[PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

[PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

[Andrew Lunn]

The software bridge can be build with vlan filtering support
included. However, by default it is turned off. In its turned off
state, it still passes VLANs via switchev, even though they are not to
be used. Don't pass these VLANs to the hardware. Only do so when vlan
filtering is enabled.

This fixes at least one corner case. There are still issues in other
corners, such as when vlan_filtering is later enabled.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
---
 net/dsa/port.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/net/dsa/port.c b/net/dsa/port.c
index bb30b1a7de3a..00d691765b9d 100644
--- a/net/dsa/port.c
+++ b/net/dsa/port.c
@@ -252,7 +252,10 @@ int dsa_port_vlan_add(struct dsa_port *dp,
 		.vlan = vlan,
 	};
 
-	return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_ADD, &info);
+	if (br_vlan_enabled(dp->bridge_dev))
+		return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_ADD, &info);
+
+	return 0;
 }
 
 int dsa_port_vlan_del(struct dsa_port *dp,
@@ -264,7 +267,10 @@ int dsa_port_vlan_del(struct dsa_port *dp,
 		.vlan = vlan,
 	};
 
-	return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_DEL, &info);
+	if (br_vlan_enabled(dp->bridge_dev))
+		return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_DEL, &info);
+
+	return 0;
 }
 
 int dsa_port_fixed_link_register_of(struct dsa_port *dp)
-- 
2.15.0

Re: [PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

[Andrew Lunn]

Hi David

I forgot to put the tree in the subject. This is for net-next.

Sorry
	Andrew

Re: [PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

[Florian Fainelli]

Hi Andrew,

On 11/06/2017 03:04 PM, Andrew Lunn wrote:
> The software bridge can be build with vlan filtering support
> included. However, by default it is turned off. In its turned off
> state, it still passes VLANs via switchev, even though they are not to
> be used. Don't pass these VLANs to the hardware. Only do so when vlan
> filtering is enabled.

Do not we have a possible interface problem here in that we should know
whether VLAN filtering is enabled or not, and in such a case switch
drivers should do the following:

- if VLAN filtering is disabled, accept VLAN programming coming from
DSA, but do not enforce that frames ingress/egressing with an unknown
VID be rejected

- if VLAN filtering is enabled, accept VLAN programming coming from DSA,
enforce that frames ingressing/egressing with an unknown VID should be
rejected

> 
> This fixes at least one corner case. There are still issues in other
> corners, such as when vlan_filtering is later enabled.
> 
> Signed-off-by: Andrew Lunn <andrew@lunn.ch>
> ---
>  net/dsa/port.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/net/dsa/port.c b/net/dsa/port.c
> index bb30b1a7de3a..00d691765b9d 100644
> --- a/net/dsa/port.c
> +++ b/net/dsa/port.c
> @@ -252,7 +252,10 @@ int dsa_port_vlan_add(struct dsa_port *dp,
>  		.vlan = vlan,
>  	};
>  
> -	return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_ADD, &info);
> +	if (br_vlan_enabled(dp->bridge_dev))
> +		return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_ADD, &info);
> +
> +	return 0;
>  }
>  
>  int dsa_port_vlan_del(struct dsa_port *dp,
> @@ -264,7 +267,10 @@ int dsa_port_vlan_del(struct dsa_port *dp,
>  		.vlan = vlan,
>  	};
>  
> -	return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_DEL, &info);
> +	if (br_vlan_enabled(dp->bridge_dev))
> +		return dsa_port_notify(dp, DSA_NOTIFIER_VLAN_DEL, &info);
> +
> +	return 0;
>  }
>  
>  int dsa_port_fixed_link_register_of(struct dsa_port *dp)
> 


-- 
Florian

Re: [PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

[Andrew Lunn]

On Mon, Nov 06, 2017 at 03:13:19PM -0800, Florian Fainelli wrote:
> Hi Andrew,
> 
> On 11/06/2017 03:04 PM, Andrew Lunn wrote:
> > The software bridge can be build with vlan filtering support
> > included. However, by default it is turned off. In its turned off
> > state, it still passes VLANs via switchev, even though they are not to
> > be used. Don't pass these VLANs to the hardware. Only do so when vlan
> > filtering is enabled.
> 
> Do not we have a possible interface problem here in that we should know
> whether VLAN filtering is enabled or not, and in such a case switch
> drivers should do the following:
> 
> - if VLAN filtering is disabled, accept VLAN programming coming from
> DSA, but do not enforce that frames ingress/egressing with an unknown
> VID be rejected

Hi Florian

We know if vlan filtering is enabled or not, via two different
mechanism.  br_vlan_enabled() tells us this, and we can call it
anytime. There is also a switchdev call when the state changes.

If vlan filtering is disabled, we allow all vlans through. Hence there
should not be any need to tell the hardware about the VLANs. It should
be passing them all anyway. If filtering is enabled, then clearly we
do have to program the hardware with the vlans.
 
> - if VLAN filtering is enabled, accept VLAN programming coming from DSA,
> enforce that frames ingressing/egressing with an unknown VID should be
> rejected

That is todays behaviour, and is unchanged.

     Andrew

Re: [PATCH] net: dsa: Don't add vlans when vlan filtering is disabled

[David Miller]

From: Andrew Lunn <andrew@lunn.ch>
Date: Tue,  7 Nov 2017 00:04:24 +0100

> The software bridge can be build with vlan filtering support
> included. However, by default it is turned off. In its turned off
> state, it still passes VLANs via switchev, even though they are not to
> be used. Don't pass these VLANs to the hardware. Only do so when vlan
> filtering is enabled.
> 
> This fixes at least one corner case. There are still issues in other
> corners, such as when vlan_filtering is later enabled.
> 
> Signed-off-by: Andrew Lunn <andrew@lunn.ch>

Applied to net-next, thanks Andrew.