Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1462669rwi; Thu, 20 Oct 2022 12:50:04 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6eUoPewv6wKCeclCM+vgN7NYj8g6Oro0QuxQ0mmfc/MbMwdl5rQqX0SiEjsvHS5/kHhAfx X-Received: by 2002:a17:907:2cf5:b0:78d:5d7a:9cde with SMTP id hz21-20020a1709072cf500b0078d5d7a9cdemr12695735ejc.17.1666295403823; Thu, 20 Oct 2022 12:50:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666295403; cv=none; d=google.com; s=arc-20160816; b=a+Ltjc1YpNJ3rQoXF95kCmxYq5d42SGbRolhM2wn/4UuX9F3NaDJ6535Au0/Ov2D7Z v/abTyJhF/hQ8I38aP0uuNlGzwTUKFudLsxX0zV9gdU3/ll+DHgeEV53HRq9TMCrQvm6 P34pUNMiLx5z4iaaTTRuqbuIP+6kpfj0qzr8BLu1NZQewTrU6R1WD/fSOhj1Rq0aksBy lxIccgJX2hAs2XtEcU08kyvIrabnQ/m48mGBsDu63fDFLlE90RFUthJGDobxkS/5GQHx ERCBW6Ggfj/2i8S34ouo81eqeWHZ83UwWSbj3DibIXEhRnfKemwcmLLE2fhAARcWHTnL q5Sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:message-id:user-agent :references:in-reply-to:subject:cc:to:from:date:mime-version; bh=be6mp2ko4tq5Zov759PuwcaVbz1E4d/t5vyh4VlqUww=; b=VKYTbcut/cmm4J5v8RwEnTdpYkGPc9qdJYwhxyAjd7BYZj2UD5h4beoDHESrqP96V2 yiCWGr4ngfldZd4XgXZGd8wMMLkBrb/G1jwa4oyGEuoUp1OiwBA8ymHDvcO3TU0oFWNk yVeyg6Yya7xs5Xa3idJSWC5GCNGDh1zqEXE19z8cxJxzOsEvKo/MsZYIS7GQsjpne4Dn zaH7UPG/fpa2/FVHhTJ4h0LrN5SBojce0Ms+iVi1gZIdWYUHkZjUwUberLm3Xq7WKHEJ 17qcRskLViTQgFrZ+0CaEf4oCQaMnsfP+Dv0c54GkFGLikhCif9AT3sND+S+apklZsce R2eA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b7-20020a170906038700b00783a0e64f8asi14593934eja.246.2022.10.20.12.49.31; Thu, 20 Oct 2022 12:50:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229747AbiJTThV (ORCPT + 99 others); Thu, 20 Oct 2022 15:37:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229604AbiJTThT (ORCPT ); Thu, 20 Oct 2022 15:37:19 -0400 Received: from mailout-taastrup.gigahost.dk (mailout-taastrup.gigahost.dk [46.183.139.199]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB8E31BF224; Thu, 20 Oct 2022 12:37:18 -0700 (PDT) Received: from mailout.gigahost.dk (mailout.gigahost.dk [89.186.169.112]) by mailout-taastrup.gigahost.dk (Postfix) with ESMTP id 6A2B11884C9D; Thu, 20 Oct 2022 19:37:17 +0000 (UTC) Received: from smtp.gigahost.dk (smtp.gigahost.dk [89.186.169.109]) by mailout.gigahost.dk (Postfix) with ESMTP id 4A5F225001FA; Thu, 20 Oct 2022 19:37:17 +0000 (UTC) Received: by smtp.gigahost.dk (Postfix, from userid 1000) id 4377E9EC0002; Thu, 20 Oct 2022 19:37:17 +0000 (UTC) X-Screener-Id: 413d8c6ce5bf6eab4824d0abaab02863e8e3f662 MIME-Version: 1.0 Date: Thu, 20 Oct 2022 21:37:17 +0200 From: netdev@kapio-technology.com To: Ido Schimmel Cc: davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org, Florian Fainelli , Andrew Lunn , Vivien Didelot , Vladimir Oltean , Eric Dumazet , Paolo Abeni , Kurt Kanzenbach , Hauke Mehrtens , Woojung Huh , UNGLinuxDriver@microchip.com, Sean Wang , Landen Chao , DENG Qingfang , Matthias Brugger , Claudiu Manoil , Alexandre Belloni , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Shuah Khan , Russell King , Christian Marangi , Daniel Borkmann , Yuwei Wang , Petr Machata , Florent Fourcot , Hans Schultz , Joachim Wiberg , Amit Cohen , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, bridge@lists.linux-foundation.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH v8 net-next 01/12] net: bridge: add locked entry fdb flag to extend locked port feature In-Reply-To: References: <20221018165619.134535-1-netdev@kapio-technology.com> <20221018165619.134535-2-netdev@kapio-technology.com> User-Agent: Gigahost Webmail Message-ID: <1c71e62ee5d6c0a7fc54d3e666aca619@kapio-technology.com> X-Sender: netdev@kapio-technology.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022-10-20 14:54, Ido Schimmel wrote: > On Tue, Oct 18, 2022 at 06:56:08PM +0200, Hans J. Schultz wrote: >> Add an intermediate state for clients behind a locked port to allow >> for >> possible opening of the port for said clients. The clients mac address >> will be added with the locked flag set, denying access through the >> port > > The entry itself is not denying the access through the port, but > rather the fact that the port is locked and there is no matching FDB > entry. > >> for the mac address, but also creating a new FDB add event giving >> userspace daemons the ability to unlock the mac address. This feature >> corresponds to the Mac-Auth and MAC Authentication Bypass (MAB) named >> features. The latter defined by Cisco. > > Worth mentioning that the feature is enabled via the 'mab' bridge port > option (BR_PORT_MAB). > >> >> Only the kernel can set this FDB entry flag, while userspace can read >> the flag and remove it by replacing or deleting the FDB entry. >> >> Locked entries will age out with the set bridge ageing time. >> >> Signed-off-by: Hans J. Schultz > > Overall looks OK to me. See one comment below. > > Reviewed-by: Ido Schimmel > > [...] > >> @@ -1178,6 +1192,14 @@ int br_fdb_add(struct ndmsg *ndm, struct nlattr >> *tb[], >> vg = nbp_vlan_group(p); >> } >> >> + if (tb[NDA_FLAGS_EXT]) >> + ext_flags = nla_get_u32(tb[NDA_FLAGS_EXT]); >> + >> + if (ext_flags & NTF_EXT_LOCKED) { >> + pr_info("bridge: RTM_NEWNEIGH has invalid extended flags\n"); > > I understand this function makes use of pr_info(), but it already gets > extack and it's a matter of time until the pr_info() instances will be > converted to extack. I would just use extack here like you are doing in > the next patch. > > Also, I find this message more helpful: > > "Cannot add FDB entry with \"locked\" flag set" > Okay, since Jakub says that this patch set must be resent, the question remains to me if I shall make these changes and resend the patch set as v8?