lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20211116135335.j5mmvpnfzw4hfz67@skbuf>
Date:   Tue, 16 Nov 2021 15:53:35 +0200
From:   Vladimir Oltean <olteanv@...il.com>
To:     Andrew Lunn <andrew@...n.ch>
Cc:     Oleksij Rempel <o.rempel@...gutronix.de>, g@...gutronix.de,
        Woojung Huh <woojung.huh@...rochip.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, UNGLinuxDriver@...rochip.com,
        kernel@...gutronix.de, Jakub Kicinski <kuba@...nel.org>,
        Vivien Didelot <vivien.didelot@...il.com>
Subject: Re: [RFC PATCH net-next] net: dsa: microchip: implement multi-bridge
 support

On Tue, Nov 16, 2021 at 02:40:06PM +0100, Andrew Lunn wrote:
> > > What logging noise?
> > 
> > I get this with current ksz driver:
> > [   40.185928] br0: port 2(lan2) entered blocking state
> > [   40.190924] br0: port 2(lan2) entered listening state
> > [   41.043186] br0: port 2(lan2) entered blocking state
> > [   55.512832] br0: port 1(lan1) entered learning state
> > [   61.272802] br0: port 2(lan2) neighbor 8000.ae:1b:91:58:77:8b lost
> > [   61.279192] br0: port 2(lan2) entered listening state
> > [   63.113236] br0: received packet on lan1 with own address as source address (addr:00:0e:cd:00:cd:be, vlan:0)
> 
> I would guess that transmission from the CPU is broken in this
> case. It could be looking up the destination address in the
> translation table and not finding an entry. So it floods the packet
> out all interfaces, including the CPU. So the CPU receives its own
> packet and gives this warning.
> 
> Flooding should exclude where the frame came from.

I interpret this very differently. If Oleksij is looping lan1 with lan2
and he keeps the MAC addresses the way DSA sets them up by default, i.e.
equal and inherited from the DSA master, then receiving a packet with a
MAC SA (lan2) equal with the address of the receiving interface (lan1)
is absolutely natural. What is not natural is that the bridge attempts
to learn from this packet (the message is printed from br_fdb_update),
which in turn is caused by the fact that the port is allowed to proceed
to the LEARNING state despite there being a loop (which is not detected
by STP because STP is broken as Oleksij describes).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ