[LEDE-DEV] [PATCH] BT Home Hub 5A: configure Red Ethernet as DMZ interface (FS#490) and fix Red Ethernet switch port (FS#390)

Mathias Kresin dev at kresin.me
Mon Feb 20 13:58:42 PST 2017 

18.02.2017 19:05, Felix Fietkau:
> On 2017-02-18 16:57, Mathias Kresin wrote:
>> @Felix: Would you please do a review of my changes. You added the
>> function in question with c536da3 "lantiq: add VLAN handling fixes to
>> xrx200 ethernet driver" but unfortunately without commit message.
>>
>> I'm not sure about the purpose of the introduced function or which
>> (reproducible) issue gets fixed with the function. Might be that there
>> is some kind of logic bug in the function that I workaround for
>> broadcast packages now. The best case would be if you only missed that
>> is_multicast_ether_addr() is true for the broadcast address as well and
>> the function was never intended to handle broadcast packages.
> This function actually was intended to handle broadcast packets, and in
> the tests that I made back when I wrote the patch, it resolved an issue
> pretty much like you're describing.
>
> So the patch in your staging tree which adds the is_broadcast_ether_addr
> check is wrong, and we need to look into why the portmap feature for
> multicast packets doesn't work properly.
>
> If you can reproduce the issue, please add a printk to show the data of
> the special tag for packets which are leaking onto the wrong vlan, as
> well as the switch configuration and the values of hw->vlan_port_map.

Hey Felix,

here are the requested printks:

special tag pre multicast cond:  0x02000001
special tag post multicast cond: 0x0200c0af
special tag final:               0x0200c0ef

I observed leaking spanning tree protocol packages as well, which made 
it obvious that my patch doesn't properly fix the issue.

It should be fairly easy to reproduce the issue. Create two vlans, ping 
a not assigned ipv4 address in one of the vlans ipv4 subnets to force 
the arp packages => arp request is send to both vlans/all ports. The STP 
packages leak to the wan interface as soon as STP is enabled for the lan 
bridge.

As soon as I remove the whole "is multicast" condition the special tag 
variable has the following values:

special tag pre multicast cond:  0x02000001
special tag post multicast cond: 0x02000001
special tag final:               0x0200006f

and I'm no longer able to observe any package leakage. I've tested with 
local broadcast (ARP) and with STP packages. To test whether this change 
causes package leaks for external send packages, I've send ARP packages 
and IGMPv3 packages from an client to the router. But still no package 
leakage.

I've reverted my setup to have the lantiq,wan eth1 interface again and 
even in this setup I wasn't able cause package leakage between vlans 
with the whole "is multicast" condition removed.

Mathias

More information about the Lede-dev mailing list