From: netdev@kapio-technology.com
To: Vladimir Oltean <olteanv@gmail.com>
Cc: Andrew Lunn <andrew@lunn.ch>,
Alexandre Belloni <alexandre.belloni@bootlin.com>,
Nikolay Aleksandrov <razor@blackwall.org>,
Kurt Kanzenbach <kurt@linutronix.de>,
Eric Dumazet <edumazet@google.com>,
linux-kselftest@vger.kernel.org,
Joachim Wiberg <troglobit@gmail.com>,
Shuah Khan <shuah@kernel.org>, Ivan Vecera <ivecera@redhat.com>,
Florian Fainelli <f.fainelli@gmail.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Ido Schimmel <idosch@nvidia.com>,
bridge@lists.linux-foundation.org,
Russell King <linux@armlinux.org.uk>,
linux-arm-kernel@lists.infradead.org,
Roopa Prabhu <roopa@nvidia.com>,
kuba@kernel.org, Paolo Abeni <pabeni@redhat.com>,
Vivien Didelot <vivien.didelot@gmail.com>,
Woojung Huh <woojung.huh@microchip.com>,
Landen Chao <Landen.Chao@mediatek.com>,
Jiri Pirko <jiri@resnulli.us>, Amit Cohen <amcohen@nvidia.com>,
Christian Marangi <ansuelsmth@gmail.com>,
Hauke Mehrtens <hauke@hauke-m.de>,
Hans Schultz <schultz.hans@gmail.com>,
Sean Wang <sean.wang@mediatek.com>,
DENG Qingfang <dqfext@gmail.com>,
Claudiu Manoil <claudiu.manoil@nxp.com>,
linux-mediatek@lists.infradead.org,
Matthias Brugger <matthias.bgg@gmail.com>,
Yuwei Wang <wangyuweihx@gmail.com>,
Petr Machata <petrm@nvidia.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Florent Fourcot <florent.fourcot@wifirst.fr>,
UNGLinuxDriver@microchip.com, davem@davemloft.net
Subject: Re: [Bridge] [PATCH v8 net-next 10/12] net: dsa: mv88e6xxx: mac-auth/MAB implementation
Date: Fri, 21 Oct 2022 15:16:21 +0200 [thread overview]
Message-ID: <7bfaae46b1913fe81654a4cd257d98b1@kapio-technology.com> (raw)
In-Reply-To: <20221021112216.6bw6sjrieh2znlti@skbuf>
On 2022-10-21 13:22, Vladimir Oltean wrote:
> On Fri, Oct 21, 2022 at 08:47:42AM +0200, netdev@kapio-technology.com
> wrote:
>> On 2022-10-21 00:57, Vladimir Oltean wrote:
>> > On Thu, Oct 20, 2022 at 10:20:50PM +0200, netdev@kapio-technology.com
>> > wrote:
>> > > In general locked ports block traffic from a host based on if there
>> > > is a
>> > > FDB entry or not. In the non-offloaded case, there is only CPU
>> > > assisted
>> > > learning, so the normal learning mechanism has to be disabled as any
>> > > learned entry will open the port for the learned MAC,vlan.
>> >
>> > Does it have to be that way? Why can't BR_LEARNING on a BR_PORT_LOCKED
>> > cause the learned FDB entries to have BR_FDB_LOCKED, and everything
>> > would be ok in that case (the port will not be opened for the learned
>> > MAC/VLAN)?
>>
>> I suppose you are right that basing it solely on BR_FDB_LOCKED is
>> possible.
>>
>> The question is then maybe if the common case where you don't need
>> learned
>> entries for the scheme to work, e.g. with EAPOL link local packets,
>> requires
>> less CPU load to work and is cleaner than if using BR_FDB_LOCKED
>> entries?
>
> I suppose the real question is what does the bridge currently do with
> BR_LEARNING + BR_PORT_LOCKED, and if that is sane and useful in any
> case?
> It isn't a configuration that's rejected, for sure. The configuration
> could be rejected via a bug fix patch, then in net-next it could be
> made
> to learn these addresses with the BR_FDB_LOCKED flag.
>
> To your question regarding the common case (no MAB): that can be
> supported
> just fine when BR_LEARNING is off and BR_PORT_LOCKED is on, no?
> No BR_FDB_LOCKED entries will be learned.
As it is now in the bridge, the locked port part is handled before
learning
in the ingress data path, so with BR_LEARNING and BR_PORT_LOCKED, I
think it
will work as it does now except link local packages.
If your suggestion of BR_LEARNING causing BR_FDB_LOCKED on a locked
port, I
guess it would be implemented under br_fdb_update() and BR_LEARNING +
BR_PORT_LOCKED would go together, forcing BR_LEARNING in this case, thus
also
for all drivers?
next prev parent reply other threads:[~2022-10-21 13:16 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-18 16:56 [Bridge] [PATCH v8 net-next 00/12] Extend locked port feature with FDB locked flag (MAC-Auth/MAB) Hans J. Schultz
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 01/12] net: bridge: add locked entry fdb flag to extend locked port feature Hans J. Schultz
2022-10-20 12:54 ` Ido Schimmel
2022-10-20 19:37 ` netdev
2022-10-21 0:11 ` Jakub Kicinski
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 02/12] net: bridge: add blackhole fdb entry flag Hans J. Schultz
2022-10-20 13:06 ` Ido Schimmel
2022-10-20 19:34 ` netdev
2022-10-23 5:32 ` netdev
2022-10-24 17:08 ` Jakub Kicinski
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 03/12] net: bridge: enable bridge to install locked fdb entries from drivers Hans J. Schultz
2022-10-20 12:55 ` Vladimir Oltean
2022-10-20 19:29 ` netdev
2022-10-20 22:43 ` Vladimir Oltean
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 04/12] net: bridge: add MAB flag to hardware offloadable flags Hans J. Schultz
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 05/12] net: dsa: propagate the locked flag down through the DSA layer Hans J. Schultz
2022-10-20 13:02 ` Vladimir Oltean
2022-10-20 13:24 ` Ido Schimmel
2022-10-20 13:35 ` Vladimir Oltean
2022-10-20 13:57 ` Ido Schimmel
2022-10-20 14:04 ` Vladimir Oltean
2022-10-20 14:58 ` Ido Schimmel
2022-10-20 15:25 ` Vladimir Oltean
2022-10-20 14:11 ` Vladimir Oltean
2022-10-20 15:23 ` Ido Schimmel
2022-10-20 15:36 ` Vladimir Oltean
2022-10-20 18:47 ` netdev
2022-10-20 23:57 ` Vladimir Oltean
2022-10-20 19:43 ` netdev
2022-10-20 22:52 ` Vladimir Oltean
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 06/12] net: bridge: enable bridge to send and receive blackhole FDB entries Hans J. Schultz
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 07/12] net: dsa: send the blackhole flag down through the DSA layer Hans J. Schultz
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 08/12] drivers: net: dsa: add fdb entry flags incoming to switchcore drivers Hans J. Schultz
2022-10-20 13:12 ` Vladimir Oltean
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 09/12] net: dsa: mv88e6xxx: allow reading FID when handling ATU violations Hans J. Schultz
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 10/12] net: dsa: mv88e6xxx: mac-auth/MAB implementation Hans J. Schultz
2022-10-20 13:25 ` Vladimir Oltean
2022-10-20 19:59 ` netdev
2022-10-20 20:20 ` netdev
2022-10-20 22:57 ` Vladimir Oltean
2022-10-21 6:47 ` netdev
2022-10-21 11:22 ` Vladimir Oltean
2022-10-21 13:16 ` netdev [this message]
2022-10-21 16:30 ` Vladimir Oltean
2022-10-21 17:18 ` netdev
2022-10-21 17:30 ` Vladimir Oltean
2022-10-21 17:39 ` netdev
2022-10-21 18:14 ` Vladimir Oltean
2022-10-22 7:24 ` netdev
2022-10-22 12:02 ` Vladimir Oltean
2022-10-22 13:15 ` netdev
2022-10-22 8:50 ` Oleksandr Mazur
2022-10-22 11:32 ` Vladimir Oltean
2022-10-22 12:55 ` Oleksandr Mazur
2022-10-22 13:39 ` Vladimir Oltean
2022-10-22 13:49 ` Ido Schimmel
2022-10-22 14:11 ` netdev
2022-10-22 14:49 ` Vladimir Oltean
2022-10-23 6:53 ` Ido Schimmel
2022-10-20 21:09 ` netdev
2022-10-20 23:00 ` Vladimir Oltean
2022-10-22 7:31 ` netdev
2022-10-22 11:55 ` Vladimir Oltean
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 11/12] net: dsa: mv88e6xxx: add blackhole ATU entries Hans J. Schultz
2022-10-20 13:11 ` Vladimir Oltean
2022-10-18 16:56 ` [Bridge] [PATCH v8 net-next 12/12] selftests: forwarding: add MAB tests to locked port tests Hans J. Schultz
2022-10-20 12:35 ` Ido Schimmel
2022-10-19 18:58 ` [Bridge] [PATCH v8 net-next 00/12] Extend locked port feature with FDB locked flag (MAC-Auth/MAB) Jakub Kicinski
2022-10-20 9:55 ` Ido Schimmel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7bfaae46b1913fe81654a4cd257d98b1@kapio-technology.com \
--to=netdev@kapio-technology.com \
--cc=Landen.Chao@mediatek.com \
--cc=UNGLinuxDriver@microchip.com \
--cc=alexandre.belloni@bootlin.com \
--cc=amcohen@nvidia.com \
--cc=andrew@lunn.ch \
--cc=ansuelsmth@gmail.com \
--cc=bridge@lists.linux-foundation.org \
--cc=claudiu.manoil@nxp.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dqfext@gmail.com \
--cc=edumazet@google.com \
--cc=f.fainelli@gmail.com \
--cc=florent.fourcot@wifirst.fr \
--cc=hauke@hauke-m.de \
--cc=idosch@nvidia.com \
--cc=ivecera@redhat.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=kurt@linutronix.de \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux@armlinux.org.uk \
--cc=matthias.bgg@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=olteanv@gmail.com \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=razor@blackwall.org \
--cc=roopa@nvidia.com \
--cc=schultz.hans@gmail.com \
--cc=sean.wang@mediatek.com \
--cc=shuah@kernel.org \
--cc=troglobit@gmail.com \
--cc=vivien.didelot@gmail.com \
--cc=wangyuweihx@gmail.com \
--cc=woojung.huh@microchip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox