| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <MW4PR11MB57761B3E644FDDCF88AD3FF4FD55A@MW4PR11MB5776.namprd11.prod.outlook.com> Date: Tue, 13 Jun 2023 09:41:34 +0000 From: "Drewek, Wojciech" <wojciech.drewek@...el.com> To: "Buvaneswaran, Sujai" <sujai.buvaneswaran@...el.com>, "intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org> CC: "pmenzel@...gen.mpg.de" <pmenzel@...gen.mpg.de>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "simon.horman@...igine.com" <simon.horman@...igine.com>, "dan.carpenter@...aro.org" <dan.carpenter@...aro.org> Subject: RE: [Intel-wired-lan] [PATCH iwl-next v4 02/13] ice: Prohibit rx mode change in switchdev mode > -----Original Message----- > From: Buvaneswaran, Sujai <sujai.buvaneswaran@...el.com> > Sent: poniedziaĆek, 12 czerwca 2023 09:30 > To: Drewek, Wojciech <wojciech.drewek@...el.com>; intel-wired-lan@...ts.osuosl.org > Cc: pmenzel@...gen.mpg.de; netdev@...r.kernel.org; simon.horman@...igine.com; dan.carpenter@...aro.org > Subject: RE: [Intel-wired-lan] [PATCH iwl-next v4 02/13] ice: Prohibit rx mode change in switchdev mode > > > Don't allow to change promisc mode in switchdev mode. > > When switchdev is configured, PF netdev is set to be a default VSI. This is > > needed for the slow-path to work correctly. > > All the unmatched packets will be directed to PF netdev. > > > > It is possible that this setting might be overwritten by ndo_set_rx_mode. > > Prevent this by checking if switchdev is enabled in ice_set_rx_mode. > > > > Reviewed-by: Paul Menzel <pmenzel@...gen.mpg.de> > > Signed-off-by: Wojciech Drewek <wojciech.drewek@...el.com> > > --- > > drivers/net/ethernet/intel/ice/ice_main.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > During our testing, we found out that PF netdev promisc mode settings can be changed in Switchdev mode. > Is this expected as per the implementation of this patch? > > [root@...fpass-switchdev ~]# ip link show dev ens802f0np0 > 193: ens802f0np0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP mode DEFAULT group default > qlen 1000 > link/ether 6c:fe:54:5a:18:98 brd ff:ff:ff:ff:ff:ff > vf 0 link/ether 52:52:00:00:00:01 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state enable, trust off > vf 1 link/ether 52:52:00:00:00:02 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state enable, trust off > altname enp175s0f0np0 > [root@...fpass-switchdev ~]# ip link set dev ens802f0np0 promisc on > [root@...fpass-switchdev ~]# ip link show dev ens802f0np0 > 193: ens802f0np0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP mode DEFAULT group > default qlen 1000 > link/ether 6c:fe:54:5a:18:98 brd ff:ff:ff:ff:ff:ff > vf 0 link/ether 52:52:00:00:00:01 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state enable, trust off > vf 1 link/ether 52:52:00:00:00:02 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state enable, trust off > altname enp175s0f0np0 > [root@...fpass-switchdev ~]# ip link set dev ens802f0np0 promisc off > [root@...fpass-switchdev ~]# ip link show dev ens802f0np0 > 193: ens802f0np0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP mode DEFAULT group default > qlen 1000 > link/ether 6c:fe:54:5a:18:98 brd ff:ff:ff:ff:ff:ff > vf 0 link/ether 52:52:00:00:00:01 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state enable, trust off > vf 1 link/ether 52:52:00:00:00:02 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state enable, trust off > altname enp175s0f0np0 I think everything is fine here, actual promisc mode can be checked using -d option, "promiscuity" is indicating if the mode is enabled. Once the uplink is added to the bridge I couldn't turn it off as expected.
Powered by blists - more mailing lists