lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1744896433.git.petrm@nvidia.com>
Date: Thu, 17 Apr 2025 15:43:11 +0200
From: Petr Machata <petrm@...dia.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
	<netdev@...r.kernel.org>
CC: Nikolay Aleksandrov <razor@...ckwall.org>, Ido Schimmel
	<idosch@...dia.com>, <bridge@...ts.linux.dev>, Yong Wang
	<yongwang@...dia.com>, Andy Roulin <aroulin@...dia.com>, Petr Machata
	<petrm@...dia.com>, <mlxsw@...dia.com>
Subject: [PATCH net-next 0/3] bridge: multicast: per vlan query improvement when port or vlan state changes

From: Yong Wang <yongwang@...dia.com>

The current implementation of br_multicast_enable_port() only operates on
port's multicast context, which doesn't take into account in case of vlan
snooping, one downside is the port's igmp query timer will NOT resume when
port state gets changed from BR_STATE_BLOCKING to BR_STATE_FORWARDING etc.

Such code flow will briefly look like:
1.vlan snooping
  --> br_multicast_port_query_expired with per vlan port_mcast_ctx
  --> port in BR_STATE_BLOCKING state --> then one-shot timer discontinued

The port state could be changed by STP daemon or kernel STP, taking mstpd
as example:

2.mstpd --> netlink_sendmsg --> br_setlink --> br_set_port_state with non
  blocking states, i.e. BR_STATE_LEARNING or BR_STATE_FORWARDING
  --> br_port_state_selection --> br_multicast_enable_port
  --> enable multicast with port's multicast_ctx

Here for per vlan snooping, the vlan context of the port should be used
instead of port's multicast_ctx. The first patch corrects such behavior.

Similarly, vlan state change also impacts multicast behavior, the 2nd patch
adds function to update the corresponding multicast context when vlan state
changes.

The 3rd patch adds the selftests to confirm that IGMP/MLD query does happen
when the STP state becomes forwarding.

Yong Wang (3):
  net: bridge: mcast: re-implement br_multicast_{enable, disable}_port
    functions
  net: bridge: mcast: update multicast contex when vlan state is changed
  selftests: net/bridge : add tests for per vlan snooping with stp state
    changes

 net/bridge/br_mst.c                           |   4 +-
 net/bridge/br_multicast.c                     | 103 ++++++++++++++++--
 net/bridge/br_private.h                       |  11 +-
 .../selftests/net/forwarding/bridge_igmp.sh   |  80 +++++++++++++-
 .../selftests/net/forwarding/bridge_mld.sh    |  81 +++++++++++++-
 tools/testing/selftests/net/forwarding/config |   1 +
 6 files changed, 261 insertions(+), 19 deletions(-)

-- 
2.49.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ