lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <5753567a-527a-4c62-ae6a-c09ac9535a69@aol.com>
Date: Sat, 10 Aug 2024 01:48:55 -0400
From: Cang Household <canghousehold@....com>
To: netdev@...r.kernel.org
Subject: Advice on Using ACL on MT7531 from Userspace

Good morning from EDT...

 From my understanding, MT7531 has MDIO bus for management, and the 
datasheet says 256 rules are possible. The datasheet also suggests basic 
IP Header, and some L4 headers are capable of being filtered, so it 
would be quite nice to offload some ingress filtering through the switch 
chip.

does anyone know is it possible to use any userspace tools to interact 
with the MDIO interface of MT7531?


The overall goal is to build a zone-based FW based on two ports from 
MT7531. The ZBFW should be completely L3 agnostic, such that it does not 
rely on IP forwarding, but rather perform filtering on forwarded frames. 
This is a difficulty that when I bridge two member ports of a DSA 
switch, the hardware switching would kick in and the CPU port would be 
completely blind of what traffic are passing through.

Is there a way to turn off DSA switch offloading between bridged DSA ports?


Thanks.
Lucas.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ