From: Ido Schimmel <idosch@nvidia.com>
To: netdev@kapio-technology.com
Cc: davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org,
Florian Fainelli <f.fainelli@gmail.com>,
Andrew Lunn <andrew@lunn.ch>,
Vivien Didelot <vivien.didelot@gmail.com>,
Vladimir Oltean <olteanv@gmail.com>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Kurt Kanzenbach <kurt@linutronix.de>,
Hauke Mehrtens <hauke@hauke-m.de>,
Woojung Huh <woojung.huh@microchip.com>,
UNGLinuxDriver@microchip.com, Sean Wang <sean.wang@mediatek.com>,
Landen Chao <Landen.Chao@mediatek.com>,
DENG Qingfang <dqfext@gmail.com>,
Matthias Brugger <matthias.bgg@gmail.com>,
Claudiu Manoil <claudiu.manoil@nxp.com>,
Alexandre Belloni <alexandre.belloni@bootlin.com>,
Jiri Pirko <jiri@resnulli.us>, Ivan Vecera <ivecera@redhat.com>,
Roopa Prabhu <roopa@nvidia.com>,
Nikolay Aleksandrov <razor@blackwall.org>,
Shuah Khan <shuah@kernel.org>,
Christian Marangi <ansuelsmth@gmail.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Yuwei Wang <wangyuweihx@gmail.com>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-mediatek@lists.infradead.org,
bridge@lists.linux-foundation.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v5 net-next 6/6] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests
Date: Sat, 3 Sep 2022 17:47:27 +0300 [thread overview]
Message-ID: <YxNo/0+/Sbg9svid@shredder> (raw)
In-Reply-To: <f1a17512266ac8b61444e7f0e568aca7@kapio-technology.com>
On Mon, Aug 29, 2022 at 06:13:14PM +0200, netdev@kapio-technology.com wrote:
> On 2022-08-29 18:03, Ido Schimmel wrote:
> > On Mon, Aug 29, 2022 at 05:08:23PM +0200, netdev@kapio-technology.com
> > wrote:
> > > On 2022-08-29 16:37, Ido Schimmel wrote:
> > > > On Mon, Aug 29, 2022 at 02:04:42PM +0200, netdev@kapio-technology.com
> > > > wrote:
> > > > > On 2022-08-29 13:32, Ido Schimmel wrote:
> > > > > Port association is needed for MAB to work at all on mv88e6xxx, but
> > > > > for
> > > > > 802.1X port association is only needed for dynamic ATU entries.
> > > >
> > > > Ageing of dynamic entries in the bridge requires learning to be on as
> > > > well, but in these test cases you are only using static entries and
> > > > there is no reason to enable learning in the bridge for that. I prefer
> > > > not to leak this mv88e6xxx implementation detail to user space and
> > > > instead have the driver enable port association based on whether
> > > > "learning" or "mab" is on.
> > > >
> > >
> > > Then it makes most sense to have the mv88e6xxx driver enable port
> > > association when then port is locked, as it does now.
> >
> > As you wish, but like you wrote "802.1X port association is only needed
> > for dynamic ATU entries" and in this case user space needs to enable
> > learning (for refresh only) so you can really key off learning on
> > "learning || mab". User space can decide to lock the port and work with
> > static entries and then learning is not required.
>
> I will of course remove all "learning on" in the selftests, which is what I
> think you are referring to. In the previous I am referring to the code in
> the driver itself which I understand shall turn on port association with
> locked ports, e.g. no need for "learning on" when using the feature in
> general outside selftests...
"learning on" is needed when dynamic FDB entries are used to authorize
hosts. Without learning being enabled, the bridge driver (or the
underlying hardware) will not refresh the entries during forwarding and
they will age out, resulting in packet loss until the hosts are
re-authorized.
Given the current test cases only use static entries, there is no need
to enable learning on locked ports. This will change when test cases are
added with dynamic entries.
Regarding mv88e6xxx, my understanding is that you also need learning
enabled for MAB (I assume for the violation interrupts). Therefore, for
mv88e6xxx, learning can be enabled if learning is on or MAB is on.
Enabling it based on whether the port is locked or not seems inaccurate.
next prev parent reply other threads:[~2022-09-03 14:47 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-26 11:45 [PATCH v5 net-next 0/6] Extend locked port feature with FDB locked flag (MAC-Auth/MAB) Hans Schultz
2022-08-26 11:45 ` [PATCH v5 net-next 1/6] net: bridge: add locked entry fdb flag to extend locked port feature Hans Schultz
2022-08-27 11:30 ` Nikolay Aleksandrov
2022-08-27 13:17 ` Ido Schimmel
2022-08-27 13:54 ` Nikolay Aleksandrov
2022-08-28 11:24 ` netdev
2022-08-28 11:21 ` netdev
2022-08-29 11:09 ` netdev
2022-08-29 11:43 ` netdev
2022-08-29 14:02 ` netdev
2022-08-29 16:12 ` Ido Schimmel
2022-08-29 16:26 ` netdev
2022-08-30 14:19 ` netdev
2022-09-03 14:27 ` Ido Schimmel
2022-08-27 15:19 ` Ido Schimmel
2022-08-28 10:23 ` netdev
2022-08-29 7:52 ` Ido Schimmel
2022-08-29 8:04 ` netdev
2022-08-29 9:51 ` Nikolay Aleksandrov
2022-08-29 9:32 ` netdev
2022-08-29 11:01 ` netdev
2022-08-29 11:34 ` netdev
2022-08-26 11:45 ` [PATCH v5 net-next 2/6] net: switchdev: add support for offloading of fdb locked flag Hans Schultz
2022-08-27 15:46 ` Ido Schimmel
2022-08-27 15:52 ` Nikolay Aleksandrov
2022-08-28 11:27 ` netdev
2022-08-27 18:34 ` Ido Schimmel
2022-08-26 11:45 ` [PATCH v5 net-next 3/6] drivers: net: dsa: add locked fdb entry flag to drivers Hans Schultz
2022-08-26 11:45 ` [PATCH v5 net-next 4/6] net: dsa: mv88e6xxx: allow reading FID when handling ATU violations Hans Schultz
2022-08-26 11:45 ` [PATCH v5 net-next 5/6] net: dsa: mv88e6xxx: MacAuth/MAB implementation Hans Schultz
2022-08-26 11:45 ` [PATCH v5 net-next 6/6] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests Hans Schultz
2022-08-27 18:21 ` Ido Schimmel
2022-08-28 12:00 ` netdev
2022-08-29 7:40 ` Ido Schimmel
2022-08-29 8:01 ` netdev
2022-08-29 11:32 ` Ido Schimmel
2022-08-29 12:04 ` netdev
2022-08-29 14:37 ` Ido Schimmel
2022-08-29 15:08 ` netdev
2022-08-29 16:03 ` Ido Schimmel
2022-08-29 16:13 ` netdev
2022-09-03 14:47 ` Ido Schimmel [this message]
2022-09-07 21:10 ` netdev
2022-09-08 7:59 ` Ido Schimmel
2022-09-08 11:14 ` netdev
2022-09-08 11:20 ` Vladimir Oltean
2022-09-09 13:11 ` netdev
2022-09-11 0:13 ` Vladimir Oltean
2022-09-11 9:23 ` netdev
2022-09-12 9:08 ` Ido Schimmel
2022-09-20 21:29 ` netdev
2022-09-21 7:15 ` Ido Schimmel
2022-09-22 20:35 ` netdev
2022-09-27 15:19 ` [Bridge] " Petr Machata
2022-09-23 11:34 ` netdev
2022-09-23 12:21 ` netdev
2022-09-23 12:01 ` netdev
2022-09-27 8:33 ` netdev
2022-09-28 6:59 ` Ido Schimmel
2022-09-28 7:29 ` netdev
2022-09-28 7:47 ` netdev
2022-09-28 8:46 ` Ido Schimmel
2022-09-28 10:16 ` netdev
2022-09-28 10:19 ` netdev
2022-09-29 22:26 ` netdev
2022-09-21 19:53 ` netdev
2022-08-29 8:55 ` netdev
2022-08-29 16:07 ` netdev
2022-09-03 14:49 ` Ido Schimmel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YxNo/0+/Sbg9svid@shredder \
--to=idosch@nvidia.com \
--cc=Landen.Chao@mediatek.com \
--cc=UNGLinuxDriver@microchip.com \
--cc=alexandre.belloni@bootlin.com \
--cc=andrew@lunn.ch \
--cc=ansuelsmth@gmail.com \
--cc=bridge@lists.linux-foundation.org \
--cc=claudiu.manoil@nxp.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dqfext@gmail.com \
--cc=edumazet@google.com \
--cc=f.fainelli@gmail.com \
--cc=hauke@hauke-m.de \
--cc=ivecera@redhat.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=kurt@linutronix.de \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=matthias.bgg@gmail.com \
--cc=netdev@kapio-technology.com \
--cc=netdev@vger.kernel.org \
--cc=olteanv@gmail.com \
--cc=pabeni@redhat.com \
--cc=razor@blackwall.org \
--cc=roopa@nvidia.com \
--cc=sean.wang@mediatek.com \
--cc=shuah@kernel.org \
--cc=vivien.didelot@gmail.com \
--cc=wangyuweihx@gmail.com \
--cc=woojung.huh@microchip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).