From patchwork Mon Feb 7 10:07:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12737124 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81C8CC4167D for ; Mon, 7 Feb 2022 10:16:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358443AbiBGKNQ (ORCPT ); Mon, 7 Feb 2022 05:13:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244812AbiBGKID (ORCPT ); Mon, 7 Feb 2022 05:08:03 -0500 Received: from mail-lf1-x142.google.com (mail-lf1-x142.google.com [IPv6:2a00:1450:4864:20::142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD346C043181; Mon, 7 Feb 2022 02:07:59 -0800 (PST) Received: by mail-lf1-x142.google.com with SMTP id z4so10969183lfg.5; Mon, 07 Feb 2022 02:07:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=s++xxEelxsZ96vWiXAkrcjA/Kre1u9zvFXmIkOf3sGQ=; b=bvitSBRqSqrBVCm+TVFEghF7x4ikexf4Ns5xU9Gbh0VQG50YQKQOg48QXV7qkETVkT QaHK2foMEINydByK092MWAMBhApnT7CMu0uqqYt+OzS0rIWt4RgQaf1V6oc9M+9QJ2g3 S7J04milc5GDbjJ6BLvctmUxlZeHYRliTcTw6Iy8gNej9LDf6BFWsf+JfXouW16faWxV q8n2ZTqaBJp79Y3U9URNOG/IEMtgQ5B4umxOxph2Q+9y+H5bnhKzI7DOB7RmqbMMVv6e wbCZnGvOGFrzRqwqe/x2Xjrpyz3VtW8bPRoL2QVKWqbXOMWz+nczDKAI3VkPNkK/ZLBL XT1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=s++xxEelxsZ96vWiXAkrcjA/Kre1u9zvFXmIkOf3sGQ=; b=b4oTLYSbdz73oM87DrdmqAvMHgdJ6iAZlYMH6MzlTInuTqvNaFgck4LPfy8JvaXAav bURJ68LgGaZys7FcwmHF3FgMBuYNRaRgV5YWSwRw8LtGpbiCu1+0Dg8akxOowD3sGxiz F60P/oJC0vc/ON1k9dmr6YbSeaKmclQaHVs0JR8SwH7ApKc43cOd2Q3vBjY+QF86tXji ixNSC+J6F2VWktF/570C/fjTnqvhYFZgD5nCvDPMcyeuaOla66yNLZzsACcdRMuKhnBt iFm9I9VNFhudR8E6bb9JXnI9ihsstheughLIpUJ+ONH1TqzFwowb9Zj2QCTIORopbfUW xl7A== X-Gm-Message-State: AOAM530yGLKWmh6AU2egGtQyWKlB54tEH+fsY+gFAixenBElzaFMJQKF AAoaByq9qKGndIbxDu3cLqNuW2v8O2OGu4B9c4iUnf4i X-Google-Smtp-Source: ABdhPJxmhYxGprg6OKShlXm3OBpPBq+UjCiF0rTveHomETUwxt2lHsg1nCHxThAzJO6YYpyHf0ItLQ== X-Received: by 2002:a05:6512:10c4:: with SMTP id k4mr7936429lfg.63.1644228478238; Mon, 07 Feb 2022 02:07:58 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id k12sm1546034ljh.45.2022.02.07.02.07.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Feb 2022 02:07:57 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Roopa Prabhu , Nikolay Aleksandrov , linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org Subject: [PATCH net-next 1/4] net: bridge: Add support for bridge port in locked mode Date: Mon, 7 Feb 2022 11:07:39 +0100 Message-Id: <20220207100742.15087-2-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220207100742.15087-1-schultz.hans+netdev@gmail.com> References: <20220207100742.15087-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org In a 802.1X scenario, clients connected to a bridge port shall not be allowed to have traffic forwarded until fully authenticated. A static fdb entry of the clients MAC address for the bridge port unlocks the client and allows bidirectional communication. This scenario is facilitated with setting the bridge port in locked mode, which is also supported by various switchcore chipsets. Signed-off-by: Hans Schultz --- include/linux/if_bridge.h | 1 + include/uapi/linux/if_link.h | 1 + net/bridge/br_input.c | 10 +++++++++- net/bridge/br_netlink.c | 6 +++++- 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h index 509e18c7e740..3aae023a9353 100644 --- a/include/linux/if_bridge.h +++ b/include/linux/if_bridge.h @@ -58,6 +58,7 @@ struct br_ip_list { #define BR_MRP_LOST_CONT BIT(18) #define BR_MRP_LOST_IN_CONT BIT(19) #define BR_TX_FWD_OFFLOAD BIT(20) +#define BR_PORT_LOCKED BIT(21) #define BR_DEFAULT_AGEING_TIME (300 * HZ) diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 6218f93f5c1a..8fa2648fbc83 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -532,6 +532,7 @@ enum { IFLA_BRPORT_GROUP_FWD_MASK, IFLA_BRPORT_NEIGH_SUPPRESS, IFLA_BRPORT_ISOLATED, + IFLA_BRPORT_LOCKED, IFLA_BRPORT_BACKUP_PORT, IFLA_BRPORT_MRP_RING_OPEN, IFLA_BRPORT_MRP_IN_OPEN, diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index b50382f957c1..469e3adbce07 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -69,6 +69,7 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb struct net_bridge_port *p = br_port_get_rcu(skb->dev); enum br_pkt_type pkt_type = BR_PKT_UNICAST; struct net_bridge_fdb_entry *dst = NULL; + struct net_bridge_fdb_entry *fdb_entry; struct net_bridge_mcast_port *pmctx; struct net_bridge_mdb_entry *mdst; bool local_rcv, mcast_hit = false; @@ -81,6 +82,8 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb if (!p || p->state == BR_STATE_DISABLED) goto drop; + br = p->br; + brmctx = &p->br->multicast_ctx; pmctx = &p->multicast_ctx; state = p->state; @@ -88,10 +91,15 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb &state, &vlan)) goto out; + if (p->flags & BR_PORT_LOCKED) { + fdb_entry = br_fdb_find_rcu(br, eth_hdr(skb)->h_source, vid); + if (!(fdb_entry && fdb_entry->dst == p)) + goto drop; + } + nbp_switchdev_frame_mark(p, skb); /* insert into forwarding database after filtering to avoid spoofing */ - br = p->br; if (p->flags & BR_LEARNING) br_fdb_update(br, p, eth_hdr(skb)->h_source, vid, 0); diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 2ff83d84230d..7d4432ca9a20 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -184,6 +184,7 @@ static inline size_t br_port_info_size(void) + nla_total_size(1) /* IFLA_BRPORT_VLAN_TUNNEL */ + nla_total_size(1) /* IFLA_BRPORT_NEIGH_SUPPRESS */ + nla_total_size(1) /* IFLA_BRPORT_ISOLATED */ + + nla_total_size(1) /* IFLA_BRPORT_LOCKED */ + nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_ROOT_ID */ + nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_BRIDGE_ID */ + nla_total_size(sizeof(u16)) /* IFLA_BRPORT_DESIGNATED_PORT */ @@ -269,7 +270,8 @@ static int br_port_fill_attrs(struct sk_buff *skb, BR_MRP_LOST_CONT)) || nla_put_u8(skb, IFLA_BRPORT_MRP_IN_OPEN, !!(p->flags & BR_MRP_LOST_IN_CONT)) || - nla_put_u8(skb, IFLA_BRPORT_ISOLATED, !!(p->flags & BR_ISOLATED))) + nla_put_u8(skb, IFLA_BRPORT_ISOLATED, !!(p->flags & BR_ISOLATED)) || + nla_put_u8(skb, IFLA_BRPORT_LOCKED, !!(p->flags & BR_PORT_LOCKED))) return -EMSGSIZE; timerval = br_timer_value(&p->message_age_timer); @@ -827,6 +829,7 @@ static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = { [IFLA_BRPORT_GROUP_FWD_MASK] = { .type = NLA_U16 }, [IFLA_BRPORT_NEIGH_SUPPRESS] = { .type = NLA_U8 }, [IFLA_BRPORT_ISOLATED] = { .type = NLA_U8 }, + [IFLA_BRPORT_LOCKED] = { .type = NLA_U8 }, [IFLA_BRPORT_BACKUP_PORT] = { .type = NLA_U32 }, [IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT] = { .type = NLA_U32 }, }; @@ -893,6 +896,7 @@ static int br_setport(struct net_bridge_port *p, struct nlattr *tb[], br_set_port_flag(p, tb, IFLA_BRPORT_VLAN_TUNNEL, BR_VLAN_TUNNEL); br_set_port_flag(p, tb, IFLA_BRPORT_NEIGH_SUPPRESS, BR_NEIGH_SUPPRESS); br_set_port_flag(p, tb, IFLA_BRPORT_ISOLATED, BR_ISOLATED); + br_set_port_flag(p, tb, IFLA_BRPORT_LOCKED, BR_PORT_LOCKED); changed_mask = old_flags ^ p->flags; From patchwork Mon Feb 7 10:07:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12737120 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C5BDC43219 for ; Mon, 7 Feb 2022 10:16:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358319AbiBGKNO (ORCPT ); Mon, 7 Feb 2022 05:13:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244822AbiBGKIE (ORCPT ); Mon, 7 Feb 2022 05:08:04 -0500 Received: from mail-lf1-x143.google.com (mail-lf1-x143.google.com [IPv6:2a00:1450:4864:20::143]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 68F56C043188; Mon, 7 Feb 2022 02:08:03 -0800 (PST) Received: by mail-lf1-x143.google.com with SMTP id o2so338270lfd.1; Mon, 07 Feb 2022 02:08:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=5ZYkPwg18yvgYmxef6AHb9YRCv03BOZBd8uaes0yfmU=; b=BImELJqolH8kWQxr9XGv4T5MGYJ1xxUA9DFudLwNIJp/qFidf+f+k0qqn2rvcKldrS dsJBlpE3U7TU5ERAm9ZLuAaiB+2Zt5l3FmFdpTUF+RrO6kj4uyoMu3AIj889D72f6lgd 78Aoo6eeRYZTWfmpsIUU96YRFb00rHhtvwmMk21z5s7RRD5BpGhuhKe/Nm+UHQsl0Swo q/tJNPLf3GQaKWeneh2a8BHH/bwZGyeOvWn1Z+IOULCtPsW4I9fnsei/4qRgid8p0mf9 2KlViLmsHZC5Y4z3tPJykwJWxgP7YBlMD9yribUP7tCj4hwq6tNv3MNQGxzbjSGlmfBX U3qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=5ZYkPwg18yvgYmxef6AHb9YRCv03BOZBd8uaes0yfmU=; b=6rvtJNIra8OsflPuxPMaFp5cEth0ThAmv+vGVlvlLRGKMO5KywnbtLrYOmqai+V5JB o/P4mu6h3lWQrhrQ+Cs7uRhpI4u5nio89XO3qV9znpai82d3+3N7rPHYXDhFJIt6gnCH 9nRhoXERYlURsjYEa+VWucN8eSTW9O7iuNmiZN8P/zXWsjG4eq4svBOwKMZCF+x2+YTW lvktE56N77y6CjfgN6rKB8nZcEnLsZDTXF+fR17ozXdQQjaxB6n0BylXLP3qCsR5EtVF 3qyP3xhRqdvoEPCtOcswfpms6S0zT7B6l7wRvcIA4Hi1xYOIokyApzMz3sqQAfbQGv/c NsNQ== X-Gm-Message-State: AOAM5317LEQDFQI3S9zjTnAlxFktMCX6l2Rr44ZMZ8bi5v9Pz588pPZd lKW8Z5uMAnevKXasJJwwSaORjko3WWqN/2DOMXXaCVBf X-Google-Smtp-Source: ABdhPJzsUrKR8lnToa/dHKe+tICvmhMzOl6mok7Lb4Lbwj0Qa6EnKIiBBtXDKSGm5cijBHo/AdALIA== X-Received: by 2002:ac2:5201:: with SMTP id a1mr7540563lfl.146.1644228481827; Mon, 07 Feb 2022 02:08:01 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id k12sm1546034ljh.45.2022.02.07.02.08.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Feb 2022 02:08:01 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Roopa Prabhu , Nikolay Aleksandrov , Andrew Lunn , Vivien Didelot , Florian Fainelli , Vladimir Oltean , bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: [PATCH net-next 2/4] net: bridge: dsa: Add support for offloading of locked port flag Date: Mon, 7 Feb 2022 11:07:40 +0100 Message-Id: <20220207100742.15087-3-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220207100742.15087-1-schultz.hans+netdev@gmail.com> References: <20220207100742.15087-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Various switchcores support setting ports in locked mode, so that clients behind locked ports cannot send traffic through the port unless a fdb entry is added with the clients MAC address. Among the switchcores that support this feature is the Marvell mv88e6xxx family. Signed-off-by: Hans Schultz --- net/bridge/br_switchdev.c | 2 +- net/dsa/port.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index f8fbaaa7c501..bf549fc22556 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -72,7 +72,7 @@ bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p, /* Flags that can be offloaded to hardware */ #define BR_PORT_FLAGS_HW_OFFLOAD (BR_LEARNING | BR_FLOOD | \ - BR_MCAST_FLOOD | BR_BCAST_FLOOD) + BR_MCAST_FLOOD | BR_BCAST_FLOOD | BR_PORT_LOCKED) int br_switchdev_set_port_flag(struct net_bridge_port *p, unsigned long flags, diff --git a/net/dsa/port.c b/net/dsa/port.c index bd78192e0e47..01ed22ed74a1 100644 --- a/net/dsa/port.c +++ b/net/dsa/port.c @@ -176,7 +176,7 @@ static int dsa_port_inherit_brport_flags(struct dsa_port *dp, struct netlink_ext_ack *extack) { const unsigned long mask = BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | - BR_BCAST_FLOOD; + BR_BCAST_FLOOD | BR_PORT_LOCKED; struct net_device *brport_dev = dsa_port_to_bridge_port(dp); int flag, err; @@ -200,7 +200,7 @@ static void dsa_port_clear_brport_flags(struct dsa_port *dp) { const unsigned long val = BR_FLOOD | BR_MCAST_FLOOD | BR_BCAST_FLOOD; const unsigned long mask = BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | - BR_BCAST_FLOOD; + BR_BCAST_FLOOD | BR_PORT_LOCKED; int flag, err; for_each_set_bit(flag, &mask, 32) { From patchwork Mon Feb 7 10:07:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12737121 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13BF1C433FE for ; Mon, 7 Feb 2022 10:16:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241889AbiBGKNN (ORCPT ); Mon, 7 Feb 2022 05:13:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45782 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244994AbiBGKIH (ORCPT ); Mon, 7 Feb 2022 05:08:07 -0500 Received: from mail-lf1-x143.google.com (mail-lf1-x143.google.com [IPv6:2a00:1450:4864:20::143]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29032C043181; Mon, 7 Feb 2022 02:08:06 -0800 (PST) Received: by mail-lf1-x143.google.com with SMTP id x23so25894360lfc.0; Mon, 07 Feb 2022 02:08:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=cEAT+Hy10Io/v/6MX2mvQJLKyjX37zLdKJy2cGs9ssg=; b=VyAN6wJkNW7abvMrzl7SF3wzE97exy5eu7WmTzSN/TOxB5I/EWFzIYd7yfLAUu21Xu BYgDBMggIiQ1lmLxYy0ZdfIkXc58GNd+CKyEvB7BCXkEWoQeRyxPI/jpCUcwMOow3JNB gxoWkImounf5/SN0rcQHZBn0tri5gozybXcsJwayWGf3AtiY5c8bzX0YhjGn7e+TIdLE tAhkQEEGaI0NmkuNjZarowcREP1UowuHaFpfBXbGCaAGxoML6WxJ4X5YIz2xz8vXBzX2 wE/3+A63YSnzIROSRsFCuaynNLRM1RQhhYSfaBL3UEfbaqtnJwvTNuz9+TqCLxfQyBrA XBDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=cEAT+Hy10Io/v/6MX2mvQJLKyjX37zLdKJy2cGs9ssg=; b=XjcxSrgGp/YoCtjwqJpX90eb8+K91D+zk3GIPaeMMJ+PdErEzux4hkxufCuaUoL/MS abMPgxMyD7fLrQJtK3OVHl6jRjCoQTShVI6qjo+7dYCW8O3cqGss3ViAGxxralOB3rl2 7VP5alX3Tcjb+xtb2UlmAl6te2D1k5Da203h2rRlcD5wOKxcZJysRIU0JpdAdKK1F3zW AiUebcPBVl6XeV+Sxzfz92rYfziOFEPRJByQ/W/hLVEOQZRXMLifRyTRkOKLAo/L4F/F W4lR19ZzroZsGPegyyKM//3YUl1IpNUBaV3eqcasEq/w4QuNZrdIEFIIerx2N4jZzlfi cOYw== X-Gm-Message-State: AOAM53376lCRxt+jvcqFBSjmXCI7FM3DTovIkUeXkM6j+4v5baJtsGX9 el4yHhZ3bZLSTELjyTYNU60= X-Google-Smtp-Source: ABdhPJyQW07MI6sMuY6Nkop9ESztUBKa8lVcQLLrm1lvEue2qyLWdRiRnAgkjYWXinKAN2kFkAibTw== X-Received: by 2002:ac2:54b7:: with SMTP id w23mr7704396lfk.6.1644228484590; Mon, 07 Feb 2022 02:08:04 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id k12sm1546034ljh.45.2022.02.07.02.08.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Feb 2022 02:08:04 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Andrew Lunn , Vivien Didelot , Florian Fainelli , Vladimir Oltean , linux-kernel@vger.kernel.org Subject: [PATCH net-next 3/4] net: dsa: mv88e6xxx: Add support for bridge port locked feature Date: Mon, 7 Feb 2022 11:07:41 +0100 Message-Id: <20220207100742.15087-4-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220207100742.15087-1-schultz.hans+netdev@gmail.com> References: <20220207100742.15087-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Supporting bridge port locked mode using the 802.1X mode in Marvell mv88e6xxx switchcores is described in the '88E6096/88E6097/88E6097F Datasheet', sections 4.4.6, 4.4.7 and 5.1.2.1 (Drop on Lock). This feature is implemented here facilitated by the locked port flag. Signed-off-by: Hans Schultz --- drivers/net/dsa/mv88e6xxx/chip.c | 9 ++++++++- drivers/net/dsa/mv88e6xxx/port.c | 33 ++++++++++++++++++++++++++++++++ drivers/net/dsa/mv88e6xxx/port.h | 3 +++ 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 58ca684d73f7..eed3713b97ae 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5881,7 +5881,7 @@ static int mv88e6xxx_port_pre_bridge_flags(struct dsa_switch *ds, int port, const struct mv88e6xxx_ops *ops; if (flags.mask & ~(BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | - BR_BCAST_FLOOD)) + BR_BCAST_FLOOD | BR_PORT_LOCKED)) return -EINVAL; ops = chip->info->ops; @@ -5939,6 +5939,13 @@ static int mv88e6xxx_port_bridge_flags(struct dsa_switch *ds, int port, goto out; } + if (flags.mask & BR_PORT_LOCKED) { + bool locked = !!(flags.val & BR_PORT_LOCKED); + + err = mv88e6xxx_port_set_lock(chip, port, locked); + if (err) + goto out; + } out: mv88e6xxx_reg_unlock(chip); diff --git a/drivers/net/dsa/mv88e6xxx/port.c b/drivers/net/dsa/mv88e6xxx/port.c index ab41619a809b..2279936429f9 100644 --- a/drivers/net/dsa/mv88e6xxx/port.c +++ b/drivers/net/dsa/mv88e6xxx/port.c @@ -1234,6 +1234,39 @@ int mv88e6xxx_port_set_mirror(struct mv88e6xxx_chip *chip, int port, return err; } +int mv88e6xxx_port_set_lock(struct mv88e6xxx_chip *chip, int port, + bool locked) +{ + u16 reg; + int err; + + err = mv88e6xxx_port_read(chip, port, MV88E6XXX_PORT_CTL0, ®); + if (err) + return err; + + reg &= ~MV88E6XXX_PORT_CTL0_DROP_ON_LOCK; + if (locked) + reg |= MV88E6XXX_PORT_CTL0_DROP_ON_LOCK; + + err = mv88e6xxx_port_write(chip, port, MV88E6XXX_PORT_CTL0, reg); + if (err) + return err; + + err = mv88e6xxx_port_read(chip, port, MV88E6XXX_PORT_ASSOC_VECTOR, ®); + if (err) + return err; + + reg &= ~MV88E6XXX_PORT_ASSOC_VECTOR_LOCKED_PORT; + if (locked) + reg |= MV88E6XXX_PORT_ASSOC_VECTOR_LOCKED_PORT; + + err = mv88e6xxx_port_write(chip, port, MV88E6XXX_PORT_ASSOC_VECTOR, reg); + if (err) + return err; + + return 0; +} + int mv88e6xxx_port_set_8021q_mode(struct mv88e6xxx_chip *chip, int port, u16 mode) { diff --git a/drivers/net/dsa/mv88e6xxx/port.h b/drivers/net/dsa/mv88e6xxx/port.h index 03382b66f800..655d942ac657 100644 --- a/drivers/net/dsa/mv88e6xxx/port.h +++ b/drivers/net/dsa/mv88e6xxx/port.h @@ -365,6 +365,9 @@ int mv88e6xxx_port_set_fid(struct mv88e6xxx_chip *chip, int port, u16 fid); int mv88e6xxx_port_get_pvid(struct mv88e6xxx_chip *chip, int port, u16 *pvid); int mv88e6xxx_port_set_pvid(struct mv88e6xxx_chip *chip, int port, u16 pvid); +int mv88e6xxx_port_set_lock(struct mv88e6xxx_chip *chip, int port, + bool locked); + int mv88e6xxx_port_set_8021q_mode(struct mv88e6xxx_chip *chip, int port, u16 mode); int mv88e6095_port_tag_remap(struct mv88e6xxx_chip *chip, int port); From patchwork Mon Feb 7 10:07:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12737123 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 038B7C4332F for ; Mon, 7 Feb 2022 10:16:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1358219AbiBGKNK (ORCPT ); Mon, 7 Feb 2022 05:13:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245324AbiBGKIW (ORCPT ); Mon, 7 Feb 2022 05:08:22 -0500 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BEE9C043181; Mon, 7 Feb 2022 02:08:21 -0800 (PST) Received: by mail-lj1-x242.google.com with SMTP id z7so18780005ljj.4; Mon, 07 Feb 2022 02:08:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=s5p54l/5ghXdgSmZcw68jguzPsn8MNmzYbYS1HcBzhQ=; b=RzMbPy1Ln5QC6ew2bpQt2fFy5Gg4iv7JtdI3IUXtfqISS/HnN0e86EcT7Di/nEKMxE 1NadGpBz6dm7Q4yJ5wejlLcbT2YiydWbY0KrhlqgdPm/o3bPUTm+yqbvl0nNIqjwoaD2 SGBnI8aDBDsezm963aQhsje0reUXEAc0i9BHqFs6iUaa5NdDNOZ6kHeH+LqpXjDpUkE+ 5Z+l92urz0maruhjX3vzEGZf+tks0CM3tCNjn9Dzi0C+1ImRdLzgDv79IzTC0DzPlTs9 eZNh5g0ZdlI8FpmT4zgLHyw1Twr3mcA0Vd2WzQUWxekdtA7YXTx6O4RNsztpkypFklQP sPbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=s5p54l/5ghXdgSmZcw68jguzPsn8MNmzYbYS1HcBzhQ=; b=gC0EIV42IwLPt8hfq1N1cuK8Gk2FkDoy2KgsSV5fHjpbllvWhn2SXpfJqRxc5NWZbm 8Ue2cB/4EewzlWAzYk4gcI8R2VkVISfV46E3mCYQ5OaawB5ca5pN4WXusxZan8MbOYIO rj6lY1u8tMwwclUpGMkzog5XmwxTxhMHW6hEXFegRMnUIyXVuX79tIV7pWJ97eU2NOi6 lLhIUSV8TkTb5bnngWD4KhyHB6ZyjWLT5lNL6Zin+5Xekg3hj4//cIldgVDhPSVA7sR9 Y80CQTu2C/2PdY3iydzefHyzkJMW5Ksa0XBYYJytYasoXUsJ84wtfF9jtjXanXg+Jjap TH+A== X-Gm-Message-State: AOAM532i+g6/yoK1PUTfVgmlN32fBJez3RyU4uBbmVyOYHluBCOkkE37 rj3104p6e5ytcGsuJUESUpk= X-Google-Smtp-Source: ABdhPJxMQy4Pq8xSBb2Kxdy0UnyMlVEthzWHERuU3S/+zvpQY031kDEBJGyRzezNzLjiKs+NiMTyJg== X-Received: by 2002:a2e:5810:: with SMTP id m16mr8134875ljb.261.1644228499706; Mon, 07 Feb 2022 02:08:19 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id k12sm1546034ljh.45.2022.02.07.02.08.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Feb 2022 02:08:19 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Roopa Prabhu , Nikolay Aleksandrov , bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: [PATCH net-next 4/4] net: bridge: Refactor bridge port in locked mode to use jump labels Date: Mon, 7 Feb 2022 11:07:42 +0100 Message-Id: <20220207100742.15087-5-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220207100742.15087-1-schultz.hans+netdev@gmail.com> References: <20220207100742.15087-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org As the locked mode feature is in the hot path of the bridge modules reception of packets, it needs to be refactored to use jump labels for optimization. Signed-off-by: Hans Schultz --- net/bridge/br_input.c | 22 ++++++++++++++++++---- net/bridge/br_netlink.c | 6 ++++++ net/bridge/br_private.h | 2 ++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 469e3adbce07..6fc428d6bac5 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -23,6 +23,18 @@ #include "br_private.h" #include "br_private_tunnel.h" +static struct static_key_false br_input_locked_port_feature; + +void br_input_locked_port_add(void) +{ + static_branch_inc(&br_input_locked_port_feature); +} + +void br_input_locked_port_remove(void) +{ + static_branch_dec(&br_input_locked_port_feature); +} + static int br_netif_receive_skb(struct net *net, struct sock *sk, struct sk_buff *skb) { @@ -91,10 +103,12 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb &state, &vlan)) goto out; - if (p->flags & BR_PORT_LOCKED) { - fdb_entry = br_fdb_find_rcu(br, eth_hdr(skb)->h_source, vid); - if (!(fdb_entry && fdb_entry->dst == p)) - goto drop; + if (static_branch_unlikely(&br_input_locked_port_feature)) { + if (p->flags & BR_PORT_LOCKED) { + fdb_entry = br_fdb_find_rcu(br, eth_hdr(skb)->h_source, vid); + if (!(fdb_entry && fdb_entry->dst == p)) + goto drop; + } } nbp_switchdev_frame_mark(p, skb); diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 7d4432ca9a20..e3dbe9fed75c 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -860,6 +860,7 @@ static int br_set_port_state(struct net_bridge_port *p, u8 state) static void br_set_port_flag(struct net_bridge_port *p, struct nlattr *tb[], int attrtype, unsigned long mask) { + bool locked = p->flags & BR_PORT_LOCKED; if (!tb[attrtype]) return; @@ -867,6 +868,11 @@ static void br_set_port_flag(struct net_bridge_port *p, struct nlattr *tb[], p->flags |= mask; else p->flags &= ~mask; + + if ((p->flags & BR_PORT_LOCKED) && !locked) + br_input_locked_port_add(); + if (!(p->flags & BR_PORT_LOCKED) && locked) + br_input_locked_port_remove(); } /* Process bridge protocol info on port */ diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 2661dda1a92b..0ec3ef897978 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -832,6 +832,8 @@ void br_manage_promisc(struct net_bridge *br); int nbp_backup_change(struct net_bridge_port *p, struct net_device *backup_dev); /* br_input.c */ +void br_input_locked_port_add(void); +void br_input_locked_port_remove(void); int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb); rx_handler_func_t *br_get_rx_handler(const struct net_device *dev);