From: Hans Schultz <schultz.hans@gmail.com>
To: Andrew Lunn <andrew@lunn.ch>, Ido Schimmel <idosch@idosch.org>
Cc: Hans Schultz <schultz.hans@gmail.com>,
davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org,
Roopa Prabhu <roopa@nvidia.com>,
Nikolay Aleksandrov <nikolay@nvidia.com>,
linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org
Subject: Re: [PATCH net-next 1/4] net: bridge: Add support for bridge port in locked mode
Date: Tue, 08 Feb 2022 10:06:43 +0100 [thread overview]
Message-ID: <867da5viak.fsf@gmail.com> (raw)
In-Reply-To: <YgEkXARS160I9Ooe@lunn.ch>
On mån, feb 07, 2022 at 14:53, Andrew Lunn <andrew@lunn.ch> wrote:
>> > + if (p->flags & BR_PORT_LOCKED) {
>> > + fdb_entry = br_fdb_find_rcu(br, eth_hdr(skb)->h_source, vid);
>> > + if (!(fdb_entry && fdb_entry->dst == p))
>> > + goto drop;
>>
>> I'm not familiar with 802.1X so I have some questions:
>
> Me neither.
>
>>
>> 1. Do we need to differentiate between no FDB entry and an FDB entry
>> pointing to a different port than we expect?
>
> And extending that question, a static vs a dynamic entry?
>
> Andrew
The question is - if there is an fdb entry or not - for the specific client
mac address behind the locked port in the bridge associated with the
respective locked port and vlan taken into consideration.
Normally you would have learning disabled, or from a fresh start if a port
is locked, it will not learn on incoming from that port, so you need to
add the fdb entry from user-space. In the common case you will want to
use static entries and remember the master flag for the entry to go to
the bridge module.
next prev parent reply other threads:[~2022-02-08 9:07 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-07 10:07 [PATCH net-next 0/4] Add support for locked bridge ports (for 802.1X) Hans Schultz
2022-02-07 10:07 ` [PATCH net-next 1/4] net: bridge: Add support for bridge port in locked mode Hans Schultz
2022-02-07 10:49 ` Ido Schimmel
2022-02-07 13:53 ` Andrew Lunn
2022-02-08 9:06 ` Hans Schultz [this message]
2022-02-08 10:26 ` Hans Schultz
2022-02-07 17:30 ` Stephen Hemminger
2024-05-21 19:27 ` Stephen Hemminger
2022-02-07 10:07 ` [PATCH net-next 2/4] net: bridge: dsa: Add support for offloading of locked port flag Hans Schultz
2022-02-07 10:51 ` Nikolay Aleksandrov
2022-02-07 10:07 ` [PATCH net-next 3/4] net: dsa: mv88e6xxx: Add support for bridge port locked feature Hans Schultz
2022-02-07 14:05 ` Andrew Lunn
2022-02-08 12:14 ` Hans Schultz
2022-02-08 13:26 ` Andrew Lunn
2022-02-07 10:07 ` [PATCH net-next 4/4] net: bridge: Refactor bridge port in locked mode to use jump labels Hans Schultz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=867da5viak.fsf@gmail.com \
--to=schultz.hans@gmail.com \
--cc=andrew@lunn.ch \
--cc=bridge@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=idosch@idosch.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nikolay@nvidia.com \
--cc=roopa@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).