lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20241213033551.3706095-1-yongwang@nvidia.com>
Date: Thu, 12 Dec 2024 19:35:49 -0800
From: Yong Wang <yongwang@...dia.com>
To: razor@...ckwall.org,
	roopa@...dia.com,
	davem@...emloft.net,
	edumazet@...gle.com,
	netdev@...r.kernel.org
Cc: aroulin@...dia.com,
	idosch@...dia.com,
	nmiyar@...dia.com
Subject: [RFC v2 net-next 0/2] bridge: multicast: per vlan query improvement when port or vlan state changes 

The current implementation of br_multicast_enable_port() only operates on
port's multicast context, which doesn't take into account in case of vlan
snooping, one downside is the port's igmp query timer will NOT resume when
port state gets changed from BR_STATE_BLOCKING to BR_STATE_FORWARDING etc.

Such code flow will briefly look like:
1.vlan snooping 
  --> br_multicast_port_query_expired with per vlan port_mcast_ctx
  --> port in BR_STATE_BLOCKING state --> then one-shot timer discontinued

The port state could be changed by STP daemon or kernel STP, taking mstpd
as example:

2.mstpd --> netlink_sendmsg --> br_setlink --> br_set_port_state with non 
  blocking states, i.e. BR_STATE_LEARNING or BR_STATE_FORWARDING
  --> br_port_state_selection --> br_multicast_enable_port
  --> enable multicast with port's multicast_ctx

Here for per vlan query, the port_mcast_ctx of each vlan should be used
instead of port's multicast_ctx. The first patch corrects such behavior.

Similarly, vlan state could also impact multicast behavior, the 2nd patch
adds function to update the corresponding multicast context when vlan state
changes.


I can add selftests if the approach is good.


v2:
- patch #1:
  - add br_multicast_toggle_port() helper function
  - add lock protection when access vlan flags
- patch #2:
  - remove br_vlan_set_state_finish(), move implementation inside
    br_vlan_set_state()
  - add lock protection when access vlan flags


Yong Wang (2):
  net: bridge: multicast: re-implement port multicast enable/disable
    functions
  net: bridge: multicast: update multicast contex when vlan state gets
    changed

 net/bridge/br_mst.c       |  4 +-
 net/bridge/br_multicast.c | 96 +++++++++++++++++++++++++++++++++++----
 net/bridge/br_private.h   | 10 +++-
 3 files changed, 99 insertions(+), 11 deletions(-)


base-commit: f3674384709b69c5cd8c4597b8bd73ea7bd0236f
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ