Re: [PATCH RFT] net: dsa: Allow configuring CPU port VLANs

[Florian Fainelli <f.fainelli@gmail.com>]

On 08/14/2018 11:17 AM, Petr Machata wrote:
> Florian Fainelli <f.fainelli@gmail.com> writes:
> 
>> On 06/25/2018 02:17 AM, Ilias Apalodimas wrote:
>>> On Mon, Jun 25, 2018 at 12:13:10PM +0300, Petr Machata wrote:
>>>> Florian Fainelli <f.fainelli@gmail.com> writes:
>>>>
>>>>>  	if (netif_is_bridge_master(vlan->obj.orig_dev))
>>>>> -		return -EOPNOTSUPP;
>>>>> +		info.port = dp->cpu_dp->index;
>>>>
>>>> The condition above will trigger also when a VLAN is added on a member
>>>> port, and there's no other port with that VLAN. In that case the VLAN
>>>> comes without the BRIDGE_VLAN_INFO_BRENTRY flag. In mlxsw we have this
>>>> to get the bridge VLANs:
>>>>
>>>> 	if (netif_is_bridge_master(orig_dev)) {
>>>> 		[...]
>>>> 		if ((vlan->flags & BRIDGE_VLAN_INFO_BRENTRY) &&
>>>> 		[...]
>>>>
>>>> This doesn't appear to be done in DSA unless I'm missing something.
>>> Petr's right. This will trigger for VLANs added on 'not cpu ports' if the VLAN
>>> is not already a member. 
>>>
>>> This command has BRIDGE_VLAN_INFO_BRENTRY set:
>>> bridge vlan add dev br0 vid 100 pvid untagged self 
>>> I had the same issue on my CPSW RFC and solved it
>>> exactly the same was as Petr suggested.
>>
>> Humm, there must be something obvious I am missing, but the following
>> don't exactly result in what I would expect after adding a check for
>> vlan->flags & BRIDGE_VLAN_INFO_BRENTRY:
>>
>> brctl addbr br0
>> echo 1 > /sys/class/net/br0/bridge/vlan_filtering
>> brctl addif br0 lan1
> 
> From what I see, the CPU port is configured with VLAN 1 as soon as the
> bridge is created:
> 
> # brctl addbr br
> # bridge v sh dev br
> port    vlan ids
> br       1 PVID Egress Untagged
> 
> I expect there are events for this (but I didn't check), but the driver
> won't see them, because it doesn't have any ports attached to the bridge
> yet.

Correct, there are no ports attached yet.

> 
>> #1 results in lan1 being programmed with VID 1, PVID, untagged, but not
>> the CPU port. I would have sort of expected that the bridge layer would
>> also push the configuration to br0/CPU port since this is the default VLAN:
>>
>> bridge vlan show dev br0
>> port	vlan ids
>> br0	1 PVID Egress Untagged
> 
> OK, apparently we are talking past each other. When you say "CPU port",
> is "br0" not what you have in mind? Because I see 1 configured at br0 in
> your listings.

Yes, when I write "CPU/management" port, I mean br0 here, or at least,
when we see an event targeting br0, we re-generate it to target the
CPU/management port of the switch here.

VLAN 1 is definitively added to the br0 interface as a BR_ENTRY but we
also need to program the CPU port of the switch to be in this VLAN entry.

> 
>> bridge vlan add vid 2 dev lan1
>>
>> #2 same thing, results in only lan1 being programmed with VID 2, tagged
>> but that is expected because we are creating the VLAN only for the
>> user-facing port.
>>
>> bridge vlan add vid 3 dev br0 self
>>
>> #3 results in the CPU port being programmed with VID 3, tagged, again,
>> this is expected because we are only programming the bridge master/CPU
>> port here.
>>
>> Does #1 also happen for cpsw and mlxsw or do you actually get events
>> about the bridge's default VLAN configuration? Or does the switch driver
>> actually need to obtain that at the time the port is enslaved somehow?
> 
> I don't think we care about the CPU port in mlxsw. If the packet matches
> one of the local MACs, it gets trapped anyway, so all this stuff is then
> handled in slow path.

OK, that makes sense, you really don't have a notion of a CPU/management
port like we do in DSA switches.

On those switches, the Ethernet MAC is connected to the management port
of the switch, and so, at the time you enslave the first user-facing
port, we must configure both the CPU/management port of the switch as
well as the user-facing port to be within the desired VLAN IDs (and
attributes) in order for packets to ingress (when vlan_filtering is
enabled).

I suppose the way forward is to either query the bridge layer for the
default_pvid at the time of enslavement of the ports, or, "replay" the
event that led to the creation of the default br0 VLAN entry? First
option means we can make this specific to DSA (and similar
configurations) whereas the other means we might have to update all
switchdev drivers and possibly ignore that "replay" event.

Does that make sense?
-- 
Florian