From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9BAEDC1B0F7 for ; Fri, 18 Jan 2019 21:49:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 466A02054F for ; Fri, 18 Jan 2019 21:49:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="civ26+Y6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729751AbfARVtJ (ORCPT ); Fri, 18 Jan 2019 16:49:09 -0500 Received: from mail-ed1-f65.google.com ([209.85.208.65]:42319 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729708AbfARVtI (ORCPT ); Fri, 18 Jan 2019 16:49:08 -0500 Received: by mail-ed1-f65.google.com with SMTP id y20so12284889edw.9 for ; Fri, 18 Jan 2019 13:49:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=sqEcmVqo1F+HzFsk1DfppIWHP13amMJR2oWzjv3cnMA=; b=civ26+Y6LfEc5FIQCP0Zk9EcM/EEL4kDKlPUptG6LN7qmMr/KzQZtLJ3741d3iBhBw SOZhKSMBZ85QqVvZdybdGYhoee4ZT5LtcgvKFAy+tLigMrO+xyCDPjz68grhqlB/dFro mXRafacyDfXBf1Vz9IsrU/IJIUANz9S6QLuMgyB7xSMnitJkrYnNeg5HpEZKuIP0lV2m zmAv2pR7DhZlUMzpXo+5IMhEHRwJ5Llz2TPbMnosiVnHNvt0woEN/jFcZFeLp1BPeI4q G8aacbZo4c35d6C4uSqDIi0VfcAfeLS72Nmpo4wQXLhG3ZEqNdFopBJpi2FFcaGaP/Jc FLBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=sqEcmVqo1F+HzFsk1DfppIWHP13amMJR2oWzjv3cnMA=; b=H9ZeC1zNcfaVnY1syQ8DBkhXfw7M9j5LBVIIeg46QqhHNpbbdRdoX+9kXfZ9FYBDgv 4N+iHkytG0EDH7gU09ckQ4ZEHUiIIhMTbdH9jCamgIrT3cGjvs21YyR3AS4+8ucxFnqx U5Pm3hCqC0lY4rxY7nJZuK/L53ZuE0VjqcHIL8ZRAilXdLhPod7vZUc4dUbqWiq0OoDy /pQAJcZp74qzEovo+JNjAOz2KxOGrH2YbZzOSPjauQ6wVy1uqv3Ume5PgQlNDyhzExpm yDOg2C80RkOK31wqUpHElLe7GOcD5OZsxnI84857J0AI5MNxkFuLVWPz9xHjgX4H67hl 05TA== X-Gm-Message-State: AJcUukc0Cl5KJMcUQEA72QXjBYeq4MaEUt4pgX2qqlt3QKIrHkc9TVrh Ff9CdYp+zukM4Ez3OMBq0yo= X-Google-Smtp-Source: ALg8bN47CZmBQglrxjg4dDhr3W7OGKcMUj0k9wW7BDTiOkG4dOJStm25qcIcG6fxpxrXG+7E7MIq6g== X-Received: by 2002:a50:b103:: with SMTP id k3mr16791388edd.247.1547848145646; Fri, 18 Jan 2019 13:49:05 -0800 (PST) Received: from [10.67.49.9] ([192.19.223.250]) by smtp.googlemail.com with ESMTPSA id p10-v6sm3993457ejn.39.2019.01.18.13.49.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Jan 2019 13:49:04 -0800 (PST) Subject: Re: [PATCH net-next 09/14] net: bridge: Propagate MC addresses with VID through switchdev To: Ido Schimmel Cc: "netdev@vger.kernel.org" , "andrew@lunn.ch" , "vivien.didelot@gmail.com" , "davem@davemloft.net" , Jiri Pirko , "ilias.apalodimas@linaro.org" , "ivan.khoronzhuk@linaro.org" , "roopa@cumulusnetworks.com" , "nikolay@cumulusnetworks.com" References: <20190116200102.2749-1-f.fainelli@gmail.com> <20190116200102.2749-10-f.fainelli@gmail.com> <20190117140551.GA21505@splinter> <95dbaf05-4438-d09d-9126-5e65a70d4d93@gmail.com> <20190118114100.GA4763@splinter> From: Florian Fainelli Openpgp: preference=signencrypt Autocrypt: addr=f.fainelli@gmail.com; prefer-encrypt=mutual; keydata= mQGiBEjPuBIRBACW9MxSJU9fvEOCTnRNqG/13rAGsj+vJqontvoDSNxRgmafP8d3nesnqPyR xGlkaOSDuu09rxuW+69Y2f1TzjFuGpBk4ysWOR85O2Nx8AJ6fYGCoeTbovrNlGT1M9obSFGQ X3IzRnWoqlfudjTO5TKoqkbOgpYqIo5n1QbEjCCwCwCg3DOH/4ug2AUUlcIT9/l3pGvoRJ0E AICDzi3l7pmC5IWn2n1mvP5247urtHFs/uusE827DDj3K8Upn2vYiOFMBhGsxAk6YKV6IP0d ZdWX6fqkJJlu9cSDvWtO1hXeHIfQIE/xcqvlRH783KrihLcsmnBqOiS6rJDO2x1eAgC8meAX SAgsrBhcgGl2Rl5gh/jkeA5ykwbxA/9u1eEuL70Qzt5APJmqVXR+kWvrqdBVPoUNy/tQ8mYc nzJJ63ng3tHhnwHXZOu8hL4nqwlYHRa9eeglXYhBqja4ZvIvCEqSmEukfivk+DlIgVoOAJbh qIWgvr3SIEuR6ayY3f5j0f2ejUMYlYYnKdiHXFlF9uXm1ELrb0YX4GMHz7QnRmxvcmlhbiBG YWluZWxsaSA8Zi5mYWluZWxsaUBnbWFpbC5jb20+iGYEExECACYCGyMGCwkIBwMCBBUCCAME FgIDAQIeAQIXgAUCVF/S8QUJHlwd3wAKCRBhV5kVtWN2DvCVAJ4u4/bPF4P3jxb4qEY8I2gS 6hG0gACffNWlqJ2T4wSSn+3o7CCZNd7SLSC5BA0ESM+4EhAQAL/o09boR9D3Vk1Tt7+gpYr3 WQ6hgYVON905q2ndEoA2J0dQxJNRw3snabHDDzQBAcqOvdi7YidfBVdKi0wxHhSuRBfuOppu pdXkb7zxuPQuSveCLqqZWRQ+Cc2QgF7SBqgznbe6Ngout5qXY5Dcagk9LqFNGhJQzUGHAsIs hap1f0B1PoUyUNeEInV98D8Xd/edM3mhO9nRpUXRK9Bvt4iEZUXGuVtZLT52nK6Wv2EZ1TiT OiqZlf1P+vxYLBx9eKmabPdm3yjalhY8yr1S1vL0gSA/C6W1o/TowdieF1rWN/MYHlkpyj9c Rpc281gAO0AP3V1G00YzBEdYyi0gaJbCEQnq8Vz1vDXFxHzyhgGz7umBsVKmYwZgA8DrrB0M oaP35wuGR3RJcaG30AnJpEDkBYHznI2apxdcuTPOHZyEilIRrBGzDwGtAhldzlBoBwE3Z3MY 31TOpACu1ZpNOMysZ6xiE35pWkwc0KYm4hJA5GFfmWSN6DniimW3pmdDIiw4Ifcx8b3mFrRO BbDIW13E51j9RjbO/nAaK9ndZ5LRO1B/8Fwat7bLzmsCiEXOJY7NNpIEpkoNoEUfCcZwmLrU +eOTPzaF6drw6ayewEi5yzPg3TAT6FV3oBsNg3xlwU0gPK3v6gYPX5w9+ovPZ1/qqNfOrbsE FRuiSVsZQ5s3AAMFD/9XjlnnVDh9GX/r/6hjmr4U9tEsM+VQXaVXqZuHKaSmojOLUCP/YVQo 7IiYaNssCS4FCPe4yrL4FJJfJAsbeyDykMN7wAnBcOkbZ9BPJPNCbqU6dowLOiy8AuTYQ48m vIyQ4Ijnb6GTrtxIUDQeOBNuQC/gyyx3nbL/lVlHbxr4tb6YkhkO6shjXhQh7nQb33FjGO4P WU11Nr9i/qoV8QCo12MQEo244RRA6VMud06y/E449rWZFSTwGqb0FS0seTcYNvxt8PB2izX+ HZA8SL54j479ubxhfuoTu5nXdtFYFj5Lj5x34LKPx7MpgAmj0H7SDhpFWF2FzcC1bjiW9mjW HaKaX23Awt97AqQZXegbfkJwX2Y53ufq8Np3e1542lh3/mpiGSilCsaTahEGrHK+lIusl6mz Joil+u3k01ofvJMK0ZdzGUZ/aPMZ16LofjFA+MNxWrZFrkYmiGdv+LG45zSlZyIvzSiG2lKy kuVag+IijCIom78P9jRtB1q1Q5lwZp2TLAJlz92DmFwBg1hyFzwDADjZ2nrDxKUiybXIgZp9 aU2d++ptEGCVJOfEW4qpWCCLPbOT7XBr+g/4H3qWbs3j/cDDq7LuVYIe+wchy/iXEJaQVeTC y5arMQorqTFWlEOgRA8OP47L9knl9i4xuR0euV6DChDrguup2aJVU4hPBBgRAgAPAhsMBQJU X9LxBQkeXB3fAAoJEGFXmRW1Y3YOj4UAn3nrFLPZekMeqX5aD/aq/dsbXSfyAKC45Go0YyxV HGuUuzv+GKZ6nsysJ7kCDQRXG8fwARAA6q/pqBi5PjHcOAUgk2/2LR5LjjesK50bCaD4JuNc YDhFR7Vs108diBtsho3w8WRd9viOqDrhLJTroVckkk74OY8r+3t1E0Dd4wHWHQZsAeUvOwDM PQMqTUBFuMi6ydzTZpFA2wBR9x6ofl8Ax+zaGBcFrRlQnhsuXLnM1uuvS39+pmzIjasZBP2H UPk5ifigXcpelKmj6iskP3c8QN6x6GjUSmYx+xUfs/GNVSU1XOZn61wgPDbgINJd/THGdqiO iJxCLuTMqlSsmh1+E1dSdfYkCb93R/0ZHvMKWlAx7MnaFgBfsG8FqNtZu3PCLfizyVYYjXbV WO1A23riZKqwrSJAATo5iTS65BuYxrFsFNPrf7TitM8E76BEBZk0OZBvZxMuOs6Z1qI8YKVK UrHVGFq3NbuPWCdRul9SX3VfOunr9Gv0GABnJ0ET+K7nspax0xqq7zgnM71QEaiaH17IFYGS sG34V7Wo3vyQzsk7qLf9Ajno0DhJ+VX43g8+AjxOMNVrGCt9RNXSBVpyv2AMTlWCdJ5KI6V4 KEzWM4HJm7QlNKE6RPoBxJVbSQLPd9St3h7mxLcne4l7NK9eNgNnneT7QZL8fL//s9K8Ns1W t60uQNYvbhKDG7+/yLcmJgjF74XkGvxCmTA1rW2bsUriM533nG9gAOUFQjURkwI8jvMAEQEA AYkCaAQYEQIACQUCVxvH8AIbAgIpCRBhV5kVtWN2DsFdIAQZAQIABgUCVxvH8AAKCRCH0Jac RAcHBIkHD/9nmfog7X2ZXMzL9ktT++7x+W/QBrSTCTmq8PK+69+INN1ZDOrY8uz6htfTLV9+ e2W6G8/7zIvODuHk7r+yQ585XbplgP0V5Xc8iBHdBgXbqnY5zBrcH+Q/oQ2STalEvaGHqNoD UGyLQ/fiKoLZTPMur57Fy1c9rTuKiSdMgnT0FPfWVDfpR2Ds0gpqWePlRuRGOoCln5GnREA/ 2MW2rWf+CO9kbIR+66j8b4RUJqIK3dWn9xbENh/aqxfonGTCZQ2zC4sLd25DQA4w1itPo+f5 V/SQxuhnlQkTOCdJ7b/mby/pNRz1lsLkjnXueLILj7gNjwTabZXYtL16z24qkDTI1x3g98R/ xunb3/fQwR8FY5/zRvXJq5us/nLvIvOmVwZFkwXc+AF+LSIajqQz9XbXeIP/BDjlBNXRZNdo dVuSU51ENcMcilPr2EUnqEAqeczsCGpnvRCLfVQeSZr2L9N4svNhhfPOEscYhhpHTh0VPyxI pPBNKq+byuYPMyk3nj814NKhImK0O4gTyCK9b+gZAVvQcYAXvSouCnTZeJRrNHJFTgTgu6E0 caxTGgc5zzQHeX67eMzrGomG3ZnIxmd1sAbgvJUDaD2GrYlulfwGWwWyTNbWRvMighVdPkSF 6XFgQaosWxkV0OELLy2N485YrTr2Uq64VKyxpncLh50e2RnyAJ9Za0Dx0yyp44iD1OvHtkEI M5kY0ACeNhCZJvZ5g4C2Lc9fcTHu8jxmEkI= Message-ID: Date: Fri, 18 Jan 2019 13:48:56 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: <20190118114100.GA4763@splinter> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On 1/18/19 3:41 AM, Ido Schimmel wrote: > On Thu, Jan 17, 2019 at 11:17:57AM -0800, Florian Fainelli wrote: >> On 1/17/19 6:05 AM, Ido Schimmel wrote: >>> On Wed, Jan 16, 2019 at 12:00:57PM -0800, Florian Fainelli wrote: >>>> In order for bridge port members to get a chance to implement unicast >>>> and multicast address filtering correctly, which would matter for e.g: >>>> switch network devices, synchronize the UC and MC lists down to the >>>> individual bridge port members using switchdev HOST_MDB objects such >>>> that this does not impact drivers that already have a ndo_set_rx_mode() >>>> operation which likely already operate in promiscuous mode. >>>> >>>> When the bridge has multicast snooping enabled, proper HOST_MDB >>>> notifications will be sent through br_mdb_notify() already. >>> >>> I don't understand the change. HOST_MDB is used to notify underlying >>> drivers about MDB entries that should be configured to locally receive >>> packets. This is triggered by the transmission of an IGMP report through >>> the bridge, for example. >>> >>> It seems that you're trying to overload HOST_MDB with multicast address >>> filtering on bridge ports? >> >> I don't really think this is an abuse of HOST_MDB, since in case the >> bridge has multicast_snooping enabled, and there is e.g: a multicast >> application bound to the bridge master device, we would get those >> notifications through HOST_MDB already. This is the same use case that I >> am addressing here, ndo_set_rx_mode() learns about local multicast >> addresses that should be programmed, which means there is a multicast >> application listening on the bridge master device itself. >> >> The problem that I want to solve is that with Broadcom b53/bcm_sf2 >> switches, we cannot easily filter/flood multicast for the CPU/management >> port. >> >> We have per-port controls for MC/IPMC flooding, and we also have a >> separate control for CPU/management port receiving multicast. If either >> of these two bits/settings are configured, then the CPU port will always >> receive multicast, even when we should be filtering it in HW. The only >> way to perform selective reception of multicast to the CPU port is to >> program a corresponding MDB entry. >> >>> Why are you performing this filtering? >> >> If I do not filter, then non-bridged ports on which there is no >> multicast application bound to would be passing up multicast traffic all >> the way to the CPU port, which then has to be dropped in software. This >> is not acceptable IMHO because it is a deviation from how a standalone >> NIC supporting multicast filtering would operate. >> >>> Shouldn't you allow all MAC addresses to ingress? >> >> I do allow all MC addresses to ingress on the front-panel switch ports >> (while honoring the multicast_snooping setting), but we have no control >> over what the CPU/management port should be doing. >> >> As I wrote earlier, if we flood to the CPU/management port, because >> there is at least one switch device port, in the bridge, and that bridge >> has multicast_snooping disabled, then this could break filtering for >> other, non-bridged ports. That is really not acceptable IMHO. >> >> The reason why I chose switchdev HOST_MDB notification here are two fold: >> >> - this is the same use case as with multicast_snooping=1 and we target >> the CPU port within DSA to resolve that use case, so from the switch >> driver perspective, there is no difference in the context >> >> - this does not impact network device drivers that have a >> ndo_set_rx_mode() and somehow decide to support things through that API >> since those would typically have a switchdev_port_attr_set() callback > > HOST_MDB was added for a very specific use case. To allow the bridge > driver to notify underlying switch drivers about MDB entries that should > be programmed to locally receive packets when multicast is enabled. > Andrew described it very nicely in merge commit > 5d37636abd15ace8686a54167b488364ee79e88d > > Ingress filtering is something completely different and not applicable > to bridged ports that should allow every address to ingress. I actually made a mistake in this patch because there is no need to iterate over the switch port members and generate a HOST_MDB notification for each of them because what we want to target is the CPU port, which DSA internally resolves for us anyway. What we want to tell the switch HW here is basically: you have a multicast application bound to the bridge master device, so please let this MC address go through your CPU/management port. This is effectively egress filtering at the CPU port side. Because the bridge has multicast_snooping=false, the switch ports have been configured to flood MC/IPMC already, but as I wrote, if we do that for the CPU port, then we "break" non-bridge ports. It seems to me that this is exactly the same use case that what Andrew did originally, and drivers that are not pathological like mine can just decide to ignore that notification and flood everything to the CPU port. The end results would be the same from an end user perspective. Do you still think this is too much of a stretch? > > switchdev allows to offload the bridge datapath to capable devices, but > you're abusing to it allow non-bridged ports to perform address > filtering. Completely unrelated. > > Therefore, it seems completely inappropriate to me to use HOST_MDB for > this reason. This applies to patch #10 as well. > > It really sounds like the HW you're working with is not designed to work > in this mixed state where some ports are bridged and some are expected to > act as standalone NICs. That is quite true, the HW that I work with is limited, and does not really play well with mixed port usage, but with the help of the network stack and notifications, we can get very close, or even support it. One thing that I forgot to explain is that the Ethernet MAC connected to its internal bcm_sf2 switch, because it is only used with an integrated switch has been greatly simplified, it does not support any type of filtering and relies on the switch to do that. It effectively operates in promiscuous mode all the time. > > If you're still determined to support this use case, I suggest the > following. In your driver, program the bridge's address list as MDB > entries when the first port is enslaved to it. Then, add a new netdev > event whenever an address is added / removed from this list (in > __dev_set_rx_mode() ?). Have your driver listen to it and program MDB > entries accordingly. > -- Florian