From: Ido Schimmel <idosch@nvidia.com>
To: Vladimir Oltean <vladimir.oltean@nxp.com>
Cc: "petrm@nvidia.com" <petrm@nvidia.com>,
"ivecera@redhat.com" <ivecera@redhat.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"razor@blackwall.org" <razor@blackwall.org>,
"bridge@lists.linux-foundation.org"
<bridge@lists.linux-foundation.org>,
"roopa@nvidia.com" <roopa@nvidia.com>,
"netdev@kapio-technology.com" <netdev@kapio-technology.com>,
"edumazet@google.com" <edumazet@google.com>,
"mlxsw@nvidia.com" <mlxsw@nvidia.com>,
"jiri@nvidia.com" <jiri@nvidia.com>,
"kuba@kernel.org" <kuba@kernel.org>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"davem@davemloft.net" <davem@davemloft.net>
Subject: Re: [Bridge] [RFC PATCH net-next 10/16] mlxsw: spectrum_switchdev: Add support for locked FDB notifications
Date: Fri, 4 Nov 2022 00:54:39 +0200 [thread overview]
Message-ID: <Y2RGr9ssyMXbNsC+@shredder> (raw)
In-Reply-To: <20221103223151.cnmlvgnz3maj75iv@skbuf>
On Thu, Nov 03, 2022 at 10:31:52PM +0000, Vladimir Oltean wrote:
> Hi Ido,
>
> On Mon, Oct 31, 2022 at 10:32:10AM +0200, Vladimir Oltean wrote:
> > On Sun, Oct 30, 2022 at 10:23:07AM +0200, Ido Schimmel wrote:
> > > Right. I'm quite reluctant to add the MAB flag to
> > > BR_PORT_FLAGS_HW_OFFLOAD as part of this patchset for the simple reason
> > > that it is not really needed. I'm not worried about someone adding it
> > > later when it is actually needed. We will probably catch the omission
> > > during code review. Worst case, we have a selftest that will break,
> > > notifying us that a bug fix is needed.
> >
> > For drivers which don't emit SWITCHDEV_FDB_ADD_TO_BRIDGE but do offload
> > BR_PORT_LOCKED (like mv88e6xxx), things will not work correctly on day 1
> > of BR_PORT_MAB because they are not told MAB is enabled, so they have no
> > way of rejecting it until things work properly with the offload in place.
> >
> > It's the same reason for which we have BR_HAIRPIN_MODE | BR_ISOLATED |
> > BR_MULTICAST_TO_UNICAST in BR_PORT_FLAGS_HW_OFFLOAD, even if nobody acts
> > upon them.
>
> Do you have any comment on this?
Sorry, forgot to reply... I added a patch (see below) to the offload
set. If the bridge patches are accepted and we have disagreements on the
offload part I can always split out this patch and send it separately so
that mv88e6xxx rejects MAB in 6.2.
commit ebdd7363f8c1802af63c35f74d6922b727617a7d
Author: Ido Schimmel <idosch@nvidia.com>
Date: Mon Oct 31 19:36:36 2022 +0200
bridge: switchdev: Reflect MAB bridge port flag to device drivers
Reflect the 'BR_PORT_MAB' flag to device drivers so that:
* Drivers that support MAB could act upon the flag being toggled.
* Drivers that do not support MAB will prevent MAB from being enabled.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Notes:
v1:
* New patch.
diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c
index 8a0abe35137d..7eb6fd5bb917 100644
--- a/net/bridge/br_switchdev.c
+++ b/net/bridge/br_switchdev.c
@@ -71,7 +71,7 @@ bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p,
}
/* Flags that can be offloaded to hardware */
-#define BR_PORT_FLAGS_HW_OFFLOAD (BR_LEARNING | BR_FLOOD | \
+#define BR_PORT_FLAGS_HW_OFFLOAD (BR_LEARNING | BR_FLOOD | BR_PORT_MAB | \
BR_MCAST_FLOOD | BR_BCAST_FLOOD | BR_PORT_LOCKED | \
BR_HAIRPIN_MODE | BR_ISOLATED | BR_MULTICAST_TO_UNICAST)
WARNING: multiple messages have this Message-ID (diff)
From: Ido Schimmel <idosch@nvidia.com>
To: Vladimir Oltean <vladimir.oltean@nxp.com>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"bridge@lists.linux-foundation.org"
<bridge@lists.linux-foundation.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"kuba@kernel.org" <kuba@kernel.org>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"edumazet@google.com" <edumazet@google.com>,
"jiri@nvidia.com" <jiri@nvidia.com>,
"petrm@nvidia.com" <petrm@nvidia.com>,
"ivecera@redhat.com" <ivecera@redhat.com>,
"roopa@nvidia.com" <roopa@nvidia.com>,
"razor@blackwall.org" <razor@blackwall.org>,
"netdev@kapio-technology.com" <netdev@kapio-technology.com>,
"mlxsw@nvidia.com" <mlxsw@nvidia.com>
Subject: Re: [RFC PATCH net-next 10/16] mlxsw: spectrum_switchdev: Add support for locked FDB notifications
Date: Fri, 4 Nov 2022 00:54:39 +0200 [thread overview]
Message-ID: <Y2RGr9ssyMXbNsC+@shredder> (raw)
In-Reply-To: <20221103223151.cnmlvgnz3maj75iv@skbuf>
On Thu, Nov 03, 2022 at 10:31:52PM +0000, Vladimir Oltean wrote:
> Hi Ido,
>
> On Mon, Oct 31, 2022 at 10:32:10AM +0200, Vladimir Oltean wrote:
> > On Sun, Oct 30, 2022 at 10:23:07AM +0200, Ido Schimmel wrote:
> > > Right. I'm quite reluctant to add the MAB flag to
> > > BR_PORT_FLAGS_HW_OFFLOAD as part of this patchset for the simple reason
> > > that it is not really needed. I'm not worried about someone adding it
> > > later when it is actually needed. We will probably catch the omission
> > > during code review. Worst case, we have a selftest that will break,
> > > notifying us that a bug fix is needed.
> >
> > For drivers which don't emit SWITCHDEV_FDB_ADD_TO_BRIDGE but do offload
> > BR_PORT_LOCKED (like mv88e6xxx), things will not work correctly on day 1
> > of BR_PORT_MAB because they are not told MAB is enabled, so they have no
> > way of rejecting it until things work properly with the offload in place.
> >
> > It's the same reason for which we have BR_HAIRPIN_MODE | BR_ISOLATED |
> > BR_MULTICAST_TO_UNICAST in BR_PORT_FLAGS_HW_OFFLOAD, even if nobody acts
> > upon them.
>
> Do you have any comment on this?
Sorry, forgot to reply... I added a patch (see below) to the offload
set. If the bridge patches are accepted and we have disagreements on the
offload part I can always split out this patch and send it separately so
that mv88e6xxx rejects MAB in 6.2.
commit ebdd7363f8c1802af63c35f74d6922b727617a7d
Author: Ido Schimmel <idosch@nvidia.com>
Date: Mon Oct 31 19:36:36 2022 +0200
bridge: switchdev: Reflect MAB bridge port flag to device drivers
Reflect the 'BR_PORT_MAB' flag to device drivers so that:
* Drivers that support MAB could act upon the flag being toggled.
* Drivers that do not support MAB will prevent MAB from being enabled.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Notes:
v1:
* New patch.
diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c
index 8a0abe35137d..7eb6fd5bb917 100644
--- a/net/bridge/br_switchdev.c
+++ b/net/bridge/br_switchdev.c
@@ -71,7 +71,7 @@ bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p,
}
/* Flags that can be offloaded to hardware */
-#define BR_PORT_FLAGS_HW_OFFLOAD (BR_LEARNING | BR_FLOOD | \
+#define BR_PORT_FLAGS_HW_OFFLOAD (BR_LEARNING | BR_FLOOD | BR_PORT_MAB | \
BR_MCAST_FLOOD | BR_BCAST_FLOOD | BR_PORT_LOCKED | \
BR_HAIRPIN_MODE | BR_ISOLATED | BR_MULTICAST_TO_UNICAST)
next prev parent reply other threads:[~2022-11-03 22:54 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-25 10:00 [Bridge] [RFC PATCH net-next 00/16] bridge: Add MAC Authentication Bypass (MAB) support with offload Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 01/16] bridge: Add MAC Authentication Bypass (MAB) support Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 11:00 ` [Bridge] " Nikolay Aleksandrov
2022-10-25 11:00 ` Nikolay Aleksandrov
2022-10-27 22:58 ` [Bridge] " Vladimir Oltean
2022-10-27 22:58 ` Vladimir Oltean
2022-10-28 7:45 ` [Bridge] " netdev
2022-10-28 7:45 ` netdev
2022-10-30 12:59 ` [Bridge] " Ido Schimmel
2022-10-30 12:59 ` Ido Schimmel
2022-10-30 12:48 ` [Bridge] " Ido Schimmel
2022-10-30 12:48 ` Ido Schimmel
2022-10-30 22:09 ` [Bridge] " netdev
2022-10-30 22:09 ` netdev
2022-10-31 14:43 ` [Bridge] " Ido Schimmel
2022-10-31 14:43 ` Ido Schimmel
2022-10-31 16:40 ` [Bridge] " netdev
2022-10-31 16:40 ` netdev
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 02/16] selftests: forwarding: Add MAC Authentication Bypass (MAB) test cases Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 03/16] bridge: switchdev: Let device drivers determine FDB offload indication Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-27 23:10 ` [Bridge] " Vladimir Oltean
2022-10-27 23:10 ` Vladimir Oltean
2022-10-30 9:25 ` [Bridge] " Ido Schimmel
2022-10-30 9:25 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 04/16] bridge: switchdev: Allow device drivers to install locked FDB entries Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 11:03 ` [Bridge] " Nikolay Aleksandrov
2022-10-25 11:03 ` Nikolay Aleksandrov
2022-10-27 23:27 ` [Bridge] " Vladimir Oltean
2022-10-27 23:27 ` Vladimir Oltean
2022-10-30 13:38 ` [Bridge] " Ido Schimmel
2022-10-30 13:38 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 05/16] devlink: Add packet traps for 802.1X operation Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 06/16] mlxsw: spectrum_trap: Register 802.1X packet traps with devlink Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 07/16] mlxsw: reg: Add Switch Port FDB Security Register Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 08/16] mlxsw: spectrum: Add an API to configure security checks Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 09/16] mlxsw: spectrum_switchdev: Prepare for locked FDB notifications Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 10/16] mlxsw: spectrum_switchdev: Add support " Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-27 23:39 ` [Bridge] " Vladimir Oltean
2022-10-27 23:39 ` Vladimir Oltean
2022-10-30 8:23 ` [Bridge] " Ido Schimmel
2022-10-30 8:23 ` Ido Schimmel
2022-10-31 8:32 ` [Bridge] " Vladimir Oltean
2022-10-31 8:32 ` Vladimir Oltean
2022-11-03 22:31 ` [Bridge] " Vladimir Oltean
2022-11-03 22:31 ` Vladimir Oltean
2022-11-03 22:54 ` Ido Schimmel [this message]
2022-11-03 22:54 ` Ido Schimmel
2022-11-03 23:03 ` [Bridge] " Vladimir Oltean
2022-11-03 23:03 ` Vladimir Oltean
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 11/16] mlxsw: spectrum_switchdev: Use extack in bridge port flag validation Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 12/16] mlxsw: spectrum_switchdev: Add locked bridge port support Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 13/16] selftests: devlink_lib: Split out helper Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 14/16] selftests: mlxsw: Add a test for EAPOL trap Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 15/16] selftests: mlxsw: Add a test for locked port trap Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 10:00 ` [Bridge] [RFC PATCH net-next 16/16] selftests: mlxsw: Add a test for invalid locked bridge port configurations Ido Schimmel
2022-10-25 10:00 ` Ido Schimmel
2022-10-25 14:09 ` [Bridge] [RFC PATCH net-next 00/16] bridge: Add MAC Authentication Bypass (MAB) support with offload netdev
2022-10-25 14:09 ` netdev
2022-10-25 17:43 ` [Bridge] " Ido Schimmel
2022-10-25 17:43 ` Ido Schimmel
2022-10-27 23:49 ` [Bridge] " Vladimir Oltean
2022-10-27 23:49 ` Vladimir Oltean
2022-11-06 12:04 ` [Bridge] " netdev
2022-11-06 12:04 ` netdev
2022-11-06 13:21 ` [Bridge] " Ido Schimmel
2022-11-06 13:21 ` Ido Schimmel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y2RGr9ssyMXbNsC+@shredder \
--to=idosch@nvidia.com \
--cc=bridge@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=ivecera@redhat.com \
--cc=jiri@nvidia.com \
--cc=kuba@kernel.org \
--cc=mlxsw@nvidia.com \
--cc=netdev@kapio-technology.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=razor@blackwall.org \
--cc=roopa@nvidia.com \
--cc=vladimir.oltean@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.