From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 2973460B91 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org F0DD9607C1 MIME-Version: 1.0 Date: Wed, 28 Sep 2022 09:29:00 +0200 From: netdev@kapio-technology.com In-Reply-To: References: <8dfc9b525f084fa5ad55019f4418a35e@kapio-technology.com> <20220908112044.czjh3xkzb4r27ohq@skbuf> <152c0ceadefbd742331c340bec2f50c0@kapio-technology.com> <20220911001346.qno33l47i6nvgiwy@skbuf> <15ee472a68beca4a151118179da5e663@kapio-technology.com> <086704ce7f323cc1b3cca78670b42095@kapio-technology.com> <7a4549d645f9bbbf41e814f087eb07d1@kapio-technology.com> Message-ID: Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Bridge] [PATCH v5 net-next 6/6] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Ido Schimmel Cc: Andrew Lunn , Alexandre Belloni , Nikolay Aleksandrov , Kurt Kanzenbach , Eric Dumazet , linux-kselftest@vger.kernel.org, Shuah Khan , Ivan Vecera , Florian Fainelli , Daniel Borkmann , bridge@lists.linux-foundation.org, linux-arm-kernel@lists.infradead.org, Roopa Prabhu , kuba@kernel.org, Paolo Abeni , Vivien Didelot , Woojung Huh , Landen Chao , Jiri Pirko , Christian Marangi , Hauke Mehrtens , Sean Wang , DENG Qingfang , Claudiu Manoil , linux-mediatek@lists.infradead.org, Matthias Brugger , Yuwei Wang , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, UNGLinuxDriver@microchip.com, Vladimir Oltean , davem@davemloft.net On 2022-09-28 08:59, Ido Schimmel wrote: > Sorry for the delay, was away. Good to have you back. :-) > > On Tue, Sep 27, 2022 at 10:33:10AM +0200, netdev@kapio-technology.com > wrote: >> On 2022-09-21 09:15, Ido Schimmel wrote: >> > bridge fdb add `mac_get $h2` dev br0 blackhole >> >> To make this work, I think we need to change the concept, so that >> blackhole >> FDB entries are added to ports connected to the bridge, thus >> bridge fdb add MAC dev $swpX master blackhole >> >> This makes sense as the driver adds them based on the port where the >> SMAC is >> seen, even though the effect of the blackhole FDB entry is switch >> wide. > > Asking user space to associate a blackhole entry with a bridge port > does > not make sense to me because unlike regular entries, blackhole entries > do not forward packets out of this port. Blackhole routes and nexthops > are not associated with a device either. > >> Adding them to the bridge (e.g. f.ex. br0) will not work in the SW >> bridge as >> the entries then are not found. > > Why not found? This works: > > # bridge fdb add 00:11:22:33:44:55 dev br0 self local > $ bridge fdb get 00:11:22:33:44:55 br br0 > 00:11:22:33:44:55 dev br0 master br0 permanent > > With blackhole support I expect: > > # bridge fdb add 00:11:22:33:44:55 dev br0 self local blackhole > $ bridge fdb get 00:11:22:33:44:55 br br0 > 00:11:22:33:44:55 dev br0 master br0 permanent blackhole In my previous replies, I have notified that fdb_find_rcu() does not find the entry added with br0, and thus fdb_add_entry() that does the replace does not replace but adds a new entry. I have been thinking that it is because when added with br0 as dev it is added to dev br0's fdb, which is not the same as 'dev master' fdb... I think bridge fdb get works in a different way, as I know the get functionality gets all fdb entries from all devices and filters them (if I am not mistaken)...