Re: [PATCH] efinet: filter multicast traffic based on addresses

[Josef Bacik <jbacik@fb.com>]

On 11/20/2015 06:02 AM, Andrei Borzenkov wrote:
> 17.11.2015 21:35, Josef Bacik пишет:
>> We have some hardware that claims to support PROMISCUOUS_MULTICAST but
>> doesn't
>> actually work.  Instead utilize the multicast filters and specifically
>> enable
>> the multicast traffic we care about.  In reality we only care about ipv6
>> multicast traffic but enable ipv4 multicast as well just in case.
>> Whenever we
>> add a new address to the card we calculate the solicited node
>> multicast address
>> to the multicast filter.  With this patch my broken hardware is still
>> broken but
>> functional.  Thanks,
>>
>> Signed-off-by: Josef Bacik <jbacik@fb.com>
>> ---
>>   grub-core/net/drivers/efi/efinet.c | 84
>> ++++++++++++++++++++++++++++++++++----
>>   grub-core/net/net.c                |  2 +
>>   include/grub/net.h                 | 54 ++++++++++++------------
>>   3 files changed, 105 insertions(+), 35 deletions(-)
>>
>> diff --git a/grub-core/net/drivers/efi/efinet.c
>> b/grub-core/net/drivers/efi/efinet.c
>> index c8f80a1..bbbadd2 100644
>> --- a/grub-core/net/drivers/efi/efinet.c
>> +++ b/grub-core/net/drivers/efi/efinet.c
>> @@ -23,6 +23,7 @@
>>   #include <grub/efi/api.h>
>>   #include <grub/efi/efi.h>
>>   #include <grub/i18n.h>
>> +#include <grub/net/ip.h>
>>
>>   GRUB_MOD_LICENSE ("GPLv3+");
>>
>> @@ -183,8 +184,9 @@ open_card (struct grub_net_card *dev)
>>        We need unicast and broadcast and additionaly all nodes and
>>        solicited multicast for IPv6. Solicited multicast is per-IPv6
>>        address and we currently do not have API to do it so simply
>> -     try to enable receive of all multicast packets or evertyhing in
>> -     the worst case (i386 PXE driver always enables promiscuous too).
>> +     enable the all node addresses and the link local address.  We do
>> this
>> +     because some firmware has been found to not do promiscuous
>> multicast
>> +     mode properly.
>>
>>        This does trust firmware to do what it claims to do.
>>          */
>> @@ -192,14 +194,25 @@ open_card (struct grub_net_card *dev)
>>       {
>>         grub_uint32_t filters =
>> GRUB_EFI_SIMPLE_NETWORK_RECEIVE_UNICAST   |
>>                     GRUB_EFI_SIMPLE_NETWORK_RECEIVE_BROADCAST |
>> -                  GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS_MULTICAST;
>> +                  GRUB_EFI_SIMPLE_NETWORK_RECEIVE_MULTICAST;
>> +      grub_efi_status_t st;
>> +      grub_efi_mac_address_t mac_filter[2] = {
>> +          { 0x1, 0, 0x5e, 0, 0, 1, },
>> +          { 0x33, 0x33, 0, 0, 0, 1, },};
>>
>>         filters &= net->mode->receive_filter_mask;
>> -      if (!(filters &
>> GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS_MULTICAST))
>> -        filters |= (net->mode->receive_filter_mask &
>> -            GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS);
>> -
>
>
> could you do a favor and test whether enabling lone
> GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS (without any additional
> filters flags) works for you? I.e. just do
>
>    efi_call_6 (net->receive_filters, net,
> GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS, 0, 0, 0, NULL);
>
> It is possible that attempt to set promiscuous together with other
> filters does not work.
>
> I still believe it is better workaround in general to avoid increasing
> complexity.


Yeah I was hoping it would work as well, I think I tried it previously 
with and without EXCLUSIVE and it didn't work.  Double checked this 
morning and it didn't work.  Thanks,

Josef