lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 17 Apr 2024 10:13:11 +0200
From: Lukasz Majewski <lukma@...x.de>
To: Casper Andersson <casper.casan@...il.com>
Cc: netdev@...r.kernel.org, Andrew Lunn <andrew@...n.ch>, Eric Dumazet
 <edumazet@...gle.com>, Vladimir Oltean <olteanv@...il.com>, "David S.
 Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Oleksij
 Rempel <o.rempel@...gutronix.de>, Tristram.Ha@...rochip.com, Sebastian
 Andrzej Siewior <bigeasy@...utronix.de>, Paolo Abeni <pabeni@...hat.com>,
 Ravi Gunasekaran <r-gunasekaran@...com>, Simon Horman <horms@...nel.org>,
 Nikita Zhandarovich <n.zhandarovich@...tech.ru>, Murali Karicheri
 <m-karicheri2@...com>, Jiri Pirko <jiri@...nulli.us>, Dan Carpenter
 <dan.carpenter@...aro.org>, Ziyang Xuan <william.xuanziyang@...wei.com>,
 Shigeru Yoshida <syoshida@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] net: hsr: Provide RedBox support (HSR-SAN)

Hi Casper,

> Hi,
> 
> Out of curiosity, are you planning to implement the remaining RedBox
> modes too (PRP-SAN, HSR-HSR, HSR-PRP)?
> 

Currently I'm assigned to implement HSR-SAN.

> On 2024-04-02 10:58 +0200, Lukasz Majewski wrote:
> > Changes for v3:
> >
> > - Modify frame passed Port C (Interlink) to have RedBox's source
> > address (SA) This fixes issue with connecting L2 switch to
> > Interlink Port as switches drop frames with SA other than one
> > registered in their (internal) routing tables.  
> 
> > +	/* When HSR node is used as RedBox - the frame received
> > from HSR ring
> > +	 * requires source MAC address (SA) replacement to one
> > which can be
> > +	 * recognized by SAN devices (otherwise, frames are
> > dropped by switch)
> > +	 */
> > +	if (port->type == HSR_PT_INTERLINK)
> > +		ether_addr_copy(eth_hdr(skb)->h_source,
> > +				port->hsr->macaddress_redbox);  
> 
> I'm not really understanding the reason for this change. Can you
> explain it in more detail?

According to the HSR standard [1] the RedBox device shall work as a
"proxy" [*] between HSR network and SAN (i.e. "normal" ethernet)
devices.

This particular snippet handles the situation when frame from HSR node
is supposed to be sent to SAN network. In that case the SA of HSR
(SA_A) is replaced with SA of RedBox (SA_RB) as the MAC address of
RedBox is known and used by SAN devices.


Node A  hsr1  |======| hsr1 Node Redbox |   |
(SA_A) [**]   |	     |           eth3   |---| ethX SAN
	      |      |        	 (SA_RB)|   |  (e.g switch)


(the ====== represents duplicate link - like lan1,lan2)

If the SA_A would be passed to SAN (e.g. switch) the switch could get
confused as also RedBox MAC address would be used. Hence, all the
frames going out from "Node Redbox" have SA set to SA_RB.

According to [1] - RedBox shall have the MAC address.
This is similar to problem from [2].

> The standard does not say to modify the
> SA. However, it also does not say to *not* modify it in HSR-SAN mode
> like it does in other places. In HSR-HSR and HSR-PRP mode modifying
> SA breaks the duplicate discard.

IMHO, the HSR-SAN shall be regarded as a "proxy" [*] between two types
(and not fully compatible) networks.

> So keeping the same behavior for all
> modes would be ideal.
> 
> I imagine any HW offloaded solutions will not modify the SA, so if
> possible the SW should also behave as such.

The HW offloading in most cases works with HSR-HSR setup (i.e. it
duplicates frames automatically or discards them when recived - like
ksz9477).

I think that RedBox HW offloading would be difficult to achieve to
comply with standard. One "rough" idea would be to configure
aforementioned ksz9477 to pass all frames in its HW between.



> 
> BR,
> Casper

Notes:

[*] - However there is no specific "guidelines" on how the "proxy"
shall be implemented.

[**] - With current approach - the SAN MAC addresses are added to
"node table" of Node A. For Node RedBox those are stored in a separate
ProxyNodeTable. I'm not sure if this is the best possible approach
[***], as ideally only MAC addresses of HSR "network" nodes shall be
visible.

[***] - I think that this "improvement" could be addressed when HSR
support is added to Linux as it is the pre-requisite to add support for
it to iproute2. Afterwards, the code can be further refined (as it
would be added to net-next anyway).

[****] - As I'm now "on the topic" - I can share full setup for busybox to run
tests included to v5 of this patch set.


Links:

[1] - IEC 62439-3:2021

[2] -
https://elixir.bootlin.com/linux/latest/source/net/hsr/hsr_framereg.c#L397

Best regards,

Lukasz Majewski

--

DENX Software Engineering GmbH,      Managing Director: Erika Unter
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma@...x.de

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ