lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230817173529.mmic4a7g5cgswnbf@skbuf> Date: Thu, 17 Aug 2023 20:35:29 +0300 From: Vladimir Oltean <olteanv@...il.com> To: Alexis Lothoré <alexis.lothore@...tlin.com> Cc: Clément Leger <clement@...ment-leger.fr>, Andrew Lunn <andrew@...n.ch>, Florian Fainelli <f.fainelli@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, linux-renesas-soc@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Miquel Raynal <miquel.raynal@...tlin.com>, Milan Stevanovic <milan.stevanovic@...com>, Jimmy Lalande <jimmy.lalande@...com>, Pascal Eberhard <pascal.eberhard@...com>, Thomas Petazzoni <thomas.petazzoni@...tlin.com> Subject: Re: [PATCH net-next v5 2/3] net: dsa: rzn1-a5psw: add support for .port_bridge_flags Hi Alexis, On Fri, Aug 11, 2023 at 04:42:18PM +0200, Alexis Lothoré wrote: > > These 3 port masks will only do what you expect while the bridge has > > vlan_filtering=0, correct? When vlan_filtering=1, packets classified to > > a VLAN which don't hit any FDB entry will be always flooded to all ports > > in that VLAN, correct? > > After thoroughly reading the A5PSW doc again, I feel that this sentence is not > exactly true. If I refer to section 4.5.3.9, paragraph 3.c: > > The VLAN table is used for both, VLAN domain verification [...] as well as VLAN > resolution. Once the frame has passed any VLAN domain verification (i.e. will > not be discarded by the verification function already), the forwarding > resolution applies. > [...] > - If the destination MAC address (Unicast or Multicast) is not found in the MAC > address table, or if the destination address is the Broadcast address, the frame > is forwarded according to the following rules: > - The destination port mask is loaded from the respective register > U/M/BCAST_DEFAULT_MASK depending on unicast, multicast or broadcast. Then the > following filtering on this mask applies. > - If the frame carries a VLAN tag, the VLAN resolution table is searched for > a matching VLAN ID and the frame is sent only to ports that are associated with > the VLAN ID. > - If the frame carries a VLAN tag and the VLAN ID does not match any entry > in the VLAN Resolution Table, or the frame does not carry a VLAN tag, the frame > is forwarded to all ports that are enabled by the default mask. > - If it cannot be associated with any VLAN group and if the default group > has been set to all zero, the frame is discarded. > [...] > > I understand from the second bullet that even when vlan filtering is enabled > (which occurs as first step), the first flooding filter (used in second step, > resolution) remains the flooding masks from unicast/multicast/broadcast default > mask registers. The vlan resolution is then applied over it as a second filter, > and only make the flooding more "restrictive", it does not bypass it (so if a > port is in the vlan which VID is in an incoming packet but the port is not also > defined in the U/M/B default mask, incoming packet won't be flooded to it). Thanks for the clarification. In this case, the code is fine. I must have left with the wrong impression from the previous discussion with Clément.
Powered by blists - more mailing lists