lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <MR1P264MB368139E2B561ADA6ABC86534F84F2@MR1P264MB3681.FRAP264.PROD.OUTLOOK.COM>
Date: Fri, 25 Oct 2024 16:07:54 +0000
From: Hervé Gourmelon <herve.gourmelon@...nops.com>
To: Tobias Waldekranz <tobias@...dekranz.com>, Andrew Lunn <andrew@...n.ch>,
	Florian Fainelli <f.fainelli@...il.com>, Vivien Didelot
	<vivien.didelot@...il.com>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Vladimir Oltean
	<vladimir.oltean@....com>
Subject: RE: [PATCH 1/1] net: dsa: fix tag_dsa.c for untagged VLANs

On fri, oct 25, 2024 at 17:01, Tobias Waldekranz <tobias@...dekranz.com> wrote:
>Hi,

>Could you provide the iproute2/bridge commands used to create this
>bridge?

Sure.

I'm creating a VLAN-filtering bridge:

            ip link add name br2 type bridge vlan_filtering 1 vlan_default_pvid 0

then adding a number of ports to it (with $itemPort being my variable name for the new ports):

            ip link set $itemPort master br2
            ip link set $itemPort up

then setting up the VLAN on the bridge (with VID = $index_vlan):

            bridge vlan add dev br2 vid $index_vlan self
            bridge vlan global set dev br2 vid $index_vlan
            bridge vlan add dev $itemPort vid $index_vlan pvid untagged


>This only matters for FROM_CPU tags, which contain _destination_
>information.
>
>FORWARD tags contain information about how a packet was originally
>_received_. When receiving a FORWARD, the switch uses VTU membership
>data to determine whether to egress tagged or untagged, per port.

As i mentioned in my answer to Vladimir, this is not what I experienced. 
I had to reset the Src_Tagged bit for both tags.
But maybe I'm doing something wrong. It's the first time in 12 years 
on that platform that I had to set up an untagged VLAN bridge, so I had
not encountered the problem before.
FYI here is what my DSA looks like (typically, I'm trying to egress untagged traffic on Port0/meth10):
  

                                          +----------+ 
                                Port9(DSA)|          |--->Port0(meth10)  
                                      +---| Switch#1 | 
                                      |   |          | 
                                      |   +----------+ 
 +-------+              +----------+  | 
 |       |   PortA(EDSA)|          |--+Port8(DSA) 
 |  CPU  |--------------| Switch#2 | 
 |       |              |          |--+Port9(DSA) 
 +-------+              +----------+  | 
                                      | 
                                      |   +----------+ 
                                      |   |          | 
                                      +---| Switch#3 | 
                                Port9(DSA)|          | 
                                          +----------+  

I hope that helps. Thanks for your time!
Hervé

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ