lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 17 Oct 2023 12:41:24 +0300
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: Amit Cohen <amcohen@...dia.com>, netdev@...r.kernel.org
Cc: dsahern@...il.com, stephen@...workplumber.org, mlxsw@...dia.com,
 roopa@...dia.com
Subject: Re: [PATCH iproute2-next 8/8] man: bridge: add a note about using
 'master' and 'self' with flush

On 10/17/23 10:02, Amit Cohen wrote:
> When 'master' and 'self' keywords are used, the command will be handled
> by the driver of the device itself and by the driver that the device is
> master on. For VXLAN, such command will be handled by VXLAN driver and by
> bridge driver in case that the VXLAN is master on a bridge.
> 
> The bridge driver and VXLAN driver do not support the same arguments for
> flush command, for example - "vlan" is supported by bridge and not by
> VXLAN and "vni" is supported by VXLAN and not by bridge.
> 
> The following command returns an error:
> $ bridge fdb flush dev vx10 vlan 1 self master
> Error: Unsupported attribute.
> 
> This error comes from the VXLAN driver, which does not support flush by
> VLAN, but this command is handled by bridge driver, so entries in bridge
> are flushed even though user gets an error.
> 
> Note in the man page that such command is not recommended, instead, user
> should run flush command twice - once with 'self' and once with 'master',
> and each one with the supported attributes.
> 
> Signed-off-by: Amit Cohen <amcohen@...dia.com>
> ---
>   man/man8/bridge.8 | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
> index f76bf96b..ee6f2260 100644
> --- a/man/man8/bridge.8
> +++ b/man/man8/bridge.8
> @@ -943,6 +943,11 @@ command can also be used on the bridge device itself. The flag is set by default
>   .B master
>   if the specified network device is a port that belongs to a master device
>   such as a bridge, the operation is fulfilled by the master device's driver.
> +Flush with both 'master' and 'self' is not recommended with attributes that are
> +not supported by all devices (e.g., vlan, vni). Such command will be handled by
> +bridge or VXLAN driver, but will return an error from the driver that does not
> +support the attribute. Instead, run flush twice - once with 'self' and once
> +with 'master', and each one with the supported attributes.
>   
>   .TP
>   .B [no]permanent

Acked-by: Nikolay Aleksandrov <razor@...ckwall.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ