Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp2287994imw;
        Sun, 17 Jul 2022 05:46:09 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1tSB5z0rj9XduzTrJXQ253vzCtK7eDxd5v8J5NOcXfljPN2orpdoEIaXjqlVhvY+KYmFh9t
X-Received: by 2002:a17:907:a40d:b0:72b:7f56:650 with SMTP id sg13-20020a170907a40d00b0072b7f560650mr21723062ejc.132.1658061969031;
        Sun, 17 Jul 2022 05:46:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658061969; cv=none;
        d=google.com; s=arc-20160816;
        b=wjWaGmnkaqQkcVleTzAUIT1jmzaIYIHsltZ3Zp0BbaiFG9JgUJubas/fj2T9fA9tMX
         IgDbqwwhgY7+66Aq/sMfxcwkyey9fFAJS4qbFb/4yQwlCtukHO5CuyBnPf0sYhp8tvmY
         fcOQqsSP2jfP8HYDvsU2rszv9ulbFTCVbIR9AAp5dQvXRMSMcl8ig4F7aCz1DbwEhPo3
         0lVPaHV7E4hWOtU0eaGPZfafd12IcRvkBhF7cZ9znJ5zu6kVPbhKzQOFGuHmr3J3ULio
         3zQga/hMclicHUZap/rLpxrs34HGg92vHZQilCcjMByFnmXLyoqFqCOUbzxkF4gx3WYL
         2S8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:message-id:user-agent
         :references:in-reply-to:subject:cc:to:from:date:mime-version;
        bh=ut68HYLw9ofHFIrDkBXdDj2AcxYT4C71U5/G5QYwFW4=;
        b=ABqkIKCMYrNpgo+J/NDLhn2ig9JSMD2GuUYPFXormIcb9wHM3rgFsN1IbQr1k1D4b+
         LSlEQ3ER4L6P63TAWvg9SkHXLw85XZ51Uyi7q7IVwpCqJ8RO+1vaEoaLi7LjLykTc2H6
         TdNtCyAAMlLLuuDoYATZEcj1p5GBl2mRnihKtz1C/IwDHn23oJdFhCHWY+cFDLHnXPgR
         CeVUIvZKmJ33ZBaHm2i8yLf63T31P8NWJfwAeoqgL1iGjRJRS9v1ddCqOWOhGhFezFqW
         ixLJQql3jLqYQdOj4EKdIo8rBjiZjYhCJaqEp9q8H8b6B9/DIAQ/YhxxbuDyN0yeBlys
         +Q8A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id bs8-20020a056402304800b0043a10e5e81asi10756358edb.66.2022.07.17.05.45.44;
        Sun, 17 Jul 2022 05:46:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232860AbiGQMe2 (ORCPT <rfc822;algowarbles@gmail.com>
        + 99 others); Sun, 17 Jul 2022 08:34:28 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59392 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229487AbiGQMeZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 17 Jul 2022 08:34:25 -0400
Received: from mailout-taastrup.gigahost.dk (mailout-taastrup.gigahost.dk [46.183.139.199])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00E861409A;
        Sun, 17 Jul 2022 05:34:23 -0700 (PDT)
Received: from mailout.gigahost.dk (mailout.gigahost.dk [89.186.169.112])
        by mailout-taastrup.gigahost.dk (Postfix) with ESMTP id B476B1886603;
        Sun, 17 Jul 2022 12:34:22 +0000 (UTC)
Received: from smtp.gigahost.dk (smtp.gigahost.dk [89.186.169.109])
        by mailout.gigahost.dk (Postfix) with ESMTP id A495425032B7;
        Sun, 17 Jul 2022 12:34:22 +0000 (UTC)
Received: by smtp.gigahost.dk (Postfix, from userid 1000)
        id 899B5A1E00AF; Sun, 17 Jul 2022 12:34:22 +0000 (UTC)
X-Screener-Id: 413d8c6ce5bf6eab4824d0abaab02863e8e3f662
MIME-Version: 1.0
Date:   Sun, 17 Jul 2022 14:34:22 +0200
From:   netdev@kapio-technology.com
To:     Vladimir Oltean <olteanv@gmail.com>
Cc:     davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org,
        Andrew Lunn <andrew@lunn.ch>,
        Vivien Didelot <vivien.didelot@gmail.com>,
        Florian Fainelli <f.fainelli@gmail.com>,
        Eric Dumazet <edumazet@google.com>,
        Paolo Abeni <pabeni@redhat.com>, Jiri Pirko <jiri@resnulli.us>,
        Ivan Vecera <ivecera@redhat.com>,
        Roopa Prabhu <roopa@nvidia.com>,
        Nikolay Aleksandrov <razor@blackwall.org>,
        Shuah Khan <shuah@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Ido Schimmel <idosch@nvidia.com>, linux-kernel@vger.kernel.org,
        bridge@lists.linux-foundation.org, linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v4 net-next 5/6] net: dsa: mv88e6xxx: mac-auth/MAB
 implementation
In-Reply-To: <20220717004725.ngix64ou2mz566is@skbuf>
References: <20220707152930.1789437-1-netdev@kapio-technology.com>
 <20220707152930.1789437-6-netdev@kapio-technology.com>
 <20220717004725.ngix64ou2mz566is@skbuf>
User-Agent: Gigahost Webmail
Message-ID: <3918e3d1a8b78dedc14b950ba1eee8d5@kapio-technology.com>
X-Sender: netdev@kapio-technology.com
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,FROM_FMBLA_NEWDOM28,
        RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_NONE autolearn=no
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> 
> In other words, this patch set makes MAB work and breaks everything 
> else.
> I'm willing to investigate exactly what is it that breaks the other
> selftest, but not today. It may be related to the "RTNETLINK answers:
> File exists"
> messages, which themselves come from the commands
> | bridge fdb add 00:01:02:03:04:01 dev lan2 master static
> 
> If I were to randomly guess at almost 4AM in the morning, it has to do 
> with
> "bridge fdb add" rather than the "bridge fdb replace" that's used for
> the MAB selftest. The fact I pointed out a few revisions ago, that MAB
> needs to be opt-in, is now coming back to bite us. Since it's not
> opt-in, the mv88e6xxx driver always creates locked FDB entries, and 
> when
> we try to "bridge fdb add", the kernel says "hey, the FDB entry is
> already there!". Is that it?

Yes, that sounds like a reasonable explanation, as it adds 'ext learned, 
offloaded' entries. If you try and replace the 'add' with 'replace' in 
those tests, does it work?

> 
> As for how to opt into MAB. Hmm. MAB seems to be essentially CPU
> assisted learning, which creates locked FDB entries. I wonder whether 
> we
> should reconsider the position that address learning makes no sense on
> locked ports, and say that "+locked -learning" means no MAB, and
> "+locked +learning" means MAB? This would make a bunch of things more
> natural to handle in the kernel, and would also give us the opt-in we 
> need.

I have done the one and then the other. We need to have some final 
decision on this point. And remember that this gave rise to an extra 
patch to fix link-local learning if learning is turned on on a locked 
port, which resulted in the decision to allways have learning off on 
locked ports.

> 
> 
> 
> Side note, the VTU and ATU member violation printks annoy me so badly.
> They aren't stating something super useful and they're a DoS attack
> vector in itself, even if they're rate limited. I wonder whether we
> could just turn the prints into a set of ethtool counters and call it a 
> day?

Sounds like a good idea to me. :-)