[net-next,00/15] mlxsw: Add 802.1X and MAB offload support

Message ID	cover.1667902754.git.petrm@nvidia.com (mailing list archive)
Headers	show Return-Path: <netdev-owner@kernel.org> Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C From: Petr Machata <petrm@nvidia.com> To: "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Ivan Vecera <ivecera@redhat.com>, <netdev@vger.kernel.org> CC: Nikolay Aleksandrov <razor@blackwall.org>, Roopa Prabhu <roopa@nvidia.com>, Jiri Pirko <jiri@nvidia.com>, Petr Machata <petrm@nvidia.com>, <bridge@lists.linux-foundation.org>, Ido Schimmel <idosch@nvidia.com>, "Hans J . Schultz" <netdev@kapio-technology.com>, <mlxsw@nvidia.com> Subject: [PATCH net-next 00/15] mlxsw: Add 802.1X and MAB offload support Date: Tue, 8 Nov 2022 11:47:06 +0100 Message-ID: <cover.1667902754.git.petrm@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk
Series	mlxsw: Add 802.1X and MAB offload support \| expand [net-next,00/15] mlxsw: Add 802.1X and MAB offload support [net-next,01/15] bridge: switchdev: Let device drivers determine FDB offload indication [net-next,02/15] bridge: switchdev: Allow device drivers to install locked FDB entries [net-next,03/15] bridge: switchdev: Reflect MAB bridge port flag to device drivers [net-next,04/15] devlink: Add packet traps for 802.1X operation [net-next,05/15] mlxsw: spectrum_trap: Register 802.1X packet traps with devlink [net-next,06/15] mlxsw: reg: Add Switch Port FDB Security Register [net-next,07/15] mlxsw: spectrum: Add an API to configure security checks [net-next,08/15] mlxsw: spectrum_switchdev: Prepare for locked FDB notifications [net-next,09/15] mlxsw: spectrum_switchdev: Add support for locked FDB notifications [net-next,10/15] mlxsw: spectrum_switchdev: Use extack in bridge port flag validation [net-next,11/15] mlxsw: spectrum_switchdev: Add locked bridge port support [net-next,12/15] selftests: devlink_lib: Split out helper [net-next,13/15] selftests: mlxsw: Add a test for EAPOL trap [net-next,14/15] selftests: mlxsw: Add a test for locked port trap [net-next,15/15] selftests: mlxsw: Add a test for invalid locked bridge port configurations

Message ID

cover.1667902754.git.petrm@nvidia.com (mailing list archive)

Headers

Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.160 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C
From: Petr Machata <petrm@nvidia.com>
To: "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>,
        Ivan Vecera <ivecera@redhat.com>, <netdev@vger.kernel.org>
CC: Nikolay Aleksandrov <razor@blackwall.org>,
        Roopa Prabhu <roopa@nvidia.com>, Jiri Pirko <jiri@nvidia.com>,
        Petr Machata <petrm@nvidia.com>,
        <bridge@lists.linux-foundation.org>,
        Ido Schimmel <idosch@nvidia.com>,
        "Hans J . Schultz" <netdev@kapio-technology.com>,
        <mlxsw@nvidia.com>
Subject: [PATCH net-next 00/15] mlxsw: Add 802.1X and MAB offload support
Date: Tue, 8 Nov 2022 11:47:06 +0100
Message-ID: <cover.1667902754.git.petrm@nvidia.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Nov 2022 10:47:47.7630
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b7cd1379-0c74-4244-50b1-08dac176ad01
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT092.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7021
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org
X-Patchwork-Delegate: kuba@kernel.org

Series

mlxsw: Add 802.1X and MAB offload support | expand

Message

Petr Machata Nov. 8, 2022, 10:47 a.m. UTC

Ido Schimmel <idosch@nvidia.com> writes:

This patchset adds 802.1X [1] and MAB [2] offload support in mlxsw.

Patches #1-#3 add the required switchdev interfaces.

Patches #4-#5 add the required packet traps for 802.1X.

Patches #6-#10 are small preparations in mlxsw.

Patch #11 adds locked bridge port support in mlxsw.

Patches #12-#15 add mlxsw selftests. The patchset was also tested with
the generic forwarding selftest ('bridge_locked_port.sh').

[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a21d9a670d81103db7f788de1a4a4a6e4b891a0b
[2] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a35ec8e38cdd1766f29924ca391a01de20163931

Hans J. Schultz (1):
  bridge: switchdev: Allow device drivers to install locked FDB entries

Ido Schimmel (14):
  bridge: switchdev: Let device drivers determine FDB offload indication
  bridge: switchdev: Reflect MAB bridge port flag to device drivers
  devlink: Add packet traps for 802.1X operation
  mlxsw: spectrum_trap: Register 802.1X packet traps with devlink
  mlxsw: reg: Add Switch Port FDB Security Register
  mlxsw: spectrum: Add an API to configure security checks
  mlxsw: spectrum_switchdev: Prepare for locked FDB notifications
  mlxsw: spectrum_switchdev: Add support for locked FDB notifications
  mlxsw: spectrum_switchdev: Use extack in bridge port flag validation
  mlxsw: spectrum_switchdev: Add locked bridge port support
  selftests: devlink_lib: Split out helper
  selftests: mlxsw: Add a test for EAPOL trap
  selftests: mlxsw: Add a test for locked port trap
  selftests: mlxsw: Add a test for invalid locked bridge port
    configurations

 .../networking/devlink/devlink-trap.rst       |  13 +++
 drivers/net/ethernet/mellanox/mlxsw/reg.h     |  35 ++++++
 .../net/ethernet/mellanox/mlxsw/spectrum.c    |  22 ++++
 .../net/ethernet/mellanox/mlxsw/spectrum.h    |   5 +-
 .../mellanox/mlxsw/spectrum_switchdev.c       |  64 +++++++++--
 .../ethernet/mellanox/mlxsw/spectrum_trap.c   |  25 +++++
 drivers/net/ethernet/mellanox/mlxsw/trap.h    |   2 +
 include/net/devlink.h                         |   9 ++
 include/net/switchdev.h                       |   1 +
 net/bridge/br.c                               |   5 +-
 net/bridge/br_fdb.c                           |  22 +++-
 net/bridge/br_private.h                       |   2 +-
 net/bridge/br_switchdev.c                     |   6 +-
 net/core/devlink.c                            |   3 +
 .../drivers/net/mlxsw/devlink_trap_control.sh |  22 ++++
 .../net/mlxsw/devlink_trap_l2_drops.sh        | 105 ++++++++++++++++++
 .../selftests/drivers/net/mlxsw/rtnetlink.sh  |  31 ++++++
 .../selftests/net/forwarding/devlink_lib.sh   |  19 ++--
 18 files changed, 366 insertions(+), 25 deletions(-)

Comments

Ido Schimmel Nov. 8, 2022, 10:59 a.m. UTC | #1

+ Vladimir

You weren't copied on the patches by mistake. They are available here:
https://lore.kernel.org/netdev/cover.1667902754.git.petrm@nvidia.com/

On Tue, Nov 08, 2022 at 11:47:06AM +0100, Petr Machata wrote:
> Ido Schimmel <idosch@nvidia.com> writes:
> 
> This patchset adds 802.1X [1] and MAB [2] offload support in mlxsw.
> 
> Patches #1-#3 add the required switchdev interfaces.
> 
> Patches #4-#5 add the required packet traps for 802.1X.
> 
> Patches #6-#10 are small preparations in mlxsw.
> 
> Patch #11 adds locked bridge port support in mlxsw.
> 
> Patches #12-#15 add mlxsw selftests. The patchset was also tested with
> the generic forwarding selftest ('bridge_locked_port.sh').
> 
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a21d9a670d81103db7f788de1a4a4a6e4b891a0b
> [2] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a35ec8e38cdd1766f29924ca391a01de20163931
> 
> Hans J. Schultz (1):
>   bridge: switchdev: Allow device drivers to install locked FDB entries
> 
> Ido Schimmel (14):
>   bridge: switchdev: Let device drivers determine FDB offload indication
>   bridge: switchdev: Reflect MAB bridge port flag to device drivers
>   devlink: Add packet traps for 802.1X operation
>   mlxsw: spectrum_trap: Register 802.1X packet traps with devlink
>   mlxsw: reg: Add Switch Port FDB Security Register
>   mlxsw: spectrum: Add an API to configure security checks
>   mlxsw: spectrum_switchdev: Prepare for locked FDB notifications
>   mlxsw: spectrum_switchdev: Add support for locked FDB notifications
>   mlxsw: spectrum_switchdev: Use extack in bridge port flag validation
>   mlxsw: spectrum_switchdev: Add locked bridge port support
>   selftests: devlink_lib: Split out helper
>   selftests: mlxsw: Add a test for EAPOL trap
>   selftests: mlxsw: Add a test for locked port trap
>   selftests: mlxsw: Add a test for invalid locked bridge port
>     configurations
> 
>  .../networking/devlink/devlink-trap.rst       |  13 +++
>  drivers/net/ethernet/mellanox/mlxsw/reg.h     |  35 ++++++
>  .../net/ethernet/mellanox/mlxsw/spectrum.c    |  22 ++++
>  .../net/ethernet/mellanox/mlxsw/spectrum.h    |   5 +-
>  .../mellanox/mlxsw/spectrum_switchdev.c       |  64 +++++++++--
>  .../ethernet/mellanox/mlxsw/spectrum_trap.c   |  25 +++++
>  drivers/net/ethernet/mellanox/mlxsw/trap.h    |   2 +
>  include/net/devlink.h                         |   9 ++
>  include/net/switchdev.h                       |   1 +
>  net/bridge/br.c                               |   5 +-
>  net/bridge/br_fdb.c                           |  22 +++-
>  net/bridge/br_private.h                       |   2 +-
>  net/bridge/br_switchdev.c                     |   6 +-
>  net/core/devlink.c                            |   3 +
>  .../drivers/net/mlxsw/devlink_trap_control.sh |  22 ++++
>  .../net/mlxsw/devlink_trap_l2_drops.sh        | 105 ++++++++++++++++++
>  .../selftests/drivers/net/mlxsw/rtnetlink.sh  |  31 ++++++
>  .../selftests/net/forwarding/devlink_lib.sh   |  19 ++--
>  18 files changed, 366 insertions(+), 25 deletions(-)
> 
> -- 
> 2.35.3
>

Vladimir Oltean Nov. 8, 2022, 3:31 p.m. UTC | #2

On Tue, Nov 08, 2022 at 12:59:00PM +0200, Ido Schimmel wrote:
> + Vladimir
> 
> You weren't copied on the patches by mistake. They are available here:
> https://lore.kernel.org/netdev/cover.1667902754.git.petrm@nvidia.com/

Thanks for copying me. The patches look great to my eyes. I didn't go
into details into the mlxsw details, just because I really have no clue
there.

patchwork-bot+netdevbpf@kernel.org Nov. 10, 2022, 3:30 a.m. UTC | #3

Hello:

This series was applied to netdev/net-next.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Tue, 8 Nov 2022 11:47:06 +0100 you wrote:
> Ido Schimmel <idosch@nvidia.com> writes:
> 
> This patchset adds 802.1X [1] and MAB [2] offload support in mlxsw.
> 
> Patches #1-#3 add the required switchdev interfaces.
> 
> Patches #4-#5 add the required packet traps for 802.1X.
> 
> [...]

Here is the summary with links:
  - [net-next,01/15] bridge: switchdev: Let device drivers determine FDB offload indication
    https://git.kernel.org/netdev/net-next/c/9baedc3c8780
  - [net-next,02/15] bridge: switchdev: Allow device drivers to install locked FDB entries
    https://git.kernel.org/netdev/net-next/c/27fabd02abf3
  - [net-next,03/15] bridge: switchdev: Reflect MAB bridge port flag to device drivers
    https://git.kernel.org/netdev/net-next/c/9c0ca02bace4
  - [net-next,04/15] devlink: Add packet traps for 802.1X operation
    https://git.kernel.org/netdev/net-next/c/2640a82bbc08
  - [net-next,05/15] mlxsw: spectrum_trap: Register 802.1X packet traps with devlink
    https://git.kernel.org/netdev/net-next/c/d85be0f5fd7c
  - [net-next,06/15] mlxsw: reg: Add Switch Port FDB Security Register
    https://git.kernel.org/netdev/net-next/c/0b31fb9ba2b5
  - [net-next,07/15] mlxsw: spectrum: Add an API to configure security checks
    https://git.kernel.org/netdev/net-next/c/dc0d1a8b7f84
  - [net-next,08/15] mlxsw: spectrum_switchdev: Prepare for locked FDB notifications
    https://git.kernel.org/netdev/net-next/c/b72cb660b26b
  - [net-next,09/15] mlxsw: spectrum_switchdev: Add support for locked FDB notifications
    https://git.kernel.org/netdev/net-next/c/5a660e43f8b9
  - [net-next,10/15] mlxsw: spectrum_switchdev: Use extack in bridge port flag validation
    https://git.kernel.org/netdev/net-next/c/136b8dfbd784
  - [net-next,11/15] mlxsw: spectrum_switchdev: Add locked bridge port support
    https://git.kernel.org/netdev/net-next/c/25ed80884ce1
  - [net-next,12/15] selftests: devlink_lib: Split out helper
    https://git.kernel.org/netdev/net-next/c/da23a713d1de
  - [net-next,13/15] selftests: mlxsw: Add a test for EAPOL trap
    https://git.kernel.org/netdev/net-next/c/25a26f0c2015
  - [net-next,14/15] selftests: mlxsw: Add a test for locked port trap
    https://git.kernel.org/netdev/net-next/c/fb398432db2f
  - [net-next,15/15] selftests: mlxsw: Add a test for invalid locked bridge port configurations
    https://git.kernel.org/netdev/net-next/c/cdbde7edf0e5

You are awesome, thank you!