From: Vladimir Oltean <olteanv@gmail.com>
To: netdev@kapio-technology.com
Cc: Ido Schimmel <idosch@nvidia.com>,
davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org,
Florian Fainelli <f.fainelli@gmail.com>,
Andrew Lunn <andrew@lunn.ch>,
Vivien Didelot <vivien.didelot@gmail.com>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Kurt Kanzenbach <kurt@linutronix.de>,
Hauke Mehrtens <hauke@hauke-m.de>,
Woojung Huh <woojung.huh@microchip.com>,
UNGLinuxDriver@microchip.com, Sean Wang <sean.wang@mediatek.com>,
Landen Chao <Landen.Chao@mediatek.com>,
DENG Qingfang <dqfext@gmail.com>,
Matthias Brugger <matthias.bgg@gmail.com>,
Claudiu Manoil <claudiu.manoil@nxp.com>,
Alexandre Belloni <alexandre.belloni@bootlin.com>,
Jiri Pirko <jiri@resnulli.us>, Ivan Vecera <ivecera@redhat.com>,
Roopa Prabhu <roopa@nvidia.com>,
Nikolay Aleksandrov <razor@blackwall.org>,
Shuah Khan <shuah@kernel.org>,
Russell King <linux@armlinux.org.uk>,
Christian Marangi <ansuelsmth@gmail.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Yuwei Wang <wangyuweihx@gmail.com>,
Petr Machata <petrm@nvidia.com>,
Florent Fourcot <florent.fourcot@wifirst.fr>,
Hans Schultz <schultz.hans@gmail.com>,
Joachim Wiberg <troglobit@gmail.com>,
Amit Cohen <amcohen@nvidia.com>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-mediatek@lists.infradead.org,
bridge@lists.linux-foundation.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v8 net-next 05/12] net: dsa: propagate the locked flag down through the DSA layer
Date: Fri, 21 Oct 2022 02:57:50 +0300 [thread overview]
Message-ID: <20221020235750.ql5v55y3knnxofna@skbuf> (raw)
In-Reply-To: <8456155b8e0f6327e4fb595c7a08399b@kapio-technology.com>
On Thu, Oct 20, 2022 at 08:47:39PM +0200, netdev@kapio-technology.com wrote:
> Just to add to it, now that there is a u16 for flags in the bridge->driver
> direction, making it easier to add such flags, I expect that for the
> mv88e6xxx driver there shall be a 'IS_DYNAMIC' flag also, as authorized
> hosts will have their authorized FDB entries added with dynamic entries...
With what is implemented in this patchset, the MAB daemon uses static
FDB entries for authorizations, just like the selftests, right? That's
the only thing that works.
> Now as the bridge will not be able to refresh such authorized FDB entries
> based on unicast incoming traffic on the locked port in the offloaded case,
> besides we don't want the CPU to do such in this case anyway,
..because the software bridge refreshes the FDB entry based on the traffic
it sees, and the hardware port refreshes the corresponding ATU entry
based on the traffic *it* sees, and the 2 are not in sync because most
of the traffic is autonomously forwarded, causing the FDB to be
refreshed more often in hardware than in software..
> to keep the authorized line alive without having to reauthorize in
> like every 5 minutes, the driver needs to do the ageing (and refreshing)
> of the dynamic entry added from userspace.
You're saying "now [...] to keep the authorized line alive [...], the
driver needs to do the [...] refreshing of the dynamic [FDB] entry".
Can you point me to the code where that is done now?
Or perhaps I'm misunderstanding and it is a "future now"...
> When the entry "ages" out, there is the HoldAt1 feature and Age Out
> Violations that should be used to tell userspace (plus bridge) that
> this authorization has been removed by the driver as the host has gone
> quiet.
So this is your proposal for how a dynamic FDB entry could be offloaded.
Have you given any thought to how can we prevent the software FDB entry
from ageing out first, and causing the hardware FDB entry to be removed
too, through the ensuing switchdev notification?
> So all in all, there is the need of another flag from
> userspace->bridge->driver, telling that we want a dynamic ATU entry (with
> mv88e6xxx it will start at age 7).
Sorry for the elementary question, but what is gained from making the
authorized FDB entries dynamic in the bridge? You don't have to
reauthorize every 5 minutes even with the current implementation; you
could make the FDB entries static. The ability for authorized stations
to roam? This is why the authorizations are removed every 5 minutes,
to see if anybody is still there? Who removes the authorizations in the
implementation with the currently proposed patch set? The MAB daemon,
right?
Could you please present a high level overview of how you want things to
look in the end and how far you are along that line? Maybe a set of user
space + kernel repos where everything is implemented and works?
next prev parent reply other threads:[~2022-10-20 23:58 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-18 16:56 [PATCH v8 net-next 00/12] Extend locked port feature with FDB locked flag (MAC-Auth/MAB) Hans J. Schultz
2022-10-18 16:56 ` [PATCH v8 net-next 01/12] net: bridge: add locked entry fdb flag to extend locked port feature Hans J. Schultz
2022-10-20 12:54 ` Ido Schimmel
2022-10-20 19:37 ` netdev
2022-10-21 0:11 ` Jakub Kicinski
2022-10-18 16:56 ` [PATCH v8 net-next 02/12] net: bridge: add blackhole fdb entry flag Hans J. Schultz
2022-10-20 13:06 ` Ido Schimmel
2022-10-20 19:34 ` netdev
2022-10-23 5:32 ` netdev
2022-10-24 17:08 ` Jakub Kicinski
2022-10-18 16:56 ` [PATCH v8 net-next 03/12] net: bridge: enable bridge to install locked fdb entries from drivers Hans J. Schultz
2022-10-20 12:55 ` Vladimir Oltean
2022-10-20 19:29 ` netdev
2022-10-20 22:43 ` Vladimir Oltean
2022-10-18 16:56 ` [PATCH v8 net-next 04/12] net: bridge: add MAB flag to hardware offloadable flags Hans J. Schultz
2022-10-18 16:56 ` [PATCH v8 net-next 05/12] net: dsa: propagate the locked flag down through the DSA layer Hans J. Schultz
2022-10-20 13:02 ` Vladimir Oltean
2022-10-20 13:24 ` Ido Schimmel
2022-10-20 13:35 ` Vladimir Oltean
2022-10-20 13:57 ` Ido Schimmel
2022-10-20 14:04 ` Vladimir Oltean
2022-10-20 14:58 ` Ido Schimmel
2022-10-20 15:25 ` Vladimir Oltean
2022-10-20 14:11 ` Vladimir Oltean
2022-10-20 15:23 ` Ido Schimmel
2022-10-20 15:36 ` Vladimir Oltean
2022-10-20 18:47 ` netdev
2022-10-20 23:57 ` Vladimir Oltean [this message]
2022-10-20 19:43 ` netdev
2022-10-20 22:52 ` Vladimir Oltean
2022-10-18 16:56 ` [PATCH v8 net-next 06/12] net: bridge: enable bridge to send and receive blackhole FDB entries Hans J. Schultz
2022-10-18 16:56 ` [PATCH v8 net-next 07/12] net: dsa: send the blackhole flag down through the DSA layer Hans J. Schultz
2022-10-18 16:56 ` [PATCH v8 net-next 08/12] drivers: net: dsa: add fdb entry flags incoming to switchcore drivers Hans J. Schultz
2022-10-20 13:12 ` Vladimir Oltean
2022-10-18 16:56 ` [PATCH v8 net-next 09/12] net: dsa: mv88e6xxx: allow reading FID when handling ATU violations Hans J. Schultz
2022-10-18 16:56 ` [PATCH v8 net-next 10/12] net: dsa: mv88e6xxx: mac-auth/MAB implementation Hans J. Schultz
2022-10-20 13:25 ` Vladimir Oltean
2022-10-20 19:59 ` netdev
2022-10-20 20:20 ` netdev
2022-10-20 22:57 ` Vladimir Oltean
2022-10-21 6:47 ` netdev
2022-10-21 11:22 ` Vladimir Oltean
2022-10-21 13:16 ` netdev
2022-10-21 16:30 ` Vladimir Oltean
2022-10-21 17:18 ` netdev
2022-10-21 17:30 ` Vladimir Oltean
2022-10-21 17:39 ` netdev
2022-10-21 18:14 ` Vladimir Oltean
2022-10-22 7:24 ` netdev
2022-10-22 12:02 ` Vladimir Oltean
2022-10-22 13:15 ` netdev
2022-10-22 8:50 ` Oleksandr Mazur
2022-10-22 11:32 ` Vladimir Oltean
2022-10-22 12:55 ` Oleksandr Mazur
2022-10-22 13:39 ` Vladimir Oltean
2022-10-22 13:49 ` Ido Schimmel
2022-10-22 14:11 ` netdev
2022-10-22 14:49 ` Vladimir Oltean
2022-10-23 6:53 ` Ido Schimmel
2022-10-20 21:09 ` netdev
2022-10-20 23:00 ` Vladimir Oltean
2022-10-22 7:31 ` netdev
2022-10-22 11:55 ` Vladimir Oltean
2022-10-18 16:56 ` [PATCH v8 net-next 11/12] net: dsa: mv88e6xxx: add blackhole ATU entries Hans J. Schultz
2022-10-20 13:11 ` Vladimir Oltean
2022-10-18 16:56 ` [PATCH v8 net-next 12/12] selftests: forwarding: add MAB tests to locked port tests Hans J. Schultz
2022-10-20 12:35 ` Ido Schimmel
2022-10-19 18:58 ` [PATCH v8 net-next 00/12] Extend locked port feature with FDB locked flag (MAC-Auth/MAB) Jakub Kicinski
2022-10-20 9:55 ` Ido Schimmel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221020235750.ql5v55y3knnxofna@skbuf \
--to=olteanv@gmail.com \
--cc=Landen.Chao@mediatek.com \
--cc=UNGLinuxDriver@microchip.com \
--cc=alexandre.belloni@bootlin.com \
--cc=amcohen@nvidia.com \
--cc=andrew@lunn.ch \
--cc=ansuelsmth@gmail.com \
--cc=bridge@lists.linux-foundation.org \
--cc=claudiu.manoil@nxp.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dqfext@gmail.com \
--cc=edumazet@google.com \
--cc=f.fainelli@gmail.com \
--cc=florent.fourcot@wifirst.fr \
--cc=hauke@hauke-m.de \
--cc=idosch@nvidia.com \
--cc=ivecera@redhat.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=kurt@linutronix.de \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux@armlinux.org.uk \
--cc=matthias.bgg@gmail.com \
--cc=netdev@kapio-technology.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=razor@blackwall.org \
--cc=roopa@nvidia.com \
--cc=schultz.hans@gmail.com \
--cc=sean.wang@mediatek.com \
--cc=shuah@kernel.org \
--cc=troglobit@gmail.com \
--cc=vivien.didelot@gmail.com \
--cc=wangyuweihx@gmail.com \
--cc=woojung.huh@microchip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox