From: Hans Schultz <schultz.hans@gmail.com>
To: Vladimir Oltean <olteanv@gmail.com>,
Hans Schultz <schultz.hans@gmail.com>
Cc: Ivan Vecera <ivecera@redhat.com>, Andrew Lunn <andrew@lunn.ch>,
Florian Fainelli <f.fainelli@gmail.com>,
Jiri Pirko <jiri@resnulli.us>,
Daniel Borkmann <daniel@iogearbox.net>,
netdev@vger.kernel.org, Nikolay Aleksandrov <razor@blackwall.org>,
bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
Vivien Didelot <vivien.didelot@gmail.com>,
Ido Schimmel <idosch@nvidia.com>,
linux-kselftest@vger.kernel.org, Roopa Prabhu <roopa@nvidia.com>,
kuba@kernel.org, Shuah Khan <shuah@kernel.org>,
davem@davemloft.net
Subject: Re: [Bridge] [PATCH v2 net-next 2/4] net: switchdev: add support for offloading of fdb locked flag
Date: Wed, 23 Mar 2022 15:42:24 +0100 [thread overview]
Message-ID: <86h77owx0v.fsf@gmail.com> (raw)
In-Reply-To: <20220323123534.i2whyau3doq2xdxg@skbuf>
On ons, mar 23, 2022 at 14:35, Vladimir Oltean <olteanv@gmail.com> wrote:
> On Wed, Mar 23, 2022 at 01:29:52PM +0100, Hans Schultz wrote:
>> On tor, mar 17, 2022 at 10:39, Hans Schultz <schultz.hans@gmail.com> wrote:
>> > Used for Mac-auth/MAB feature in the offloaded case.
>> >
>> > Signed-off-by: Hans Schultz <schultz.hans+netdev@gmail.com>
>> > ---
>> > include/net/switchdev.h | 3 ++-
>> > net/bridge/br.c | 3 ++-
>> > net/bridge/br_fdb.c | 7 +++++--
>> > net/bridge/br_private.h | 2 +-
>> > 4 files changed, 10 insertions(+), 5 deletions(-)
>> >
>> > diff --git a/include/net/switchdev.h b/include/net/switchdev.h
>> > index 3e424d40fae3..d5d923411f5e 100644
>> > --- a/include/net/switchdev.h
>> > +++ b/include/net/switchdev.h
>> > @@ -229,7 +229,8 @@ struct switchdev_notifier_fdb_info {
>> > u16 vid;
>> > u8 added_by_user:1,
>> > is_local:1,
>> > - offloaded:1;
>> > + offloaded:1,
>> > + locked:1;
>> > };
>> >
>> > struct switchdev_notifier_port_obj_info {
>> > diff --git a/net/bridge/br.c b/net/bridge/br.c
>> > index b1dea3febeea..adcdbecbc218 100644
>> > --- a/net/bridge/br.c
>> > +++ b/net/bridge/br.c
>> > @@ -166,7 +166,8 @@ static int br_switchdev_event(struct notifier_block *unused,
>> > case SWITCHDEV_FDB_ADD_TO_BRIDGE:
>> > fdb_info = ptr;
>> > err = br_fdb_external_learn_add(br, p, fdb_info->addr,
>> > - fdb_info->vid, false);
>> > + fdb_info->vid, false,
>> > + fdb_info->locked);
>> > if (err) {
>> > err = notifier_from_errno(err);
>> > break;
>> > diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
>> > index 57ec559a85a7..57aa1955d34d 100644
>> > --- a/net/bridge/br_fdb.c
>> > +++ b/net/bridge/br_fdb.c
>> > @@ -987,7 +987,7 @@ static int __br_fdb_add(struct ndmsg *ndm, struct net_bridge *br,
>> > "FDB entry towards bridge must be permanent");
>> > return -EINVAL;
>> > }
>> > - err = br_fdb_external_learn_add(br, p, addr, vid, true);
>> > + err = br_fdb_external_learn_add(br, p, addr, vid, true,
>> > false);
>>
>> Does someone have an idea why there at this point is no option to add a
>> dynamic fdb entry?
>>
>> The fdb added entries here do not age out, while the ATU entries do
>> (after 5 min), resulting in unsynced ATU vs fdb.
>
> I think the expectation is to use br_fdb_external_learn_del() if the
> externally learned entry expires. The bridge should not age by itself
> FDB entries learned externally.
>
How is the mechanism supposed to work to remove fdb entries when ATU
entries age out?
>> > } else {
>> > spin_lock_bh(&br->hash_lock);
>> > err = fdb_add_entry(br, p, addr, ndm, nlh_flags, vid, nfea_tb);
>> > @@ -1216,7 +1216,7 @@ void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p)
>> >
>> > int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
>> > const unsigned char *addr, u16 vid,
>> > - bool swdev_notify)
>> > + bool swdev_notify, bool locked)
>> > {
>> > struct net_bridge_fdb_entry *fdb;
>> > bool modified = false;
>> > @@ -1236,6 +1236,9 @@ int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
>> > if (!p)
>> > flags |= BIT(BR_FDB_LOCAL);
>> >
>> > + if (locked)
>> > + flags |= BIT(BR_FDB_ENTRY_LOCKED);
>> > +
>> > fdb = fdb_create(br, p, addr, vid, flags);
>> > if (!fdb) {
>> > err = -ENOMEM;
>> > diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
>> > index f5a0b68c4857..3275e33b112f 100644
>> > --- a/net/bridge/br_private.h
>> > +++ b/net/bridge/br_private.h
>> > @@ -790,7 +790,7 @@ int br_fdb_sync_static(struct net_bridge *br, struct net_bridge_port *p);
>> > void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p);
>> > int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
>> > const unsigned char *addr, u16 vid,
>> > - bool swdev_notify);
>> > + bool swdev_notify, bool locked);
>> > int br_fdb_external_learn_del(struct net_bridge *br, struct net_bridge_port *p,
>> > const unsigned char *addr, u16 vid,
>> > bool swdev_notify);
>> > --
>> > 2.30.2
WARNING: multiple messages have this Message-ID (diff)
From: Hans Schultz <schultz.hans@gmail.com>
To: Vladimir Oltean <olteanv@gmail.com>,
Hans Schultz <schultz.hans@gmail.com>
Cc: davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org,
Andrew Lunn <andrew@lunn.ch>,
Vivien Didelot <vivien.didelot@gmail.com>,
Florian Fainelli <f.fainelli@gmail.com>,
Jiri Pirko <jiri@resnulli.us>, Ivan Vecera <ivecera@redhat.com>,
Roopa Prabhu <roopa@nvidia.com>,
Nikolay Aleksandrov <razor@blackwall.org>,
Shuah Khan <shuah@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Ido Schimmel <idosch@nvidia.com>,
linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v2 net-next 2/4] net: switchdev: add support for offloading of fdb locked flag
Date: Wed, 23 Mar 2022 15:42:24 +0100 [thread overview]
Message-ID: <86h77owx0v.fsf@gmail.com> (raw)
In-Reply-To: <20220323123534.i2whyau3doq2xdxg@skbuf>
On ons, mar 23, 2022 at 14:35, Vladimir Oltean <olteanv@gmail.com> wrote:
> On Wed, Mar 23, 2022 at 01:29:52PM +0100, Hans Schultz wrote:
>> On tor, mar 17, 2022 at 10:39, Hans Schultz <schultz.hans@gmail.com> wrote:
>> > Used for Mac-auth/MAB feature in the offloaded case.
>> >
>> > Signed-off-by: Hans Schultz <schultz.hans+netdev@gmail.com>
>> > ---
>> > include/net/switchdev.h | 3 ++-
>> > net/bridge/br.c | 3 ++-
>> > net/bridge/br_fdb.c | 7 +++++--
>> > net/bridge/br_private.h | 2 +-
>> > 4 files changed, 10 insertions(+), 5 deletions(-)
>> >
>> > diff --git a/include/net/switchdev.h b/include/net/switchdev.h
>> > index 3e424d40fae3..d5d923411f5e 100644
>> > --- a/include/net/switchdev.h
>> > +++ b/include/net/switchdev.h
>> > @@ -229,7 +229,8 @@ struct switchdev_notifier_fdb_info {
>> > u16 vid;
>> > u8 added_by_user:1,
>> > is_local:1,
>> > - offloaded:1;
>> > + offloaded:1,
>> > + locked:1;
>> > };
>> >
>> > struct switchdev_notifier_port_obj_info {
>> > diff --git a/net/bridge/br.c b/net/bridge/br.c
>> > index b1dea3febeea..adcdbecbc218 100644
>> > --- a/net/bridge/br.c
>> > +++ b/net/bridge/br.c
>> > @@ -166,7 +166,8 @@ static int br_switchdev_event(struct notifier_block *unused,
>> > case SWITCHDEV_FDB_ADD_TO_BRIDGE:
>> > fdb_info = ptr;
>> > err = br_fdb_external_learn_add(br, p, fdb_info->addr,
>> > - fdb_info->vid, false);
>> > + fdb_info->vid, false,
>> > + fdb_info->locked);
>> > if (err) {
>> > err = notifier_from_errno(err);
>> > break;
>> > diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
>> > index 57ec559a85a7..57aa1955d34d 100644
>> > --- a/net/bridge/br_fdb.c
>> > +++ b/net/bridge/br_fdb.c
>> > @@ -987,7 +987,7 @@ static int __br_fdb_add(struct ndmsg *ndm, struct net_bridge *br,
>> > "FDB entry towards bridge must be permanent");
>> > return -EINVAL;
>> > }
>> > - err = br_fdb_external_learn_add(br, p, addr, vid, true);
>> > + err = br_fdb_external_learn_add(br, p, addr, vid, true,
>> > false);
>>
>> Does someone have an idea why there at this point is no option to add a
>> dynamic fdb entry?
>>
>> The fdb added entries here do not age out, while the ATU entries do
>> (after 5 min), resulting in unsynced ATU vs fdb.
>
> I think the expectation is to use br_fdb_external_learn_del() if the
> externally learned entry expires. The bridge should not age by itself
> FDB entries learned externally.
>
How is the mechanism supposed to work to remove fdb entries when ATU
entries age out?
>> > } else {
>> > spin_lock_bh(&br->hash_lock);
>> > err = fdb_add_entry(br, p, addr, ndm, nlh_flags, vid, nfea_tb);
>> > @@ -1216,7 +1216,7 @@ void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p)
>> >
>> > int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
>> > const unsigned char *addr, u16 vid,
>> > - bool swdev_notify)
>> > + bool swdev_notify, bool locked)
>> > {
>> > struct net_bridge_fdb_entry *fdb;
>> > bool modified = false;
>> > @@ -1236,6 +1236,9 @@ int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
>> > if (!p)
>> > flags |= BIT(BR_FDB_LOCAL);
>> >
>> > + if (locked)
>> > + flags |= BIT(BR_FDB_ENTRY_LOCKED);
>> > +
>> > fdb = fdb_create(br, p, addr, vid, flags);
>> > if (!fdb) {
>> > err = -ENOMEM;
>> > diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
>> > index f5a0b68c4857..3275e33b112f 100644
>> > --- a/net/bridge/br_private.h
>> > +++ b/net/bridge/br_private.h
>> > @@ -790,7 +790,7 @@ int br_fdb_sync_static(struct net_bridge *br, struct net_bridge_port *p);
>> > void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p);
>> > int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
>> > const unsigned char *addr, u16 vid,
>> > - bool swdev_notify);
>> > + bool swdev_notify, bool locked);
>> > int br_fdb_external_learn_del(struct net_bridge *br, struct net_bridge_port *p,
>> > const unsigned char *addr, u16 vid,
>> > bool swdev_notify);
>> > --
>> > 2.30.2
next prev parent reply other threads:[~2022-03-23 14:42 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-17 9:38 [Bridge] [PATCH v2 net-next 0/4] Extend locked port feature with FDB locked flag (MAC-Auth/MAB) Hans Schultz
2022-03-17 9:38 ` Hans Schultz
2022-03-17 9:38 ` [Bridge] [PATCH v2 net-next 1/4] net: bridge: add fdb flag to extent locked port feature Hans Schultz
2022-03-17 9:38 ` Hans Schultz
2022-03-17 9:47 ` [Bridge] " Nikolay Aleksandrov
2022-03-17 9:47 ` Nikolay Aleksandrov
2022-03-17 13:44 ` [Bridge] " Ido Schimmel
2022-03-17 13:44 ` Ido Schimmel
2022-03-17 13:54 ` [Bridge] " Nikolay Aleksandrov
2022-03-17 13:54 ` Nikolay Aleksandrov
2022-03-17 14:50 ` [Bridge] " Hans Schultz
2022-03-17 14:50 ` Hans Schultz
2022-03-17 14:59 ` [Bridge] " Ido Schimmel
2022-03-17 14:59 ` Ido Schimmel
2022-03-17 9:39 ` [Bridge] [PATCH v2 net-next 2/4] net: switchdev: add support for offloading of fdb locked flag Hans Schultz
2022-03-17 9:39 ` Hans Schultz
2022-03-23 12:29 ` [Bridge] " Hans Schultz
2022-03-23 12:29 ` Hans Schultz
2022-03-23 12:35 ` [Bridge] " Vladimir Oltean
2022-03-23 12:35 ` Vladimir Oltean
2022-03-23 12:49 ` [Bridge] " Hans Schultz
2022-03-23 12:49 ` Hans Schultz
2022-03-23 14:43 ` [Bridge] " Vladimir Oltean
2022-03-23 14:43 ` Vladimir Oltean
2022-03-23 15:03 ` [Bridge] " Hans Schultz
2022-03-23 15:03 ` Hans Schultz
2022-03-24 10:32 ` [Bridge] " Hans Schultz
2022-03-24 10:32 ` Hans Schultz
2022-03-24 11:09 ` [Bridge] " Vladimir Oltean
2022-03-24 11:09 ` Vladimir Oltean
2022-03-24 11:23 ` [Bridge] " Hans Schultz
2022-03-24 11:23 ` Hans Schultz
2022-03-24 14:27 ` [Bridge] " Vladimir Oltean
2022-03-24 14:27 ` Vladimir Oltean
2022-03-25 7:50 ` [Bridge] " Hans Schultz
2022-03-25 7:50 ` Hans Schultz
2022-03-25 13:21 ` [Bridge] " Vladimir Oltean
2022-03-25 13:21 ` Vladimir Oltean
2022-03-25 13:48 ` [Bridge] " Hans Schultz
2022-03-25 13:48 ` Hans Schultz
2022-03-25 14:00 ` [Bridge] " Vladimir Oltean
2022-03-25 14:00 ` Vladimir Oltean
2022-03-25 16:01 ` [Bridge] " Hans Schultz
2022-03-25 16:01 ` Hans Schultz
2022-03-25 20:30 ` [Bridge] " Vladimir Oltean
2022-03-25 20:30 ` Vladimir Oltean
2022-03-28 7:38 ` [Bridge] " Hans Schultz
2022-03-28 7:38 ` Hans Schultz
2022-03-28 8:48 ` [Bridge] " Vladimir Oltean
2022-03-28 8:48 ` Vladimir Oltean
2022-03-28 9:31 ` [Bridge] " Hans Schultz
2022-03-28 9:31 ` Hans Schultz
2022-03-28 15:12 ` [Bridge] " Vladimir Oltean
2022-03-28 15:12 ` Vladimir Oltean
2022-03-25 9:24 ` [Bridge] " Hans Schultz
2022-03-25 9:24 ` Hans Schultz
2022-03-23 14:42 ` Hans Schultz [this message]
2022-03-23 14:42 ` Hans Schultz
2022-03-17 9:39 ` [Bridge] [PATCH v2 net-next 3/4] net: dsa: mv88e6xxx: mac-auth/MAB implementation Hans Schultz
2022-03-17 9:39 ` Hans Schultz
2022-03-17 15:26 ` [Bridge] " Jakub Kicinski
2022-03-17 15:26 ` Jakub Kicinski
2022-03-17 19:27 ` [Bridge] " Vladimir Oltean
2022-03-17 19:27 ` Vladimir Oltean
2022-03-17 9:39 ` [Bridge] [PATCH v2 net-next 4/4] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests Hans Schultz
2022-03-17 9:39 ` Hans Schultz
2022-03-17 14:57 ` [Bridge] " Ido Schimmel
2022-03-17 14:57 ` Ido Schimmel
2022-03-18 15:45 ` [Bridge] " Hans Schultz
2022-03-18 15:45 ` Hans Schultz
2022-03-20 7:52 ` [Bridge] " Ido Schimmel
2022-03-20 7:52 ` Ido Schimmel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86h77owx0v.fsf@gmail.com \
--to=schultz.hans@gmail.com \
--cc=andrew@lunn.ch \
--cc=bridge@lists.linux-foundation.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=idosch@nvidia.com \
--cc=ivecera@redhat.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=olteanv@gmail.com \
--cc=razor@blackwall.org \
--cc=roopa@nvidia.com \
--cc=shuah@kernel.org \
--cc=vivien.didelot@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.