lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Jan 2022 09:51:11 +0800
From:   Kai-Heng Feng <kai.heng.feng@...onical.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Andrew Lunn <andrew@...n.ch>, Oliver Neukum <oneukum@...e.com>,
        Aaron Ma <aaron.ma@...onical.com>, henning.schild@...mens.com,
        linux-usb@...r.kernel.org, netdev@...r.kernel.org,
        davem@...emloft.net, hayeswang@...ltek.com, tiwai@...e.de,
        "Limonciello, Mario" <Mario.Limonciello@....com>
Subject: Re: [PATCH 1/3 v3] net: usb: r8152: Check used MAC passthrough address

[+Cc Mario Limonciello, the original author on MAC pass-through]

On Tue, Jan 11, 2022 at 12:51 AM Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Mon, 10 Jan 2022 11:32:16 +0800 Kai-Heng Feng wrote:
> > > > I don't think it's a good idea. On my laptop,
> > > > systemd-udev-settle.service can add extra 5~10 seconds boot time
> > > > delay.
> > > > Furthermore, the external NIC in question is in a USB/Thunderbolt
> > > > dock, it can present pre-boot, or it can be hotplugged at any time.
> > >
> > > IIUC our guess is that this feature used for NAC and IEEE 802.1X.
> > > In that case someone is already provisioning certificates to all
> > > the machines, and must provide a config for all its interfaces.
> > > It should be pretty simple to also put the right MAC address override
> > > in the NetworkManager/systemd-networkd/whatever config, no?
> >
> > If that's really the case, why do major OEMs came up with MAC
> > pass-through? Stupid may it be, I don't think it's a solution looking
> > for problem.
>
> I don't know. Maybe due to a limitation in Windows? Maybe it's hard to
> do in network manager, too, and we're not seeing something. Or perhaps
> simply because they want to convince corporations to buy their
> unreasonably expensive docks.
>
> What I do know is that we need to gain a good understanding of the
> motivation before we push any more of such magic into the kernel.

Mario, do you know how corporate network and other OS handle MAC
pass-through, so we can come up with a more robust design?

Kai-Heng

>
> I may be able to do some testing myself after the Omicron surge is over
> in the US.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ