git.baikalelectronics.ru Git - kernel.git/commit

author	Tristram Ha <Tristram.Ha@microchip.com>
	Thu, 20 Dec 2018 02:59:31 +0000 (18:59 -0800)
committer	David S. Miller <davem@davemloft.net>
	Fri, 21 Dec 2018 00:19:29 +0000 (16:19 -0800)
commit	8470e1e9ff785dbbdd048052a6925bccf8a5c0dd
tree	ab908f9bda3feb144430e3b3f7e94a7355e0b2f9	tree \| snapshot
parent	63e4c813ec8133dcfa99b5126ef4ab332505e890	commit \| diff

net: dsa: microchip: fix unicast frame leak

Port partitioning is done by enabling UNICAST_VLAN_BOUNDARY and changing
the default port membership of 0x7f to other values such that there is
no communication between ports.  In KSZ9477 the member for port 1 is
0x41; port 2, 0x42; port 3, 0x44; port 4, 0x48; port 5, 0x50; and port 7,
0x60.  Port 6 is the host port.

Setting a zero value can be used to stop port from receiving.

However, when UNICAST_VLAN_BOUNDARY is disabled and the unicast addresses
are already learned in the dynamic MAC table, setting zero still allows
devices connected to those ports to communicate.  This does not apply to
multicast and broadcast addresses though.  To prevent these leaks and
make the function of port membership consistent UNICAST_VLAN_BOUNDARY
should never be disabled.

Note that UNICAST_VLAN_BOUNDARY is enabled by default in KSZ9477.

Fixes: 93279a8384af47f7 ("dsa: add DSA switch driver for Microchip KSZ9477")
Signed-off-by: Tristram Ha <Tristram.Ha@microchip.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>