lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87eei25f09.fsf@waldekranz.com>
Date:   Sat, 30 Jan 2021 21:47:02 +0100
From:   Tobias Waldekranz <tobias@...dekranz.com>
To:     DENG Qingfang <dqfext@...il.com>, Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...il.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Vladimir Oltean <olteanv@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH net] net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add

On Sat, Jan 30, 2021 at 21:43, DENG Qingfang <dqfext@...il.com> wrote:
> Having multiple destination ports for a unicast address does not make
> sense.
> Make port_db_load_purge override existent unicast portvec instead of
> adding a new port bit.

Is this the layer we want to solve this problem at? What are the
contents of the software FDB at this stage?

Here is a quick example I tried on one of my systems:

root@...oy:~# bridge fdb add 02:00:de:ad:00:01 dev eth1 static vlan 1
root@...oy:~# bridge fdb add 02:00:de:ad:00:01 dev eth2 static vlan 1
root@...oy:~# bridge fdb | grep de:ad
02:00:de:ad:00:01 dev eth2 vlan 1 self static
02:00:de:ad:00:01 dev eth1 vlan 1 self static

Why does the second add operation succeed? Am I missing some magic flag?
Presumably the bridge will only ever forward packets to which ever entry
ends up being first in the relevant hash list. Is that not the real
problem here?

As it stands today, those commands will result in the following ATU
config (eth1/2 being mapped to port 10/9):

root@...oy:~# mvls atu
ADDRESS             FID  STATE      Q  F  0  1  2  3  4  5  6  7  8  9  a
ff:ff:ff:ff:ff:ff     0  static     -  -  0  1  2  3  4  5  6  7  8  9  a
02:00:de:ad:00:01     1  static     -  -  .  .  .  .  .  .  .  .  .  9  a
ff:ff:ff:ff:ff:ff     1  static     -  -  0  1  2  3  4  5  6  7  8  9  a

One might argue that this is no more wrong than what would have been set
up with this patch applied. The problem is that the bridge allows this
configuration in the first place.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ