Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp2075962rwa; Mon, 22 Aug 2022 01:23:48 -0700 (PDT) X-Google-Smtp-Source: AA6agR6k4y5IWpanaUBbkSyi5oWwxINmNPnCe0gmKfHCAbxpBQ5I2v3JMjxn8xCYY0qW14/+hBAY X-Received: by 2002:a17:906:8465:b0:73d:60b9:19e3 with SMTP id hx5-20020a170906846500b0073d60b919e3mr6829994ejc.168.1661156627991; Mon, 22 Aug 2022 01:23:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661156627; cv=none; d=google.com; s=arc-20160816; b=KxUtNxmEv9xjA/KMzfncnVREWeYmrXLzezOw858PTPDgpvcozsw+DL2cP1XGX2oaWN DBYltonGMJG17glXWS8xgVsrhsCtBj6XoU8fQXDRxw1CyH6WhawJfxxH0hQwe55Ryory CLgCdazUjtLT4s0PAztE/8AkGRgUMg7wnukiy5VvpDIM8S0eSySRXXIdOs62OED/UonN EKJwipwqvtxtTH3elMeWxciJtM6LIRPovOvRg4lO6HAMzWRDG7n9TTXwJr3wTRV3oJtS k1sXOaFhxWOIGeDlJ5Xzn6sFMbqh0rw2TlbAdfqAk0ja51tko+7VtDCHHsClqub5Ka1T ngBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:message-id:user-agent :references:in-reply-to:subject:cc:to:from:date:mime-version; bh=KTh5RG9i31EpROMHr2hkNPKqvrmkCiezUA55gqS/nI0=; b=XUqbASISqxg/0nS+WYu1iZoeplPFkVYOFaxSvqrsbtGlyUe55o9TXCE/KqJYXeF208 DTW3CCCzv2nGCDJuPYCkJpKdBAmx8O+G7ZvJPFt1kvYdbxKf/i6M9T+79/9oQzGN43SO fMFFVtQtaOyy0komxIujzVwUd9quR4T89jgNe277OeNjXXoBCIL2tgKyuIQxGbvWHfBE +REkSqWLkqWWP1Eo7On2+Ycv+9eh/2catNXbj+s0mo0k/rcNHsW4mTLW3GUBPirclvYr cb/TjDWZtbufvr77RxK4eWLayHiMG+ZOZxl2qAWaTV0RLb5we21ms93IBb83BmL3AH2E tqEg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lk20-20020a170906cb1400b0073cab613403si5806502ejb.215.2022.08.22.01.23.22; Mon, 22 Aug 2022 01:23:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232113AbiHVHtm (ORCPT + 99 others); Mon, 22 Aug 2022 03:49:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233288AbiHVHtj (ORCPT ); Mon, 22 Aug 2022 03:49:39 -0400 Received: from mailout-taastrup.gigahost.dk (mailout-taastrup.gigahost.dk [46.183.139.199]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69D7416586; Mon, 22 Aug 2022 00:49:32 -0700 (PDT) Received: from mailout.gigahost.dk (mailout.gigahost.dk [89.186.169.112]) by mailout-taastrup.gigahost.dk (Postfix) with ESMTP id F28C81884643; Mon, 22 Aug 2022 07:49:28 +0000 (UTC) Received: from smtp.gigahost.dk (smtp.gigahost.dk [89.186.169.109]) by mailout.gigahost.dk (Postfix) with ESMTP id E1D1E25032B7; Mon, 22 Aug 2022 07:49:28 +0000 (UTC) Received: by smtp.gigahost.dk (Postfix, from userid 1000) id BB1D4A1A0048; Mon, 22 Aug 2022 07:49:28 +0000 (UTC) X-Screener-Id: 413d8c6ce5bf6eab4824d0abaab02863e8e3f662 MIME-Version: 1.0 Date: Mon, 22 Aug 2022 09:49:28 +0200 From: netdev@kapio-technology.com To: Ido Schimmel Cc: Vladimir Oltean , davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org, Andrew Lunn , Vivien Didelot , Florian Fainelli , Eric Dumazet , Paolo Abeni , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Shuah Khan , Daniel Borkmann , linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH v4 net-next 3/6] drivers: net: dsa: add locked fdb entry flag to drivers In-Reply-To: References: <5a4cfc6246f621d006af69d4d1f61ed1@kapio-technology.com> <34dd1318a878494e7ab595f8727c7d7d@kapio-technology.com> User-Agent: Gigahost Webmail Message-ID: X-Sender: netdev@kapio-technology.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022-08-22 07:40, Ido Schimmel wrote: > On Sun, Aug 21, 2022 at 03:43:04PM +0200, netdev@kapio-technology.com > wrote: > > I personally think that the mv88e6xxx semantics are very weird (e.g., > no > roaming, traffic blackhole) and I don't want them to determine how the > feature works in the pure software bridge or other hardware > implementations. On the other hand, I understand your constraints and I > don't want to create a situation where user space is unable to > understand how the data path works from the bridge FDB dump with > mv88e6xxx. > > My suggestion is to have mv88e6xxx report the "locked" entry to the > bridge driver with additional flags that describe its behavior in terms > of roaming, ageing and forwarding. > > In terms of roaming, since in mv88e6xxx the entry can't roam you should > report the entry with the "sticky" flag. As I am not familiar with roaming in this context, I need to know how the SW bridge should behave in this case. In this I am assuming that roaming is regarding unauthorized entries. In this case, is the roaming only between locked ports or does the roaming include that the entry can move to a unlocked port, resulting in the locked flag getting removed? > In terms of ageing, since > mv88e6xxx is the one doing the ageing and not the bridge driver, report > the entry with the "extern_learn" flag. Just for the record, I see that entries coming from the driver to the bridge will always have the "extern learn" flag set as can be seen from the SWITCHDEV_FDB_ADD_TO_BRIDGE events handling in br_switchdev_event() in br.c, which I think is the correct behavior. > In terms of forwarding, in > mv88e6xxx the entry discards all matching packets. We can introduce a > new FDB flag that instructs the entry to silently discard all matching > packets. Like we have with blackhole routes and nexthops. Any suggestions to the name of this flag? > > I believe that the above suggestion allows you to fully describe how > these entries work in mv88e6xxx while keeping the bridge driver in sync > with complete visibility towards user space. > > It also frees the pure software implementation from the constraints of > mv88e6xxx, allowing "locked" entries to behave like any other > dynamically learned entries modulo the fact that they cannot "unlock" a > locked port. > > Yes, it does mean that user space will get a bit different behavior > with > mv88e6xxx compared to a pure software solution, but a) It's only the > corner cases that act a bit differently. As a whole, the feature works > largely the same. b) User space has complete visibility to understand > the behavior of the offloaded data path. > >> >> I will change it in iproute2 to: >> bridge link set dev DEV mab on|off > > And s/BR_PORT_MACAUTH/BR_PORT_MAB/ ? Sure, I will do that. :-)