lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240614095145.7405f667@wsk>
Date: Fri, 14 Jun 2024 09:51:45 +0200
From: Lukasz Majewski <lukma@...x.de>
To: Wojciech Drewek <wojciech.drewek@...el.com>
Cc: Jakub Kicinski <kuba@...nel.org>, <netdev@...r.kernel.org>, Paolo Abeni
 <pabeni@...hat.com>, Eric Dumazet <edumazet@...gle.com>, Vladimir Oltean
 <olteanv@...il.com>, "David S. Miller" <davem@...emloft.net>, Oleksij
 Rempel <o.rempel@...gutronix.de>, <Tristram.Ha@...rochip.com>, "Sebastian
 Andrzej Siewior" <bigeasy@...utronix.de>, Ravi Gunasekaran
 <r-gunasekaran@...com>, Simon Horman <horms@...nel.org>, Nikita
 Zhandarovich <n.zhandarovich@...tech.ru>, Murali Karicheri
 <m-karicheri2@...com>, "Arvid Brodin" <Arvid.Brodin@...n.com>, Dan
 Carpenter <dan.carpenter@...aro.org>, "Ricardo B. Marliere"
 <ricardo@...liere.net>, Casper Andersson <casper.casan@...il.com>,
 <linux-kernel@...r.kernel.org>, Hangbin Liu <liuhangbin@...il.com>, Geliang
 Tang <tanggeliang@...inos.cn>, Shuah Khan <shuah@...nel.org>, Shigeru
 Yoshida <syoshida@...hat.com>
Subject: Re: [PATCH v3 net-next] net: hsr: Send supervisory frames to HSR
 network with ProxyNodeTable data

On Thu, 13 Jun 2024 17:11:44 +0200
Wojciech Drewek <wojciech.drewek@...el.com> wrote:

> On 10.06.2024 15:39, Lukasz Majewski wrote:
> > This patch provides support for sending supervision HSR frames with
> > MAC addresses stored in ProxyNodeTable when RedBox (i.e. HSR-SAN) is
> > enabled.
> > 
> > Supervision frames with RedBox MAC address (appended as second TLV)
> > are only send for ProxyNodeTable nodes.
> > 
> > This patch series shall be tested with hsr_redbox.sh script.
> > 
> > Signed-off-by: Lukasz Majewski <lukma@...x.de>
> > ---  
> 
> You forgot to include my tag:
> Reviewed-by: Wojciech Drewek <wojciech.drewek@...el.com>
> 

Yes, sorry for that...

> > 
> > Changes for v2:
> > - Fix the Reverse Christmas Tree formatting
> > - Return directly values from hsr_is_node_in_db() and
> > ether_addr_equal()
> > - Change the internal variable check
> > 
> > Changes for v3:
> > - Change 'const unsigned char addr[ETH_ALEN]' to
> >   'const unsigned char *addr' in send_hsr/prp_supervision_frame()
> > functions
> > 
> > - Add sizeof(struct hsr_sup_payload) to pskb_may_pull to assure
> > that the payload is present.
> > ---
> >  net/hsr/hsr_device.c   | 63
> > ++++++++++++++++++++++++++++++++++-------- net/hsr/hsr_forward.c  |
> > 37 +++++++++++++++++++++++-- net/hsr/hsr_framereg.c | 12 ++++++++
> >  net/hsr/hsr_framereg.h |  2 ++
> >  net/hsr/hsr_main.h     |  4 ++-
> >  net/hsr/hsr_netlink.c  |  1 +
> >  6 files changed, 105 insertions(+), 14 deletions(-)
> > 
> > diff --git a/net/hsr/hsr_device.c b/net/hsr/hsr_device.c
> > index e6904288d40d..e4cc6b78dcfc 100644
> > --- a/net/hsr/hsr_device.c
> > +++ b/net/hsr/hsr_device.c
> > @@ -73,9 +73,15 @@ static void hsr_check_announce(struct net_device
> > *hsr_dev) mod_timer(&hsr->announce_timer, jiffies +
> >  				  msecs_to_jiffies(HSR_ANNOUNCE_INTERVAL));
> >  		}
> > +
> > +		if (hsr->redbox &&
> > !timer_pending(&hsr->announce_proxy_timer))
> > +			mod_timer(&hsr->announce_proxy_timer,
> > jiffies +
> > +
> > msecs_to_jiffies(HSR_ANNOUNCE_INTERVAL) / 2); } else {
> >  		/* Deactivate the announce timer  */
> >  		timer_delete(&hsr->announce_timer);
> > +		if (hsr->redbox)
> > +			timer_delete(&hsr->announce_proxy_timer);
> >  	}
> >  }
> >  
> > @@ -279,10 +285,11 @@ static struct sk_buff *hsr_init_skb(struct
> > hsr_port *master) return NULL;
> >  }
> >  
> > -static void send_hsr_supervision_frame(struct hsr_port *master,
> > -				       unsigned long *interval)
> > +static void send_hsr_supervision_frame(struct hsr_port *port,
> > +				       unsigned long *interval,
> > +				       const unsigned char *addr)
> >  {
> > -	struct hsr_priv *hsr = master->hsr;
> > +	struct hsr_priv *hsr = port->hsr;
> >  	__u8 type = HSR_TLV_LIFE_CHECK;
> >  	struct hsr_sup_payload *hsr_sp;
> >  	struct hsr_sup_tlv *hsr_stlv;
> > @@ -296,9 +303,9 @@ static void send_hsr_supervision_frame(struct
> > hsr_port *master, hsr->announce_count++;
> >  	}
> >  
> > -	skb = hsr_init_skb(master);
> > +	skb = hsr_init_skb(port);
> >  	if (!skb) {
> > -		netdev_warn_once(master->dev, "HSR: Could not send
> > supervision frame\n");
> > +		netdev_warn_once(port->dev, "HSR: Could not send
> > supervision frame\n"); return;
> >  	}
> >  
> > @@ -321,11 +328,12 @@ static void send_hsr_supervision_frame(struct
> > hsr_port *master, hsr_stag->tlv.HSR_TLV_length = hsr->prot_version ?
> >  				sizeof(struct hsr_sup_payload) :
> > 12; 
> > -	/* Payload: MacAddressA */
> > +	/* Payload: MacAddressA / SAN MAC from ProxyNodeTable */
> >  	hsr_sp = skb_put(skb, sizeof(struct hsr_sup_payload));
> > -	ether_addr_copy(hsr_sp->macaddress_A,
> > master->dev->dev_addr);
> > +	ether_addr_copy(hsr_sp->macaddress_A, addr);
> >  
> > -	if (hsr->redbox) {
> > +	if (hsr->redbox &&
> > +	    hsr_is_node_in_db(&hsr->proxy_node_db, addr)) {
> >  		hsr_stlv = skb_put(skb, sizeof(struct
> > hsr_sup_tlv)); hsr_stlv->HSR_TLV_type = PRP_TLV_REDBOX_MAC;
> >  		hsr_stlv->HSR_TLV_length = sizeof(struct
> > hsr_sup_payload); @@ -340,13 +348,14 @@ static void
> > send_hsr_supervision_frame(struct hsr_port *master, return;
> >  	}
> >  
> > -	hsr_forward_skb(skb, master);
> > +	hsr_forward_skb(skb, port);
> >  	spin_unlock_bh(&hsr->seqnr_lock);
> >  	return;
> >  }
> >  
> >  static void send_prp_supervision_frame(struct hsr_port *master,
> > -				       unsigned long *interval)
> > +				       unsigned long *interval,
> > +				       const unsigned char *addr)
> >  {
> >  	struct hsr_priv *hsr = master->hsr;
> >  	struct hsr_sup_payload *hsr_sp;
> > @@ -396,7 +405,7 @@ static void hsr_announce(struct timer_list *t)
> >  
> >  	rcu_read_lock();
> >  	master = hsr_port_get_hsr(hsr, HSR_PT_MASTER);
> > -	hsr->proto_ops->send_sv_frame(master, &interval);
> > +	hsr->proto_ops->send_sv_frame(master, &interval,
> > master->dev->dev_addr); 
> >  	if (is_admin_up(master->dev))
> >  		mod_timer(&hsr->announce_timer, jiffies +
> > interval); @@ -404,6 +413,37 @@ static void hsr_announce(struct
> > timer_list *t) rcu_read_unlock();
> >  }
> >  
> > +/* Announce (supervision frame) timer function for RedBox
> > + */
> > +static void hsr_proxy_announce(struct timer_list *t)
> > +{
> > +	struct hsr_priv *hsr = from_timer(hsr, t,
> > announce_proxy_timer);
> > +	struct hsr_port *interlink;
> > +	unsigned long interval = 0;
> > +	struct hsr_node *node;
> > +
> > +	rcu_read_lock();
> > +	/* RedBOX sends supervisory frames to HSR network with MAC
> > addresses
> > +	 * of SAN nodes stored in ProxyNodeTable.
> > +	 */
> > +	interlink = hsr_port_get_hsr(hsr, HSR_PT_INTERLINK);
> > +	list_for_each_entry_rcu(node, &hsr->proxy_node_db,
> > mac_list) {
> > +		if (hsr_addr_is_redbox(hsr, node->macaddress_A))
> > +			continue;
> > +		hsr->proto_ops->send_sv_frame(interlink, &interval,
> > +					      node->macaddress_A);
> > +	}
> > +
> > +	if (is_admin_up(interlink->dev)) {
> > +		if (!interval)
> > +			interval =
> > msecs_to_jiffies(HSR_ANNOUNCE_INTERVAL); +
> > +		mod_timer(&hsr->announce_proxy_timer, jiffies +
> > interval);
> > +	}
> > +
> > +	rcu_read_unlock();
> > +}
> > +
> >  void hsr_del_ports(struct hsr_priv *hsr)
> >  {
> >  	struct hsr_port *port;
> > @@ -590,6 +630,7 @@ int hsr_dev_finalize(struct net_device
> > *hsr_dev, struct net_device *slave[2],
> > timer_setup(&hsr->announce_timer, hsr_announce, 0);
> > timer_setup(&hsr->prune_timer, hsr_prune_nodes, 0);
> > timer_setup(&hsr->prune_proxy_timer, hsr_prune_proxy_nodes, 0);
> > +	timer_setup(&hsr->announce_proxy_timer,
> > hsr_proxy_announce, 0); 
> >  	ether_addr_copy(hsr->sup_multicast_addr,
> > def_multicast_addr); hsr->sup_multicast_addr[ETH_ALEN - 1] =
> > multicast_spec; diff --git a/net/hsr/hsr_forward.c
> > b/net/hsr/hsr_forward.c index 05a61b8286ec..960ef386bc3a 100644
> > --- a/net/hsr/hsr_forward.c
> > +++ b/net/hsr/hsr_forward.c
> > @@ -117,6 +117,35 @@ static bool is_supervision_frame(struct
> > hsr_priv *hsr, struct sk_buff *skb) return true;
> >  }
> >  
> > +static bool is_proxy_supervision_frame(struct hsr_priv *hsr,
> > +				       struct sk_buff *skb)
> > +{
> > +	struct hsr_sup_payload *payload;
> > +	struct ethhdr *eth_hdr;
> > +	u16 total_length = 0;
> > +
> > +	eth_hdr = (struct ethhdr *)skb_mac_header(skb);
> > +
> > +	/* Get the HSR protocol revision. */
> > +	if (eth_hdr->h_proto == htons(ETH_P_HSR))
> > +		total_length = sizeof(struct hsrv1_ethhdr_sp);
> > +	else
> > +		total_length = sizeof(struct hsrv0_ethhdr_sp);
> > +
> > +	if (!pskb_may_pull(skb, total_length + sizeof(struct
> > hsr_sup_payload)))
> > +		return false;
> > +
> > +	skb_pull(skb, total_length);
> > +	payload = (struct hsr_sup_payload *)skb->data;
> > +	skb_push(skb, total_length);
> > +
> > +	/* For RedBox (HSR-SAN) check if we have received the
> > supervision
> > +	 * frame with MAC addresses from own ProxyNodeTable.
> > +	 */
> > +	return hsr_is_node_in_db(&hsr->proxy_node_db,
> > +				 payload->macaddress_A);
> > +}
> > +
> >  static struct sk_buff *create_stripped_skb_hsr(struct sk_buff
> > *skb_in, struct hsr_frame_info *frame)
> >  {
> > @@ -499,7 +528,8 @@ static void hsr_forward_do(struct
> > hsr_frame_info *frame) frame->sequence_nr))
> >  			continue;
> >  
> > -		if (frame->is_supervision && port->type ==
> > HSR_PT_MASTER) {
> > +		if (frame->is_supervision && port->type ==
> > HSR_PT_MASTER &&
> > +		    !frame->is_proxy_supervision) {
> >  			hsr_handle_sup_frame(frame);
> >  			continue;
> >  		}
> > @@ -637,6 +667,9 @@ static int fill_frame_info(struct
> > hsr_frame_info *frame, 
> >  	memset(frame, 0, sizeof(*frame));
> >  	frame->is_supervision = is_supervision_frame(port->hsr,
> > skb);
> > +	if (frame->is_supervision && hsr->redbox)
> > +		frame->is_proxy_supervision =
> > +			is_proxy_supervision_frame(port->hsr, skb);
> >  
> >  	n_db = &hsr->node_db;
> >  	if (port->type == HSR_PT_INTERLINK)
> > @@ -688,7 +721,7 @@ void hsr_forward_skb(struct sk_buff *skb,
> > struct hsr_port *port) /* Gets called for ingress frames as well as
> > egress from master port.
> >  	 * So check and increment stats for master port only here.
> >  	 */
> > -	if (port->type == HSR_PT_MASTER) {
> > +	if (port->type == HSR_PT_MASTER || port->type ==
> > HSR_PT_INTERLINK) { port->dev->stats.tx_packets++;
> >  		port->dev->stats.tx_bytes += skb->len;
> >  	}
> > diff --git a/net/hsr/hsr_framereg.c b/net/hsr/hsr_framereg.c
> > index 614df9649794..73bc6f659812 100644
> > --- a/net/hsr/hsr_framereg.c
> > +++ b/net/hsr/hsr_framereg.c
> > @@ -36,6 +36,14 @@ static bool seq_nr_after(u16 a, u16 b)
> >  #define seq_nr_before(a, b)		seq_nr_after((b), (a))
> >  #define seq_nr_before_or_eq(a, b)	(!seq_nr_after((a), (b)))
> >  
> > +bool hsr_addr_is_redbox(struct hsr_priv *hsr, unsigned char *addr)
> > +{
> > +	if (!hsr->redbox ||
> > !is_valid_ether_addr(hsr->macaddress_redbox))
> > +		return false;
> > +
> > +	return ether_addr_equal(addr, hsr->macaddress_redbox);
> > +}
> > +
> >  bool hsr_addr_is_self(struct hsr_priv *hsr, unsigned char *addr)
> >  {
> >  	struct hsr_self_node *sn;
> > @@ -591,6 +599,10 @@ void hsr_prune_proxy_nodes(struct timer_list
> > *t) 
> >  	spin_lock_bh(&hsr->list_lock);
> >  	list_for_each_entry_safe(node, tmp, &hsr->proxy_node_db,
> > mac_list) {
> > +		/* Don't prune RedBox node. */
> > +		if (hsr_addr_is_redbox(hsr, node->macaddress_A))
> > +			continue;
> > +
> >  		timestamp = node->time_in[HSR_PT_INTERLINK];
> >  
> >  		/* Prune old entries */
> > diff --git a/net/hsr/hsr_framereg.h b/net/hsr/hsr_framereg.h
> > index 7619e31c1d2d..993fa950d814 100644
> > --- a/net/hsr/hsr_framereg.h
> > +++ b/net/hsr/hsr_framereg.h
> > @@ -22,6 +22,7 @@ struct hsr_frame_info {
> >  	struct hsr_node *node_src;
> >  	u16 sequence_nr;
> >  	bool is_supervision;
> > +	bool is_proxy_supervision;
> >  	bool is_vlan;
> >  	bool is_local_dest;
> >  	bool is_local_exclusive;
> > @@ -35,6 +36,7 @@ struct hsr_node *hsr_get_node(struct hsr_port
> > *port, struct list_head *node_db, enum hsr_port_type rx_port);
> >  void hsr_handle_sup_frame(struct hsr_frame_info *frame);
> >  bool hsr_addr_is_self(struct hsr_priv *hsr, unsigned char *addr);
> > +bool hsr_addr_is_redbox(struct hsr_priv *hsr, unsigned char *addr);
> >  
> >  void hsr_addr_subst_source(struct hsr_node *node, struct sk_buff
> > *skb); void hsr_addr_subst_dest(struct hsr_node *node_src, struct
> > sk_buff *skb, diff --git a/net/hsr/hsr_main.h b/net/hsr/hsr_main.h
> > index 23850b16d1ea..ab1f8d35d9dc 100644
> > --- a/net/hsr/hsr_main.h
> > +++ b/net/hsr/hsr_main.h
> > @@ -170,7 +170,8 @@ struct hsr_node;
> >  
> >  struct hsr_proto_ops {
> >  	/* format and send supervision frame */
> > -	void (*send_sv_frame)(struct hsr_port *port, unsigned long
> > *interval);
> > +	void (*send_sv_frame)(struct hsr_port *port, unsigned long
> > *interval,
> > +			      const unsigned char addr[ETH_ALEN]);
> >  	void (*handle_san_frame)(bool san, enum hsr_port_type port,
> >  				 struct hsr_node *node);
> >  	bool (*drop_frame)(struct hsr_frame_info *frame, struct
> > hsr_port *port); @@ -197,6 +198,7 @@ struct hsr_priv {
> >  	struct list_head	proxy_node_db;	/* RedBox
> > HSR proxy nodes */ struct hsr_self_node	__rcu
> > *self_node;	/* MACs of slaves */ struct timer_list
> > announce_timer;	/* Supervision frame dispatch */
> > +	struct timer_list	announce_proxy_timer;
> >  	struct timer_list	prune_timer;
> >  	struct timer_list	prune_proxy_timer;
> >  	int announce_count;
> > diff --git a/net/hsr/hsr_netlink.c b/net/hsr/hsr_netlink.c
> > index 898f18c6da53..f6ff0b61e08a 100644
> > --- a/net/hsr/hsr_netlink.c
> > +++ b/net/hsr/hsr_netlink.c
> > @@ -131,6 +131,7 @@ static void hsr_dellink(struct net_device *dev,
> > struct list_head *head) del_timer_sync(&hsr->prune_timer);
> >  	del_timer_sync(&hsr->prune_proxy_timer);
> >  	del_timer_sync(&hsr->announce_timer);
> > +	timer_delete_sync(&hsr->announce_proxy_timer);
> >  
> >  	hsr_debugfs_term(hsr);
> >  	hsr_del_ports(hsr);  




Best regards,

Lukasz Majewski

--

DENX Software Engineering GmbH,      Managing Director: Erika Unter
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma@...x.de

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ