lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210210215524.m4vnztszcnsr6pxa@skbuf>
Date:   Wed, 10 Feb 2021 23:55:24 +0200
From:   Vladimir Oltean <olteanv@...il.com>
To:     Tobias Waldekranz <tobias@...dekranz.com>
Cc:     George McCollister <george.mccollister@...il.com>,
        Jakub Kicinski <kuba@...nel.org>, Andrew Lunn <andrew@...n.ch>,
        Vivien Didelot <vivien.didelot@...il.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Jonathan Corbet <corbet@....net>, netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2 0/4] add HSR offloading support for DSA
 switches

On Wed, Feb 10, 2021 at 10:10:14PM +0100, Tobias Waldekranz wrote:
> On Tue, Feb 09, 2021 at 11:04, George McCollister <george.mccollister@...il.com> wrote:
> >> > It also doesn't implement a ProxyNodeTable (though that actually
> >> > wouldn't matter if you were offloading to the xrs700x I think). Try
> >> > commenting out the ether_addr_copy() line in hsr_xmit and see if it
> >> > makes your use case work.
> >>
> >> So what is missing is basically to expand the current facility for
> >> generating sequence numbers to maintain a table of such associations,
> >> keyed by the SA?
> >
> > For the software implementation it would also need to use the
> > ProxyNodeTable to prevent forwarding matching frames on the ring and
> > delivering them to the hsr master port. It's also supposed to drop
> > frames coming in on a redundant port if the source address is in the
> > ProxyNodeTable.
> 
> This whole thing sounds an awful lot like an FDB. I suppose an option
> would be to implement the RedBox/QuadBox roles in the bridge, perhaps by
> building on the work done for MRP? Feel free to tell me I'm crazy :)

As far as I understand, the VDAN needs to generate supervision frames on
behalf of all nodes that it proxies. Therefore, implementing the
RedBox/QuadBox in the bridge is probably not practical. What I was
discussing with George though is that maybe we can make hsr a consumer
of SWITCHDEV_FDB_ADD_TO_DEVICE events, similar to DSA with its
assisted_learning_on_cpu_port functionality, and that would be how it
populates its proxy node table. A RedBox becomes a bridge with one HSR
interface and one or more standalone interfaces, and a QuadBox becomes a
bridge with two HSR interfaces. How does that sound?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ