org
Subject: Re: [RFC net-next 2/7] net: bridge: switchdev: Include local flag in
FDB notifications
On Mon, Jan 18, 2021 at 11:53:18PM +0200, Nikolay Aleksandrov wrote:
> On 18/01/2021 23:50, Vladimir Oltean wrote:
> > On Mon, Jan 18, 2021 at 11:39:27PM +0200, Nikolay Aleksandrov wrote:
> >> Apologies for the multiple emails, but wanted to leave an example:
> >>
> >> 00:11:22:33:44:55 dev ens16 master bridge permanent
> >>
> >> This must always exist and user-space must be able to create it, which
> >> might be against what you want to achieve (no BR_FDB_LOCAL entries with
> >> fdb->dst != NULL).
> >
> > Can you give me an example of why it would matter that fdb->dst in this
> > case is set to ens16?
> >
>
> Can you dump it as "dev ens16" without it? :)
> Or alternatively can you send a notification with "dev ens16" without it?
>
> I'm in favor of removing it, but it is risky since some script somewhere might
> be searching for it, or some user-space daemon might expect to see a notification
> for such entries and react on it.
If "dev ens16" makes no difference to the forwarding and/or termination
path of the bridge, just to user space reporting, then keeping
appearances is a bit pointless.
For example, DSA switch interfaces inherit by default the MAC address of
the host interface. Having multiple net devices with the same MAC
address works because either they are in different L2 domains (case in
which the MAC addresses should still be unique per domain), or they are
in the same L2 domain, under the same bridge (case in which it is the
bridge who should do IP neighbour resolution etc).
Having that said, let there be these commands:
$ ip link add br0 type bridge
$ ip link set swp0 master br0
$ ip link set swp1 master br0
$ ip link set swp2 master br0
$ ip link set swp3 master br0
$ bridge fdb | grep permanent
00:04:9f:05:de:0a dev swp0 vlan 1 master br0 permanent
00:04:9f:05:de:0a dev swp0 master br0 permanent
And these:
$ ip link add br0 type bridge
$ ip link set swp3 master br0
$ ip link set swp2 master br0
$ ip link set swp1 master br0
$ ip link set swp0 master br0
$ bridge fdb | grep permanent
00:04:9f:05:de:0a dev swp0 vlan 1 master br0 permanent
00:04:9f:05:de:0a dev swp0 master br0 permanent
00:04:9f:05:de:0a dev swp3 vlan 1 master br0 permanent
00:04:9f:05:de:0a dev swp3 master br0 permanent
Preserving the reporting for permanent/local FDB entries added by user
is one thing. But do we need to also preserve this behavior (i.e. report
the first unique MAC address of an interface that joins the bridge as a
permanent/local address on that brport, but not on the others, and not
on br0)? If yes, then I'm afraid there's nothing we can do.
Powered by blists - more mailing lists