• Grygorii Strashko's avatar
    net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode · b26c7bec
    Grygorii Strashko authored
    [ Upstream commit 5e5add17 ]
    
    In dual_mac mode packets arrived on one port should not be forwarded by
    switch hw to another port. Only Linux Host can forward packets between
    ports. The below test case (reported in [1]) shows that packet arrived on
    one port can be leaked to anoter (reproducible with dual port evms):
     - connect port 1 (eth0) to linux Host 0 and run tcpdump or Wireshark
     - connect port 2 (eth1) to linux Host 1 with vlan 1 configured
     - ping <IPx> from Host 1 through vlan 1 interface.
    ARP packets will be seen on Host 0.
    
    Issue happens because dual_mac mode is implemnted using two vlans: 1 (Port
    1+Port 0) and 2 (Port 2+Port 0), so there are vlan records created for for
    each vlan. By default, the ALE will find valid vlan record in its table
    when vlan 1 tagged packet arrived on Port 2 and so forwards packet to all
    ports which are vlan 1 members (like Port.
    
    To avoid such behaviorr the ALE VLAN ID Ingress Check need to be enabled
    for each external CPSW port (ALE_PORTCTLn.VID_INGRESS_CHECK) so ALE will
    drop ingress packets if Rx port is not VLAN member.
    Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    b26c7bec
cpsw.c 78.3 KB