* dsa/mv88e6xxx: leaking packets on MV88E6341 switch
@ 2020-09-30 10:09 Peter Vollmer
2020-09-30 10:28 ` Vladimir Oltean
2020-09-30 19:19 ` Andrew Lunn
0 siblings, 2 replies; 12+ messages in thread
From: Peter Vollmer @ 2020-09-30 10:09 UTC (permalink / raw)
To: Network Development
Hi all,
I am currently investigating a leaking packets problem on a
armada-37xx + MV88E6341 switch (via SGMII) + MV88E1512 Phy (via
RGMII) platform. We are using the mainline 5.4.y kernel.
The switch and phy setup is defined in the flat device tree as follows:
ð0 {
phy-mode = "rgmii-id";
phy = <ðphy0>;
status = "okay";
};
ð1 {
phy-mode = "sgmii";
status = "okay";
fixed-link {
speed = <2500>;
full-duplex;
};
};
&mdio {
reset-gpios = <&gpiosb 0 GPIO_ACTIVE_LOW>;
reset-delay-us = <2>;
ethphy0: ethernet-phy@0 {
reg = <0x0>;
status = "okay";
};
switch0: switch0@1 {
compatible = "marvell,mv88e6085";
#address-cells = <1>;
#size-cells = <0>;
reg = <1>;
cpu-port = <5>;
dsa,member = <0 0>;
status = "okay";
ports {
#address-cells = <0x1>;
#size-cells = <0x0>;
port@1 {
reg = <1>;
label = "lan0";
phy-handle = <&switch0phy1>;
};
port@2 {
reg = <2>;
label = "lan1";
phy-handle = <&switch0phy2>;
};
port@3 {
reg = <3>;
label = "lan2";
phy-handle = <&switch0phy3>;
};
port@4 {
reg = <4>;
label = "lan3";
phy-handle = <&switch0phy4>;
};
port@5 {
reg = <5>;
label = "cpu";
ethernet = <ð1>;
};
};
mdio {
#address-cells = <1>;
#size-cells = <0>;
switch0phy1: switch0phy0@11 {
reg = <0x11>;
};
switch0phy2: switch0phy1@12 {
reg = <0x12>;
};
switch0phy3: switch0phy2@13 {
reg = <0x13>;
};
switch0phy4: switch0phy2@14 {
reg = <0x14>;
};
};
};
};
lan0..lan3 are members of the br0 bridge interface.
The problem is that for ICMP ping lan0-> eth0, ICMP ping request
packets are leaking (i.e. flooded) to all other ports lan1..lan3,
while the ping reply eth0->lan0 arrives correctly at lan0 without any
leaked packets on lan1..lan3.
The problem temporarily goes away for ~280 seconds after I toggle the
multicast flag of the bridge interface ( ifconfig br0 [-]multicast )
We also noticed an asymmetric maximum network throughput, UDP traffic
lan0->eth0 is much slower than in the direction eth0->lan0.
My assumption is that in our case the SRC MAC address of the bridge
(or eth1) interface is not correctly learned by the switch, so it
floods the packets in reverse direction to all ports (CPU port 5 and
the other lan ports). As it seems the DSA packets ingressing on CPU
port5 (eth0->lan0) are sent as DSA MGMT frames, but those seem not to
be used for address learning.
Is this a known effect for this kind of setup, and is there something
we can do about it ?
What would be the best way to debug this ? Is there a way to dump the
ATU MAC tables to see what's going on with the address learning ?
Many thanks and best regards
Peter
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-09-30 10:09 dsa/mv88e6xxx: leaking packets on MV88E6341 switch Peter Vollmer @ 2020-09-30 10:28 ` Vladimir Oltean 2020-09-30 11:57 ` Peter Vollmer 2020-09-30 19:19 ` Andrew Lunn 1 sibling, 1 reply; 12+ messages in thread From: Vladimir Oltean @ 2020-09-30 10:28 UTC (permalink / raw) To: Peter Vollmer; +Cc: Network Development On Wed, Sep 30, 2020 at 12:09:03PM +0200, Peter Vollmer wrote: > lan0..lan3 are members of the br0 bridge interface. and so is eth0, I assume? > The problem is that for ICMP ping lan0-> eth0, ICMP ping request > packets are leaking (i.e. flooded) to all other ports lan1..lan3, > while the ping reply eth0->lan0 arrives correctly at lan0 without any > leaked packets on lan1..lan3. What are you pinging exactly, the IP of the eth0 interface, or a station connected to the eth0 which is part of the same bridge as the lan ports? Thanks, -Vladimir ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-09-30 10:28 ` Vladimir Oltean @ 2020-09-30 11:57 ` Peter Vollmer 0 siblings, 0 replies; 12+ messages in thread From: Peter Vollmer @ 2020-09-30 11:57 UTC (permalink / raw) To: Vladimir Oltean; +Cc: Network Development On Wed, Sep 30, 2020 at 01:28:35PM +0300, Vladimir Oltean wrote: > On Wed, Sep 30, 2020 at 12:09:03PM +0200, Peter Vollmer wrote: > > lan0..lan3 are members of the br0 bridge interface. > > and so is eth0, I assume? No, eth0 is a dedicated interface with its own IP. We have routing between eth0 and br0. root@mGuard:~# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1024 link/ether a8:74:1d:85:08:be brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1508 qdisc mq qlen 1024 link/ether 00:a0:45:38:22:90 brd ff:ff:ff:ff:ff:ff 4: sit0@NONE: <NOARP> mtu 1480 qdisc noop qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 5: lan0@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 qlen 1000 link/ether a8:74:1d:85:08:bf brd ff:ff:ff:ff:ff:ff 6: lan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 qlen 1000 link/ether a8:74:1d:85:08:c0 brd ff:ff:ff:ff:ff:ff 7: lan2@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br0 qlen 1000 link/ether a8:74:1d:85:08:c1 brd ff:ff:ff:ff:ff:ff 8: lan3@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br0 qlen 1000 link/ether a8:74:1d:85:08:c2 brd ff:ff:ff:ff:ff:ff 9: br0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue qlen 1000 link/ether a8:74:1d:85:08:bf brd ff:ff:ff:ff:ff:ff root@mGuard:~# brctl show bridge name bridge id STP enabled interfaces br0 8000.a8741d8508bf no lan2 lan0 lan3 lan1 > > The problem is that for ICMP ping lan0-> eth0, ICMP ping request > > packets are leaking (i.e. flooded) to all other ports lan1..lan3, > > while the ping reply eth0->lan0 arrives correctly at lan0 without any > > leaked packets on lan1..lan3. > > What are you pinging exactly, the IP of the eth0 interface, or a station > connected to the eth0 which is part of the same bridge as the lan ports? > I am pinging the address of a station connected to eth0 from a station connected to switch port lan0. Thanks, Peter ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-09-30 10:09 dsa/mv88e6xxx: leaking packets on MV88E6341 switch Peter Vollmer 2020-09-30 10:28 ` Vladimir Oltean @ 2020-09-30 19:19 ` Andrew Lunn 2020-10-01 6:21 ` Peter Vollmer 1 sibling, 1 reply; 12+ messages in thread From: Andrew Lunn @ 2020-09-30 19:19 UTC (permalink / raw) To: Peter Vollmer; +Cc: Network Development > What would be the best way to debug this ? Is there a way to dump the > ATU MAC tables to see what's going on with the address learning ? If you jump to net-next, and use https://github.com/lunn/mv88e6xxx_dump You can dump the full ATU from the switch. bridge fdb show can give you some idea what is going on, but it is less clear what is in the hardware and what is in software. Andrew ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-09-30 19:19 ` Andrew Lunn @ 2020-10-01 6:21 ` Peter Vollmer 2020-11-25 14:09 ` Peter Vollmer 0 siblings, 1 reply; 12+ messages in thread From: Peter Vollmer @ 2020-10-01 6:21 UTC (permalink / raw) To: Andrew Lunn; +Cc: Network Development On Wed, Sep 30, 2020 at 09:19:56PM +0200, Andrew Lunn wrote: > > What would be the best way to debug this ? Is there a way to dump the > > ATU MAC tables to see what's going on with the address learning ? > > If you jump to net-next, and use > > https://github.com/lunn/mv88e6xxx_dump > > You can dump the full ATU from the switch. > > bridge fdb show > > can give you some idea what is going on, but it is less clear what is > in the hardware and what is in software. Thanks, I will try that. Peter ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-10-01 6:21 ` Peter Vollmer @ 2020-11-25 14:09 ` Peter Vollmer 2020-11-26 21:41 ` Tobias Waldekranz 0 siblings, 1 reply; 12+ messages in thread From: Peter Vollmer @ 2020-11-25 14:09 UTC (permalink / raw) To: Andrew Lunn; +Cc: Network Development Hi, I am still investigating the leaking packets problem we are having with a setup of an armada-3720 SOC and a 88E6341 switch ( connected via cpu port 5 , SGMII ,C_MODE=0xB, 2500 BASE-x). I now jumped to the net-next kernel (5.10.0-rc4) and can now use the nice mv88e6xxx_dump tool for switch register dumping. The described packet leaking still occurs, in a setup of ports lan0-lan3 (switch ports 1-4) joined in a bridge br0. Here is my setup, ports lan0-3 are DSA ports coming in through eth1, eth0 is a single 88E1512 phy connected to RGMII root@DUT:~# brctl show bridge name bridge id STP enabled interfaces br0 8000.fafb2fbbd4c6 no lan0 lan1 lan2 lan3 root@DUT:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1024 link/ether c2:49:bc:0d:a8:57 brd ff:ff:ff:ff:ff:ff inet 192.168.90.100/24 brd 192.168.90.255 scope global eth0 valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc mq state UP group default qlen 1024 link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff 4: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 5: lan0@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000 link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff 6: lan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000 link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff 7: lan2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000 link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff 8: lan3@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br0 state LOWERLAYERDOWN group default qlen 1000 link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff 9: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff inet 172.16.4.1/16 brd 172.16.4.255 scope global br0 valid_lft forever preferred_lft forever - pinging from client0 (connected to lan0 ) to the bridge IP, the ping requests (only the requests) are also seen on client1 connected to lan1 - the other effect looks more suspicious: when pinging from br0 to the IP of client0 connected to port lan0, after ~280 seconds client1 connected to lan1 will also see the ping replies of client0 (only the replies). And after another ~300seconds this stops again. This repeats in a cycle . I see these problems since at least kernel version 5.4.y, but not with the old linux-marvel kernel sources (https://github.com/MarvellEmbeddedProcessors/linux-marvell.git) Can somebody using this switch in SGMII mode perhaps reproduce this ? One thing I noticed is that due to .tag_protocol=DSA_TAG_PROTO_EDSA for the 88E6341 switch, EgressMode (port control 0x4 , bit13:12) is set to an unsupported value of 0x3 ("reserved for future use" in the switch spec). See the value in row 04 Port control for port 5 = 0x373f in the following dump: root@mguard3:~# mv88e6xxx_dump --ports Using device <mdio_bus/d0032004.mdio-mii:01> 0 1 2 3 4 5 00 Port status 0006 9e4f 9e4f 9e4f 100f 0f0b 01 Physical control 0003 0003 0003 0003 0003 20ff 02 Jamming control ff00 0000 0000 0000 0000 0000 03 Switch ID 3410 3410 3410 3410 3410 3410 04 Port control 007c 043f 043f 043f 043c 373f 05 Port control 1 0000 0000 0000 0000 0000 0000 06 Port base VLAN map 007e 007c 007a 0076 006e 005f 07 Def VLAN ID & Prio 0001 0000 0000 0000 0000 0000 08 Port control 2 2080 0080 0080 0080 0080 0080 09 Egress rate control 0001 0001 0001 0001 0001 0001 0a Egress rate control 2 8000 0000 0000 0000 0000 0000 0b Port association vec 0001 0002 0004 0008 0010 0000 0c Port ATU control 0000 0000 0000 0000 0000 0000 0d Override 0000 0000 0000 0000 0000 0000 0e Policy control 0000 0000 0000 0000 0000 0000 0f Port ether type 9100 9100 9100 9100 9100 dada 10 Reserved 0000 0000 0000 0000 0000 0000 11 Reserved 0000 0000 0000 0000 0000 0000 12 Reserved 0000 0000 0000 0000 0000 0000 13 Reserved 0000 0000 0000 0000 0000 0000 14 Reserved 0000 0000 0000 0000 0000 0000 15 Reserved 0000 0000 0000 0000 0000 0000 16 LED control 0000 10eb 10eb 10eb 10eb 0000 17 Reserved 0000 0000 0000 0000 0000 0000 18 Tag remap low 3210 3210 3210 3210 3210 3210 19 Tag remap high 7654 7654 7654 7654 7654 7654 1a Reserved 0000 0000 0000 0000 5ea0 a100 1b Queue counters 8000 8000 8000 8000 8000 8000 1c Queue control 0000 0000 0000 0000 0000 0000 1d queue control 2 0000 0000 0000 0000 0000 0000 1e Cut through control f000 f000 f000 f000 f000 f000 1f Debug counters 0000 0014 0015 0012 0000 0010 I tested setting .tag_protocol=DSA_TAG_PROTO_DSA for the 6341 switch instead, resulting in a register setting of 04 Port control for port 5 = 0x053f (i.e. EgressMode=Unmodified mode, frames are transmitted unmodified), which looks correct to me. It does not fix the above problem, but the change seems to make sense anyhow. Should I send a patch ? Thanks and best regards Peter ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-11-25 14:09 ` Peter Vollmer @ 2020-11-26 21:41 ` Tobias Waldekranz 2020-11-26 22:23 ` Andrew Lunn 2020-12-01 8:49 ` Peter Vollmer 0 siblings, 2 replies; 12+ messages in thread From: Tobias Waldekranz @ 2020-11-26 21:41 UTC (permalink / raw) To: Peter Vollmer, Andrew Lunn; +Cc: Network Development On Wed, Nov 25, 2020 at 15:09, Peter Vollmer <peter.vollmer@gmail.com> wrote: > Hi, > I am still investigating the leaking packets problem we are having > with a setup of an armada-3720 SOC and a 88E6341 switch ( connected > via cpu port 5 , SGMII ,C_MODE=0xB, 2500 BASE-x). I now jumped to the > net-next kernel (5.10.0-rc4) and can now use the nice mv88e6xxx_dump > tool for switch register dumping. > > The described packet leaking still occurs, in a setup of ports > lan0-lan3 (switch ports 1-4) joined in a bridge br0. > > Here is my setup, ports lan0-3 are DSA ports coming in through eth1, > eth0 is a single 88E1512 phy connected to RGMII > root@DUT:~# brctl show > bridge name bridge id STP enabled interfaces > br0 8000.fafb2fbbd4c6 no lan0 > lan1 > lan2 > lan3 > root@DUT:~# ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > group default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP > group default qlen 1024 > link/ether c2:49:bc:0d:a8:57 brd ff:ff:ff:ff:ff:ff > inet 192.168.90.100/24 brd 192.168.90.255 scope global eth0 > valid_lft forever preferred_lft forever > 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc mq state UP > group default qlen 1024 > link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff > 4: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 > link/sit 0.0.0.0 brd 0.0.0.0 > 5: lan0@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > master br0 state UP group default qlen 1000 > link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff > 6: lan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > master br0 state UP group default qlen 1000 > link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff > 7: lan2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > master br0 state UP group default qlen 1000 > link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff > 8: lan3@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc > noqueue master br0 state LOWERLAYERDOWN group default qlen 1000 > link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff > 9: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state > UP group default qlen 1000 > link/ether fa:fb:2f:bb:d4:c6 brd ff:ff:ff:ff:ff:ff > inet 172.16.4.1/16 brd 172.16.4.255 scope global br0 > valid_lft forever preferred_lft forever > > - pinging from client0 (connected to lan0 ) to the bridge IP, the ping > requests (only the requests) are also seen on client1 connected to > lan1 This is the expected behavior of the current implementation I am afraid. It stems from the fact that the CPU responds to the echo request (or to any other request for that matter) with a FROM_CPU. This means that no learning takes place, and the SA of br0 will thus never reach the switch's FDB. So while client0 knows the MAC of br0, the switch (very counter-intuitively) does not. The result is that the unicast echo request sent by client0 is flooded as unknown unicast by the switch. This way it reaches the CPU but also, as you have discovered, all other ports that allow unknown unicast to egress. > - the other effect looks more suspicious: when pinging from br0 to the > IP of client0 connected to port lan0, after ~280 seconds client1 > connected to lan1 will also see the ping replies of client0 (only the > replies). And after another ~300seconds this stops again. This repeats > in a cycle . I can not account for the oscillating effect. In my system I see a continuous stream of respones from client0 when tcpdumping on client1. That said, 300s is the default age timeout so I would start by diffing the ATU when you are seeing replies on client1 and when you are not. The echo responses reaches client1 for the same reason as above. It is just that now that client0 is the pinged host, the responses are addressed to br0's MAC, which will be classified as unknown unicast. > I see these problems since at least kernel version 5.4.y, but not with > the old linux-marvel kernel sources > (https://github.com/MarvellEmbeddedProcessors/linux-marvell.git) > Can somebody using this switch in SGMII mode perhaps reproduce this ? My system is connected to the CPU over RGMII, but I would guess that that has no impact on this issue. The CPU is not responsible for flooding the packets to client1, the switch does that autonomously. If you tcpdump with "-Q out" on your base interface, I bet you will only see FROM_CPUs to the port that client0 is connected to. > One thing I noticed is that due to .tag_protocol=DSA_TAG_PROTO_EDSA > for the 88E6341 switch, EgressMode (port control 0x4 , bit13:12) is > set to an unsupported value of 0x3 ("reserved for future use" in the > switch spec). See the value in row 04 Port control for port 5 = 0x373f > in the following dump: > > root@mguard3:~# mv88e6xxx_dump --ports > Using device <mdio_bus/d0032004.mdio-mii:01> > 0 1 2 3 4 5 > 00 Port status 0006 9e4f 9e4f 9e4f 100f 0f0b > 01 Physical control 0003 0003 0003 0003 0003 20ff > 02 Jamming control ff00 0000 0000 0000 0000 0000 > 03 Switch ID 3410 3410 3410 3410 3410 3410 > 04 Port control 007c 043f 043f 043f 043c 373f > 05 Port control 1 0000 0000 0000 0000 0000 0000 > 06 Port base VLAN map 007e 007c 007a 0076 006e 005f > 07 Def VLAN ID & Prio 0001 0000 0000 0000 0000 0000 > 08 Port control 2 2080 0080 0080 0080 0080 0080 > 09 Egress rate control 0001 0001 0001 0001 0001 0001 > 0a Egress rate control 2 8000 0000 0000 0000 0000 0000 > 0b Port association vec 0001 0002 0004 0008 0010 0000 > 0c Port ATU control 0000 0000 0000 0000 0000 0000 > 0d Override 0000 0000 0000 0000 0000 0000 > 0e Policy control 0000 0000 0000 0000 0000 0000 > 0f Port ether type 9100 9100 9100 9100 9100 dada > 10 Reserved 0000 0000 0000 0000 0000 0000 > 11 Reserved 0000 0000 0000 0000 0000 0000 > 12 Reserved 0000 0000 0000 0000 0000 0000 > 13 Reserved 0000 0000 0000 0000 0000 0000 > 14 Reserved 0000 0000 0000 0000 0000 0000 > 15 Reserved 0000 0000 0000 0000 0000 0000 > 16 LED control 0000 10eb 10eb 10eb 10eb 0000 > 17 Reserved 0000 0000 0000 0000 0000 0000 > 18 Tag remap low 3210 3210 3210 3210 3210 3210 > 19 Tag remap high 7654 7654 7654 7654 7654 7654 > 1a Reserved 0000 0000 0000 0000 5ea0 a100 > 1b Queue counters 8000 8000 8000 8000 8000 8000 > 1c Queue control 0000 0000 0000 0000 0000 0000 > 1d queue control 2 0000 0000 0000 0000 0000 0000 > 1e Cut through control f000 f000 f000 f000 f000 f000 > 1f Debug counters 0000 0014 0015 0012 0000 0010 > > I tested setting .tag_protocol=DSA_TAG_PROTO_DSA for the 6341 switch > instead, resulting in a register setting of 04 Port control for port 5 > = 0x053f (i.e. EgressMode=Unmodified mode, frames are transmitted > unmodified), which looks correct to me. It does not fix the above > problem, but the change seems to make sense anyhow. Should I send a > patch ? This is not up to me, but my guess is that Andrew would like a patch, yes. On 6390X, I know for a fact that setting the EgressMode to 3 does indeed produce the behavior that was supported in older devices (like the 6352), but there is no reason not to change it to regular DSA. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-11-26 21:41 ` Tobias Waldekranz @ 2020-11-26 22:23 ` Andrew Lunn 2020-12-01 9:00 ` Peter Vollmer 2020-12-01 8:49 ` Peter Vollmer 1 sibling, 1 reply; 12+ messages in thread From: Andrew Lunn @ 2020-11-26 22:23 UTC (permalink / raw) To: Tobias Waldekranz; +Cc: Peter Vollmer, Network Development > > I tested setting .tag_protocol=DSA_TAG_PROTO_DSA for the 6341 switch > > instead, resulting in a register setting of 04 Port control for port 5 > > = 0x053f (i.e. EgressMode=Unmodified mode, frames are transmitted > > unmodified), which looks correct to me. It does not fix the above > > problem, but the change seems to make sense anyhow. Should I send a > > patch ? > > This is not up to me, but my guess is that Andrew would like a patch, > yes. On 6390X, I know for a fact that setting the EgressMode to 3 does > indeed produce the behavior that was supported in older devices (like > the 6352), but there is no reason not to change it to regular DSA. I already said to Tobias, i had problems getting the 6390 working, and this was one of the things i changed. I don't think i ever undid this specific change, to see how critical it is. But relying on undocumented behaviour is not nice. EDSA used to have the advantages that tcpdump understood it. But thanks to work Florian and Vivien did, tcpdump can now decode DSA just as well as EDSA. So please do submit a patch. Andrew ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-11-26 22:23 ` Andrew Lunn @ 2020-12-01 9:00 ` Peter Vollmer 2020-12-01 13:58 ` Andrew Lunn 0 siblings, 1 reply; 12+ messages in thread From: Peter Vollmer @ 2020-12-01 9:00 UTC (permalink / raw) To: Andrew Lunn; +Cc: Tobias Waldekranz, Network Development On Thu, Nov 26, 2020 at 11:23:59PM +0100, Andrew Lunn wrote: > > > I tested setting .tag_protocol=DSA_TAG_PROTO_DSA for the 6341 switch > > > instead, resulting in a register setting of 04 Port control for port 5 > > > = 0x053f (i.e. EgressMode=Unmodified mode, frames are transmitted > > > unmodified), which looks correct to me. It does not fix the above > > > problem, but the change seems to make sense anyhow. Should I send a > > > patch ? > > > > This is not up to me, but my guess is that Andrew would like a patch, > > yes. On 6390X, I know for a fact that setting the EgressMode to 3 does > > indeed produce the behavior that was supported in older devices (like > > the 6352), but there is no reason not to change it to regular DSA. > > I already said to Tobias, i had problems getting the 6390 working, and > this was one of the things i changed. I don't think i ever undid this > specific change, to see how critical it is. But relying on > undocumented behaviour is not nice. > > EDSA used to have the advantages that tcpdump understood it. But > thanks to work Florian and Vivien did, tcpdump can now decode DSA just > as well as EDSA. > > So please do submit a patch. I checked both cases (EDSA, DSA) with tcpdump on eth1 (SGMII to the switch), they both seem to work and tcpdump recognizes two different formats, MEDSA for DSA_TAG_PROTO_EDSA and "ethertype unknown (0x4018 (or 0xc018))" for DSA_TAG_PROTO_DSA (due to an older tcpdump version 4.9.3 I guess). Maybe I can get some information from our support if DSA_TAG_PROTO_EDSA is supported for the port config (0x4) register on the 6341 switch after all or if it should be omitted. Thanks Peter ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-12-01 9:00 ` Peter Vollmer @ 2020-12-01 13:58 ` Andrew Lunn 0 siblings, 0 replies; 12+ messages in thread From: Andrew Lunn @ 2020-12-01 13:58 UTC (permalink / raw) To: Peter Vollmer; +Cc: Tobias Waldekranz, Network Development Hi Peter > Maybe I can get some information from our support if > DSA_TAG_PROTO_EDSA is supported for the port config (0x4) register > on the 6341 switch after all or if it should be omitted. It would be nice to hear what Marvell says about this. It does seem an odd thing to remove, so it could be a documentation issue. Andrew ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-11-26 21:41 ` Tobias Waldekranz 2020-11-26 22:23 ` Andrew Lunn @ 2020-12-01 8:49 ` Peter Vollmer 2020-12-01 12:29 ` Tobias Waldekranz 1 sibling, 1 reply; 12+ messages in thread From: Peter Vollmer @ 2020-12-01 8:49 UTC (permalink / raw) To: Tobias Waldekranz; +Cc: Andrew Lunn, Network Development On Thu, Nov 26, 2020 at 10:41:44PM +0100, Tobias Waldekranz wrote: > On Wed, Nov 25, 2020 at 15:09, Peter Vollmer <peter.vollmer@gmail.com> wrote: > > - pinging from client0 (connected to lan0 ) to the bridge IP, the ping > > requests (only the requests) are also seen on client1 connected to > > lan1 > > This is the expected behavior of the current implementation I am > afraid. It stems from the fact that the CPU responds to the echo request > (or to any other request for that matter) with a FROM_CPU. This means > that no learning takes place, and the SA of br0 will thus never reach > the switch's FDB. So while client0 knows the MAC of br0, the switch > (very counter-intuitively) does not. > > The result is that the unicast echo request sent by client0 is flooded > as unknown unicast by the switch. This way it reaches the CPU but also, > as you have discovered, all other ports that allow unknown unicast to > egress. > Thanks for this explanation. Would there be a way to inject the br0 MAC into the switch FDB using 'bridge fdb' or some other tool as a workaround ? And is this behaviour the same with all other DSA capable switches (or at least the mv88e6xxx ones)? Will this change eventually after the implementation is complete ? Thanks and best regards Peter ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: dsa/mv88e6xxx: leaking packets on MV88E6341 switch 2020-12-01 8:49 ` Peter Vollmer @ 2020-12-01 12:29 ` Tobias Waldekranz 0 siblings, 0 replies; 12+ messages in thread From: Tobias Waldekranz @ 2020-12-01 12:29 UTC (permalink / raw) To: Peter Vollmer; +Cc: Andrew Lunn, Vladimir Oltean, Network Development On Tue, Dec 01, 2020 at 09:49, Peter Vollmer <peter.vollmer@gmail.com> wrote: > On Thu, Nov 26, 2020 at 10:41:44PM +0100, Tobias Waldekranz wrote: >> On Wed, Nov 25, 2020 at 15:09, Peter Vollmer <peter.vollmer@gmail.com> wrote: >> > - pinging from client0 (connected to lan0 ) to the bridge IP, the ping >> > requests (only the requests) are also seen on client1 connected to >> > lan1 >> >> This is the expected behavior of the current implementation I am >> afraid. It stems from the fact that the CPU responds to the echo request >> (or to any other request for that matter) with a FROM_CPU. This means >> that no learning takes place, and the SA of br0 will thus never reach >> the switch's FDB. So while client0 knows the MAC of br0, the switch >> (very counter-intuitively) does not. >> >> The result is that the unicast echo request sent by client0 is flooded >> as unknown unicast by the switch. This way it reaches the CPU but also, >> as you have discovered, all other ports that allow unknown unicast to >> egress. >> > > Thanks for this explanation. Would there be a way to inject the br0 MAC > into the switch FDB using 'bridge fdb' or some other tool as a > workaround ? Unfortunately not. DSA will only attempt to offload FDB entries on user ports to the ATU at the moment. Vladimir has started work on a series that would also offload addresses from "foreign" ports: https://lore.kernel.org/netdev/20201108131953.2462644-1-olteanv@gmail.com/ His work could possibly be extended to include addresses added to the bridge itself. > And is this behaviour the same with all other DSA capable > switches (or at least the mv88e6xxx ones)? Will this change eventually For mv88e6xxx, yes. These devices will never perform learning on FROM_CPU frames. > after the implementation is complete ? I sure hope so. There are multiple ways forward here. Vladimirs approach with adding dynamically learned addresses as static entries is one way. I would like to do some work to optimize multicast forwarding performance that would also, as a side-effect, solve this problem. Because it would mean that we would start sending FORWARD frames from the CPU for bridged traffic, and thus the switch would be able to learn the location of the source address. ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2020-12-01 13:59 UTC | newest] Thread overview: 12+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-09-30 10:09 dsa/mv88e6xxx: leaking packets on MV88E6341 switch Peter Vollmer 2020-09-30 10:28 ` Vladimir Oltean 2020-09-30 11:57 ` Peter Vollmer 2020-09-30 19:19 ` Andrew Lunn 2020-10-01 6:21 ` Peter Vollmer 2020-11-25 14:09 ` Peter Vollmer 2020-11-26 21:41 ` Tobias Waldekranz 2020-11-26 22:23 ` Andrew Lunn 2020-12-01 9:00 ` Peter Vollmer 2020-12-01 13:58 ` Andrew Lunn 2020-12-01 8:49 ` Peter Vollmer 2020-12-01 12:29 ` Tobias Waldekranz
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).