From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1Zzmj8-0003Ia-Cv for mharc-grub-devel@gnu.org; Fri, 20 Nov 2015 09:31:50 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55318) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zzmj5-0003Ge-9r for grub-devel@gnu.org; Fri, 20 Nov 2015 09:31:48 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zzmj2-00021i-3K for grub-devel@gnu.org; Fri, 20 Nov 2015 09:31:47 -0500 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:60901) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zzmj1-00021b-S2 for grub-devel@gnu.org; Fri, 20 Nov 2015 09:31:44 -0500 Received: from pps.filterd (m0044008.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id tAKESncg019806; Fri, 20 Nov 2015 06:31:40 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=facebook; bh=3RohvkmFAWZK5k6QdPP5Cl9rSeXTy4PWVHsODLyoK64=; b=KhYphoRFwKTugnxnhmC/yVzIktAIKKxuy+Vo0eihvsNhnufUC7ecR/5IqEfjGOB8+nD8 o1X/NRz2w+ej4z2xYKb8KHr5C99hOmUfNs8PlKQpFr7zDaW/4binrObp95WjkKoT37Sx uwv93jBI9Ucjf0YIB2Oz7dE6qYbT17ublho= Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 1y9us19ygh-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 20 Nov 2015 06:31:40 -0800 Received: from localhost.localdomain (192.168.54.13) by mail.thefacebook.com (192.168.16.24) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 20 Nov 2015 06:31:35 -0800 Subject: Re: [PATCH] efinet: filter multicast traffic based on addresses To: Andrei Borzenkov , The development of GNU GRUB , References: <1447785313-1383440-1-git-send-email-jbacik@fb.com> <564EFDB7.8060009@gmail.com> From: Josef Bacik Message-ID: <564F2EC6.7000604@fb.com> Date: Fri, 20 Nov 2015 09:31:34 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <564EFDB7.8060009@gmail.com> Content-Type: text/plain; charset="utf-8"; format=flowed X-Originating-IP: [192.168.54.13] X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-11-20_07:, , signatures=0 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-00082601.pphosted.com id tAKESncg019806 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 67.231.145.42 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2015 14:31:48 -0000 On 11/20/2015 06:02 AM, Andrei Borzenkov wrote: > 17.11.2015 21:35, Josef Bacik =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >> We have some hardware that claims to support PROMISCUOUS_MULTICAST but >> doesn't >> actually work. Instead utilize the multicast filters and specifically >> enable >> the multicast traffic we care about. In reality we only care about ip= v6 >> multicast traffic but enable ipv4 multicast as well just in case. >> Whenever we >> add a new address to the card we calculate the solicited node >> multicast address >> to the multicast filter. With this patch my broken hardware is still >> broken but >> functional. Thanks, >> >> Signed-off-by: Josef Bacik >> --- >> grub-core/net/drivers/efi/efinet.c | 84 >> ++++++++++++++++++++++++++++++++++---- >> grub-core/net/net.c | 2 + >> include/grub/net.h | 54 ++++++++++++------------ >> 3 files changed, 105 insertions(+), 35 deletions(-) >> >> diff --git a/grub-core/net/drivers/efi/efinet.c >> b/grub-core/net/drivers/efi/efinet.c >> index c8f80a1..bbbadd2 100644 >> --- a/grub-core/net/drivers/efi/efinet.c >> +++ b/grub-core/net/drivers/efi/efinet.c >> @@ -23,6 +23,7 @@ >> #include >> #include >> #include >> +#include >> >> GRUB_MOD_LICENSE ("GPLv3+"); >> >> @@ -183,8 +184,9 @@ open_card (struct grub_net_card *dev) >> We need unicast and broadcast and additionaly all nodes and >> solicited multicast for IPv6. Solicited multicast is per-IPv6 >> address and we currently do not have API to do it so simply >> - try to enable receive of all multicast packets or evertyhing in >> - the worst case (i386 PXE driver always enables promiscuous too). >> + enable the all node addresses and the link local address. We do >> this >> + because some firmware has been found to not do promiscuous >> multicast >> + mode properly. >> >> This does trust firmware to do what it claims to do. >> */ >> @@ -192,14 +194,25 @@ open_card (struct grub_net_card *dev) >> { >> grub_uint32_t filters =3D >> GRUB_EFI_SIMPLE_NETWORK_RECEIVE_UNICAST | >> GRUB_EFI_SIMPLE_NETWORK_RECEIVE_BROADCAST | >> - GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS_MULTICA= ST; >> + GRUB_EFI_SIMPLE_NETWORK_RECEIVE_MULTICAST; >> + grub_efi_status_t st; >> + grub_efi_mac_address_t mac_filter[2] =3D { >> + { 0x1, 0, 0x5e, 0, 0, 1, }, >> + { 0x33, 0x33, 0, 0, 0, 1, },}; >> >> filters &=3D net->mode->receive_filter_mask; >> - if (!(filters & >> GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS_MULTICAST)) >> - filters |=3D (net->mode->receive_filter_mask & >> - GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS); >> - > > > could you do a favor and test whether enabling lone > GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS (without any additional > filters flags) works for you? I.e. just do > > efi_call_6 (net->receive_filters, net, > GRUB_EFI_SIMPLE_NETWORK_RECEIVE_PROMISCUOUS, 0, 0, 0, NULL); > > It is possible that attempt to set promiscuous together with other > filters does not work. > > I still believe it is better workaround in general to avoid increasing > complexity. Yeah I was hoping it would work as well, I think I tried it previously=20 with and without EXCLUSIVE and it didn't work. Double checked this=20 morning and it didn't work. Thanks, Josef