lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 27 Mar 2023 10:48:32 -0300
From:   Fabio Estevam <festevam@...il.com>
To:     andrew@...n.ch
Cc:     olteanv@...il.com, davem@...emloft.net, kuba@...nel.org,
        netdev@...r.kernel.org, steffen@...osonix.de,
        Fabio Estevam <festevam@...x.de>
Subject: [RFC] net: dsa: mv88e6xxx disable IGMP snooping on cpu port

From: Steffen Bätz <steffen@...osonix.de>

Don't enable IGMP snooping on CPU ports because the IGMP JOIN
packet would never forward to the next bridge, but loop back to
the actual cpu port.

The mv88e6320 manual describes the MV88E6XXX_PORT_CTL0_IGMP_MLD_SNOOP
bit as follows:

"IGMP and MLD Snooping. When this bit is set to a one and this port
receives an IPv4 IGMP frame or an IPv6MLD frame, the frame is switched
to the CPU port overriding the destination ports determined by the DA
mapping.
When this bit is cleared to a zero IGMP/MLD frames are not treated
specially.
IGMP/MLD Snooping is intended to be used on Normal Network or Provider
ports only (see Frame Mode bits
below) and only if Cut Through (88E6632 only) is disabled on the port
(Port offset 0x1F) as the IPv6 Snoop point may be after byte 64."

If this bit is set (it was set at ALL ports), the mv88e6320 will snoop
for any IGMP messages, and route them to the configured CPU port. This
will hinder any outgoing IGMP messages from the CPU from leaving the
switch, since they are immediately looped back to the CPU itself.

Fixes: 54d792f257c6 ("net: dsa: Centralise global and port setup code into mv88e6xxx.")
Signed-off-by: Steffen Bätz <steffen@...osonix.de>
Signed-off-by: Fabio Estevam <festevam@...x.de>
---
 drivers/net/dsa/mv88e6xxx/chip.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c
index b73d1d6747b7..af098d65ed71 100644
--- a/drivers/net/dsa/mv88e6xxx/chip.c
+++ b/drivers/net/dsa/mv88e6xxx/chip.c
@@ -3354,9 +3354,14 @@ static int mv88e6xxx_setup_port(struct mv88e6xxx_chip *chip, int port)
 	 * If this is the upstream port for this switch, enable
 	 * forwarding of unknown unicasts and multicasts.
 	 */
-	reg = MV88E6XXX_PORT_CTL0_IGMP_MLD_SNOOP |
-		MV88E6185_PORT_CTL0_USE_TAG | MV88E6185_PORT_CTL0_USE_IP |
+	reg = MV88E6185_PORT_CTL0_USE_TAG | MV88E6185_PORT_CTL0_USE_IP |
 		MV88E6XXX_PORT_CTL0_STATE_FORWARDING;
+	/* Don't enable IGMP snooping on CPU ports because the IGMP JOIN
+	 * packet would never forward to the next bridge, but loop back to
+	 * the actual cpu port.
+	 */
+	if (!dsa_is_cpu_port(ds, port))
+		reg |= MV88E6XXX_PORT_CTL0_IGMP_MLD_SNOOP;
 	err = mv88e6xxx_port_write(chip, port, MV88E6XXX_PORT_CTL0, reg);
 	if (err)
 		return err;
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ