lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 17 Oct 2023 12:04:52 +0300
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: Ido Schimmel <idosch@...dia.com>, netdev@...r.kernel.org,
 bridge@...ts.linux-foundation.org
Cc: davem@...emloft.net, kuba@...nel.org, edumazet@...gle.com,
 pabeni@...hat.com, roopa@...dia.com, mlxsw@...dia.com
Subject: Re: [PATCH net-next 01/13] bridge: mcast: Dump MDB entries even when
 snooping is disabled

On 10/16/23 16:12, Ido Schimmel wrote:
> Currently, the bridge driver does not dump MDB entries when multicast
> snooping is disabled although the entries are present in the kernel:
> 
>   # bridge mdb add dev br0 port swp1 grp 239.1.1.1 permanent
>   # bridge mdb show dev br0
>   dev br0 port swp1 grp 239.1.1.1 permanent
>   dev br0 port br0 grp ff02::6a temp
>   dev br0 port br0 grp ff02::1:ff9d:e61b temp
>   # ip link set dev br0 type bridge mcast_snooping 0
>   # bridge mdb show dev br0
>   # ip link set dev br0 type bridge mcast_snooping 1
>   # bridge mdb show dev br0
>   dev br0 port swp1 grp 239.1.1.1 permanent
>   dev br0 port br0 grp ff02::6a temp
>   dev br0 port br0 grp ff02::1:ff9d:e61b temp
> 
> This behavior differs from other netlink dump interfaces that dump
> entries regardless if they are used or not. For example, VLANs are
> dumped even when VLAN filtering is disabled:
> 
>   # ip link set dev br0 type bridge vlan_filtering 0
>   # bridge vlan show dev swp1
>   port              vlan-id
>   swp1              1 PVID Egress Untagged
> 
> Remove the check and always dump MDB entries:
> 
>   # bridge mdb add dev br0 port swp1 grp 239.1.1.1 permanent
>   # bridge mdb show dev br0
>   dev br0 port swp1 grp 239.1.1.1 permanent
>   dev br0 port br0 grp ff02::6a temp
>   dev br0 port br0 grp ff02::1:ffeb:1a4d temp
>   # ip link set dev br0 type bridge mcast_snooping 0
>   # bridge mdb show dev br0
>   dev br0 port swp1 grp 239.1.1.1 permanent
>   dev br0 port br0 grp ff02::6a temp
>   dev br0 port br0 grp ff02::1:ffeb:1a4d temp
>   # ip link set dev br0 type bridge mcast_snooping 1
>   # bridge mdb show dev br0
>   dev br0 port swp1 grp 239.1.1.1 permanent
>   dev br0 port br0 grp ff02::6a temp
>   dev br0 port br0 grp ff02::1:ffeb:1a4d temp
> 
> Signed-off-by: Ido Schimmel <idosch@...dia.com>
> ---
>   net/bridge/br_mdb.c | 3 ---
>   1 file changed, 3 deletions(-)
> 
> diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
> index 7305f5f8215c..fb58bb1b60e8 100644
> --- a/net/bridge/br_mdb.c
> +++ b/net/bridge/br_mdb.c
> @@ -323,9 +323,6 @@ static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
>   	struct net_bridge_mdb_entry *mp;
>   	struct nlattr *nest, *nest2;
>   
> -	if (!br_opt_get(br, BROPT_MULTICAST_ENABLED))
> -		return 0;
> -
>   	nest = nla_nest_start_noflag(skb, MDBA_MDB);
>   	if (nest == NULL)
>   		return -EMSGSIZE;

Finally! Thanks :) this has been a long-standing annoyance.
Acked-by: Nikolay Aleksandrov <razor@...ckwall.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ