From patchwork Wed Feb 9 13:05:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12740259 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0742C433EF for ; Wed, 9 Feb 2022 13:06:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233852AbiBINGJ (ORCPT ); Wed, 9 Feb 2022 08:06:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233833AbiBINGE (ORCPT ); Wed, 9 Feb 2022 08:06:04 -0500 Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C46AC0613CA; Wed, 9 Feb 2022 05:06:07 -0800 (PST) Received: by mail-lf1-x12f.google.com with SMTP id x23so4159655lfc.0; Wed, 09 Feb 2022 05:06:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=bYcBMD0263VidrD3hBmBNToThm3cO5xgVyUXSYwtNSk=; b=T4omMjjTBYUygDUJqs2qeyJWoxrIZ8VgP6zJChmrH8GlXMT7A7uHI8RCaZb48a1vc8 CriPE3c4iztC8LQlxpnwcAb1X8bRgeleRuZoFZ8V8FAWWbdsuSQPpwHBsflM0clmk1Va 1dLozc8Up7stMYssey58mBkRz12AKi6XUxAObqucuoU3iBZeWk3qaTN1qZ9eKcQJMLwc 687APJkB7FQg50eB+8SgHsH2RPEp4eOVo2Oa6y84pmpcwLTpNWgpS20BoMdFuUVMs7X6 sGrTeCqobAjv5zjZeyPdCfpB7piQUWo7IdLuGLCN5/7W/Yd23WRp6n/YESNFpYEqeOgQ t7sQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=bYcBMD0263VidrD3hBmBNToThm3cO5xgVyUXSYwtNSk=; b=KdfjSk3ASyoBks8FyGbKmzbLNFnxzYfkSAc9AD3gZrgYrVliNKibwlWq/U2YCKtAWy 7PVY85SNZWZBa8ZN+lewyOZPug0RgW4fEXqhKQcVodN2BUw1c+jAsXC5Cqvn6RTLuwVD 0L8JYkyyo6cSzXmSlVicxzX1fj16l389UXGfSo6dVBcpN8IxW3dTWC1uFBMw0i5O/Rmx Qm729tZzq3cqTjAKVhmbc37SKK+UM79FN9FRQ7f4/8q9SPP8b/waUo4psYDoS6JFpOO6 HsviGf81nz8xxXv+suFigJ/6hq49mo2HW+tPMzZK0yit6YiMC/0StGYGsGE90DMLkcrI mFCA== X-Gm-Message-State: AOAM533bp1GoQNAsmwRDpbPJnEo/l1856foS+D3aQQs4V9B43ATVqKTi QVqFfw1gUu4Q5Uk4nvq9Hhc= X-Google-Smtp-Source: ABdhPJyCll4ka0Jps7Twlmmr0XKRGoCjIkwwxOKu0pLjUtPupIPa00vNd0wEmuK/o27xnNhSTaZaHg== X-Received: by 2002:a05:6512:3b93:: with SMTP id g19mr1564844lfv.316.1644411965835; Wed, 09 Feb 2022 05:06:05 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id k3sm2352608lfo.127.2022.02.09.05.06.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 05:06:05 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Roopa Prabhu , Nikolay Aleksandrov , linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org Subject: [PATCH net-next v2 1/5] net: bridge: Add support for bridge port in locked mode Date: Wed, 9 Feb 2022 14:05:33 +0100 Message-Id: <20220209130538.533699-2-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> References: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org In a 802.1X scenario, clients connected to a bridge port shall not be allowed to have traffic forwarded until fully authenticated. A static fdb entry of the clients MAC address for the bridge port unlocks the client and allows bidirectional communication. This scenario is facilitated with setting the bridge port in locked mode, which is also supported by various switchcore chipsets. Signed-off-by: Hans Schultz --- include/linux/if_bridge.h | 1 + include/uapi/linux/if_link.h | 1 + net/bridge/br_input.c | 10 +++++++++- net/bridge/br_netlink.c | 6 +++++- 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h index 509e18c7e740..3aae023a9353 100644 --- a/include/linux/if_bridge.h +++ b/include/linux/if_bridge.h @@ -58,6 +58,7 @@ struct br_ip_list { #define BR_MRP_LOST_CONT BIT(18) #define BR_MRP_LOST_IN_CONT BIT(19) #define BR_TX_FWD_OFFLOAD BIT(20) +#define BR_PORT_LOCKED BIT(21) #define BR_DEFAULT_AGEING_TIME (300 * HZ) diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 6218f93f5c1a..a45cc0a1f415 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -537,6 +537,7 @@ enum { IFLA_BRPORT_MRP_IN_OPEN, IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT, IFLA_BRPORT_MCAST_EHT_HOSTS_CNT, + IFLA_BRPORT_LOCKED, __IFLA_BRPORT_MAX }; #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index b50382f957c1..469e3adbce07 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -69,6 +69,7 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb struct net_bridge_port *p = br_port_get_rcu(skb->dev); enum br_pkt_type pkt_type = BR_PKT_UNICAST; struct net_bridge_fdb_entry *dst = NULL; + struct net_bridge_fdb_entry *fdb_entry; struct net_bridge_mcast_port *pmctx; struct net_bridge_mdb_entry *mdst; bool local_rcv, mcast_hit = false; @@ -81,6 +82,8 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb if (!p || p->state == BR_STATE_DISABLED) goto drop; + br = p->br; + brmctx = &p->br->multicast_ctx; pmctx = &p->multicast_ctx; state = p->state; @@ -88,10 +91,15 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb &state, &vlan)) goto out; + if (p->flags & BR_PORT_LOCKED) { + fdb_entry = br_fdb_find_rcu(br, eth_hdr(skb)->h_source, vid); + if (!(fdb_entry && fdb_entry->dst == p)) + goto drop; + } + nbp_switchdev_frame_mark(p, skb); /* insert into forwarding database after filtering to avoid spoofing */ - br = p->br; if (p->flags & BR_LEARNING) br_fdb_update(br, p, eth_hdr(skb)->h_source, vid, 0); diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 2ff83d84230d..7d4432ca9a20 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -184,6 +184,7 @@ static inline size_t br_port_info_size(void) + nla_total_size(1) /* IFLA_BRPORT_VLAN_TUNNEL */ + nla_total_size(1) /* IFLA_BRPORT_NEIGH_SUPPRESS */ + nla_total_size(1) /* IFLA_BRPORT_ISOLATED */ + + nla_total_size(1) /* IFLA_BRPORT_LOCKED */ + nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_ROOT_ID */ + nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_BRIDGE_ID */ + nla_total_size(sizeof(u16)) /* IFLA_BRPORT_DESIGNATED_PORT */ @@ -269,7 +270,8 @@ static int br_port_fill_attrs(struct sk_buff *skb, BR_MRP_LOST_CONT)) || nla_put_u8(skb, IFLA_BRPORT_MRP_IN_OPEN, !!(p->flags & BR_MRP_LOST_IN_CONT)) || - nla_put_u8(skb, IFLA_BRPORT_ISOLATED, !!(p->flags & BR_ISOLATED))) + nla_put_u8(skb, IFLA_BRPORT_ISOLATED, !!(p->flags & BR_ISOLATED)) || + nla_put_u8(skb, IFLA_BRPORT_LOCKED, !!(p->flags & BR_PORT_LOCKED))) return -EMSGSIZE; timerval = br_timer_value(&p->message_age_timer); @@ -827,6 +829,7 @@ static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = { [IFLA_BRPORT_GROUP_FWD_MASK] = { .type = NLA_U16 }, [IFLA_BRPORT_NEIGH_SUPPRESS] = { .type = NLA_U8 }, [IFLA_BRPORT_ISOLATED] = { .type = NLA_U8 }, + [IFLA_BRPORT_LOCKED] = { .type = NLA_U8 }, [IFLA_BRPORT_BACKUP_PORT] = { .type = NLA_U32 }, [IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT] = { .type = NLA_U32 }, }; @@ -893,6 +896,7 @@ static int br_setport(struct net_bridge_port *p, struct nlattr *tb[], br_set_port_flag(p, tb, IFLA_BRPORT_VLAN_TUNNEL, BR_VLAN_TUNNEL); br_set_port_flag(p, tb, IFLA_BRPORT_NEIGH_SUPPRESS, BR_NEIGH_SUPPRESS); br_set_port_flag(p, tb, IFLA_BRPORT_ISOLATED, BR_ISOLATED); + br_set_port_flag(p, tb, IFLA_BRPORT_LOCKED, BR_PORT_LOCKED); changed_mask = old_flags ^ p->flags; From patchwork Wed Feb 9 13:05:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12740258 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBA89C433F5 for ; Wed, 9 Feb 2022 13:06:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233836AbiBINGI (ORCPT ); Wed, 9 Feb 2022 08:06:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233837AbiBINGH (ORCPT ); Wed, 9 Feb 2022 08:06:07 -0500 Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3587FC05CBAB; Wed, 9 Feb 2022 05:06:10 -0800 (PST) Received: by mail-lj1-x22a.google.com with SMTP id bx31so3387669ljb.0; Wed, 09 Feb 2022 05:06:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=C074Ts6t1RuR/7tYyDWuvKC2BHBuBtLTBdnTVQAyV3k=; b=BHfF3zx0V2sP0D4d9+4rLjIs4WhIhNDY1dUvDT1BnjD0DoY60k4YLXk4vZ/2sX9o0l ic6L8cfdLiZwXPn5XfgUwasbajiL1E2a5wbpCgI6OGunSPXEFeCHRvsRaszS+yqW7zHl 0z42UAceKzRPgDE4Oo3DVcEfpJpyibXlIyVO3AdbvOSZz+EzcH8dX89ru+ljSjs23hEN Xzq7uvf29dXyR0yipFZ+NlhDZ63/YaepY2Hp5JhBWesdCFraQ4h0hKYQYZTb0NDIkPES R0KoHPC0Je6Y/1d9iaoX3c/w7ncJs99GNDZknH303itEaVbPUWhO+GfapMddu0S3bTCB +MRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=C074Ts6t1RuR/7tYyDWuvKC2BHBuBtLTBdnTVQAyV3k=; b=JnvyBALoMPT+8SNrxyha3j+FgqEyxVkf+RQtA/dyLIF1wURwA/eMbvEVvbPMo+NNCF u6+WvNajwlpQ53NC5z5HjofmN1h/QDeTlOU8+fyZz0ZxFt9//DDQYCvNOri/mBBKk23L 9uYrATPElXvjsUKxTQBmtW5EqyLKGThbND6KrZaM//kSVnQRiMtK1FjrTNk+UdowKwMG H/MXeDxWNljBCVcbaH3uzLLbzWLKuTTQHQpcDC3Gv0YKNTxbPCuN+hK7QTnksHVxkCtp URbWB+fOfL4u61i+2vKUF/yI8CNh9pt6WvPkWoFZ/Gjq5KvXuUZaAPdSsQkJ9yFAw5t9 Cw+Q== X-Gm-Message-State: AOAM531+5Lm+0x/aUHJwOu8lr82GWsYl+5srfb4JOpx5/mPRTF7m8LaR 9TnMcKDCwz9yWEgquM7oanQ= X-Google-Smtp-Source: ABdhPJyUubsoPOivNzS5dMGUwz5s440Yasi/ch4y35pJf4bQpsMQNQcSBZglFFfHu+ruwaOUzM0VTw== X-Received: by 2002:a2e:8081:: with SMTP id i1mr1513730ljg.506.1644411968590; Wed, 09 Feb 2022 05:06:08 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id k3sm2352608lfo.127.2022.02.09.05.06.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 05:06:08 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Roopa Prabhu , Nikolay Aleksandrov , bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: [PATCH net-next v2 2/5] net: bridge: Add support for offloading of locked port flag Date: Wed, 9 Feb 2022 14:05:34 +0100 Message-Id: <20220209130538.533699-3-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> References: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Various switchcores support setting ports in locked mode, so that clients behind locked ports cannot send traffic through the port unless a fdb entry is added with the clients MAC address. Signed-off-by: Hans Schultz Acked-by: Nikolay Aleksandrov --- net/bridge/br_switchdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index f8fbaaa7c501..bf549fc22556 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -72,7 +72,7 @@ bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p, /* Flags that can be offloaded to hardware */ #define BR_PORT_FLAGS_HW_OFFLOAD (BR_LEARNING | BR_FLOOD | \ - BR_MCAST_FLOOD | BR_BCAST_FLOOD) + BR_MCAST_FLOOD | BR_BCAST_FLOOD | BR_PORT_LOCKED) int br_switchdev_set_port_flag(struct net_bridge_port *p, unsigned long flags, From patchwork Wed Feb 9 13:05:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12740260 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E620C433F5 for ; Wed, 9 Feb 2022 13:06:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232754AbiBINGS (ORCPT ); Wed, 9 Feb 2022 08:06:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43626 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233854AbiBINGK (ORCPT ); Wed, 9 Feb 2022 08:06:10 -0500 Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BE2BC05CB97; Wed, 9 Feb 2022 05:06:13 -0800 (PST) Received: by mail-lf1-x133.google.com with SMTP id o2so4102148lfd.1; Wed, 09 Feb 2022 05:06:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=xsR/hKbVC0DUFloHcPTPuu9npcAFNkMVex8QVbhOYjs=; b=aj5Htxtjt1QnCulCfzu1eLyveHrhHah6dMQEHuzB3QTTYShvpcRAjZ5pfxCGk762qQ 6BFw3eAADUmyqfZmB9V4jt23udaEyQK7EIVxNG9+FpfuXQDvXqpG8/O5kS13UiE2pXOj 437f9KJulPeEz0tpSD51qy++kHowekZNWZrx7tiLHrpi4+NYHgOTG//YhDgd6U66f2Pz c5hoPpXA/21eoyFtrKLJMXJaYVaU2BLR2E4MoYM2g8/ffSc2HO00JOB4wlpY0lwbCpz6 TNWPzGdJ99ZavA4XvY/6aMxWBiD5qnAzBPAs9UM/psV1+fqPOAuo2N22BrJNCl1Z2BSW 7mww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=xsR/hKbVC0DUFloHcPTPuu9npcAFNkMVex8QVbhOYjs=; b=mVfXr8k8MJxXXyI56fnsyiqH8+AnQoyN0DjW8hlPVmGzSTr1sSguYAPjbHea74sZeY 4yuW0M8bl2+bhiF6LOVH+mtnElgrWhareOKmJvmzbalDfSB621tmbmaVqomSaPGkvauR AZslPj2rYpjbgLYg0eS/6cr3DdF5ducfM8n1RXi76EaS803odbtmYteZoRk1okRN4rlk eMaxVncSCR+GugGpbeOy3uIWR3Y9yhlk9JIsZ2Wgu/UTs7Plj+9Nlg6wEsoZoDrFOrpF 6E+cDLSspvQfcQvgvegcMDhMp/bD74DFNW+ShSdL7D6hK2m4sMqQsYF1HeDi+Nczczo9 R/cw== X-Gm-Message-State: AOAM5303pmA7s7x9TqdKIkZ68QVMwO+xDc2TCFSsuKEMRGzn00KoR+6a 3b+HKqkAaXpw7KekuzlJqfM= X-Google-Smtp-Source: ABdhPJwc0CV74l66f2wraJk089tfQr+62hoxcpiYKudUS/YHO6pQn91PajQKct90SKtB1DhVFlnXKA== X-Received: by 2002:a19:9219:: with SMTP id u25mr1547578lfd.685.1644411971858; Wed, 09 Feb 2022 05:06:11 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id k3sm2352608lfo.127.2022.02.09.05.06.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 05:06:11 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Andrew Lunn , Vivien Didelot , Florian Fainelli , Vladimir Oltean , linux-kernel@vger.kernel.org Subject: [PATCH net-next v2 3/5] net: dsa: Add support for offloaded locked port flag Date: Wed, 9 Feb 2022 14:05:35 +0100 Message-Id: <20220209130538.533699-4-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> References: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Among the switchcores that support this feature is the Marvell mv88e6xxx family. Signed-off-by: Hans Schultz --- net/dsa/port.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/dsa/port.c b/net/dsa/port.c index bd78192e0e47..01ed22ed74a1 100644 --- a/net/dsa/port.c +++ b/net/dsa/port.c @@ -176,7 +176,7 @@ static int dsa_port_inherit_brport_flags(struct dsa_port *dp, struct netlink_ext_ack *extack) { const unsigned long mask = BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | - BR_BCAST_FLOOD; + BR_BCAST_FLOOD | BR_PORT_LOCKED; struct net_device *brport_dev = dsa_port_to_bridge_port(dp); int flag, err; @@ -200,7 +200,7 @@ static void dsa_port_clear_brport_flags(struct dsa_port *dp) { const unsigned long val = BR_FLOOD | BR_MCAST_FLOOD | BR_BCAST_FLOOD; const unsigned long mask = BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | - BR_BCAST_FLOOD; + BR_BCAST_FLOOD | BR_PORT_LOCKED; int flag, err; for_each_set_bit(flag, &mask, 32) { From patchwork Wed Feb 9 13:05:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12740261 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13724C433EF for ; Wed, 9 Feb 2022 13:06:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233889AbiBINGW (ORCPT ); Wed, 9 Feb 2022 08:06:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233893AbiBINGU (ORCPT ); Wed, 9 Feb 2022 08:06:20 -0500 Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 63BFFC050CC2; Wed, 9 Feb 2022 05:06:17 -0800 (PST) Received: by mail-lj1-x234.google.com with SMTP id z20so3303347ljo.6; Wed, 09 Feb 2022 05:06:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=pe7DtCHDCmLRwyE/qHTyP5z+rDV+SzCi98cUiAV5b/4=; b=HKhR30nQqdmHPhN1YSs1FiKgidM0zc86mdOIAFMdvuvY7/Jefr18EmkN9sWb4CZfVv OXnWANyxGnOI3Xk3n5Yjwf8R8uNSE0lFjBsG+C14aKdQaYNK/eAzA91RIYwPAUjz8vKp MWKyimKf3rtEjom/a9PhtvV1qmqFeySYZH8BtmJfyYnpTeP3zhZfNOPK2xDFUWGTIkxS xJ2kO10Vbniwut3O1Q/IuEzt0FRnTt3zAoE7oEFAIRWQWImFka3ZZnvfO85Qx1DWbxa5 cnkVjOnyRgh6W1NYyPMJWJGfYoTE0tme3bExP0ibP1vXD3P2/9Sxtt+nZ0ifZMF3h4nU dy1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=pe7DtCHDCmLRwyE/qHTyP5z+rDV+SzCi98cUiAV5b/4=; b=G0ivSrNZkDSbTDch1SWsuO0LzcTZIyTAvOVIo1O4Fe5kO7VxWVUY1hPtohka01vzvk WM1LXhFAVtssjhiBVMr7jlDr1XZg0419Kyu0+d2uk1uSFPI6Bwd1Bhj2Rb4OgfxLaAeF YnVllXs4IRPpnxbym41YoJM9yUmHl9twtF2T52ZiCz/8S1a1kLgsURHIOz9hYBr5bTbB U66rpOy5Pvz4wG2AGCMXLt+CkuRFHW1nhPXbVDPMhjjHXClVRgK0IsT9W0oACxXcGOo0 4PJaLUMEsgKH1+Xiy6XjDTuyRAyEFpK/E1PTpkZdYuxHPlRzqH98Oc0NnhlYC3h5f2C9 aDeQ== X-Gm-Message-State: AOAM5329eb/jS97IYuxRI6ByH3mCEeNUlV4ShgrgCdz+b1JvLx6oevuI 9skBZoS7cBZl3akzMaloUmM= X-Google-Smtp-Source: ABdhPJwgrnhOCwwLmTzqMPF79fJIQcadOKdfH0MNqKfYy9O1lkOWMy0nsB5lyRtMORdjAMrJh4UdqQ== X-Received: by 2002:a2e:5c45:: with SMTP id q66mr1497374ljb.237.1644411975601; Wed, 09 Feb 2022 05:06:15 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id k3sm2352608lfo.127.2022.02.09.05.06.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 05:06:15 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Andrew Lunn , Vivien Didelot , Florian Fainelli , Vladimir Oltean , linux-kernel@vger.kernel.org Subject: [PATCH net-next v2 4/5] net: dsa: mv88e6xxx: Add support for bridge port locked mode Date: Wed, 9 Feb 2022 14:05:36 +0100 Message-Id: <20220209130538.533699-5-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> References: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Supporting bridge ports in locked mode using the drop on lock feature in Marvell mv88e6xxx switchcores is described in the '88E6096/88E6097/88E6097F Datasheet', sections 4.4.6, 4.4.7 and 5.1.2.1 (Drop on Lock). This feature is implemented here facilitated by the locked port flag. Signed-off-by: Hans Schultz --- drivers/net/dsa/mv88e6xxx/chip.c | 9 ++++++++- drivers/net/dsa/mv88e6xxx/port.c | 33 ++++++++++++++++++++++++++++++++ drivers/net/dsa/mv88e6xxx/port.h | 9 ++++++++- 3 files changed, 49 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 58ca684d73f7..eed3713b97ae 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5881,7 +5881,7 @@ static int mv88e6xxx_port_pre_bridge_flags(struct dsa_switch *ds, int port, const struct mv88e6xxx_ops *ops; if (flags.mask & ~(BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | - BR_BCAST_FLOOD)) + BR_BCAST_FLOOD | BR_PORT_LOCKED)) return -EINVAL; ops = chip->info->ops; @@ -5939,6 +5939,13 @@ static int mv88e6xxx_port_bridge_flags(struct dsa_switch *ds, int port, goto out; } + if (flags.mask & BR_PORT_LOCKED) { + bool locked = !!(flags.val & BR_PORT_LOCKED); + + err = mv88e6xxx_port_set_lock(chip, port, locked); + if (err) + goto out; + } out: mv88e6xxx_reg_unlock(chip); diff --git a/drivers/net/dsa/mv88e6xxx/port.c b/drivers/net/dsa/mv88e6xxx/port.c index ab41619a809b..46b7381899a0 100644 --- a/drivers/net/dsa/mv88e6xxx/port.c +++ b/drivers/net/dsa/mv88e6xxx/port.c @@ -1234,6 +1234,39 @@ int mv88e6xxx_port_set_mirror(struct mv88e6xxx_chip *chip, int port, return err; } +int mv88e6xxx_port_set_lock(struct mv88e6xxx_chip *chip, int port, + bool locked) +{ + u16 reg; + int err; + + err = mv88e6xxx_port_read(chip, port, MV88E6XXX_PORT_CTL0, ®); + if (err) + return err; + + reg &= ~MV88E6XXX_PORT_CTL0_SA_FILT_MASK; + if (locked) + reg |= MV88E6XXX_PORT_CTL0_SA_FILT_DROP_ON_LOCK; + + err = mv88e6xxx_port_write(chip, port, MV88E6XXX_PORT_CTL0, reg); + if (err) + return err; + + err = mv88e6xxx_port_read(chip, port, MV88E6XXX_PORT_ASSOC_VECTOR, ®); + if (err) + return err; + + reg &= ~MV88E6XXX_PORT_ASSOC_VECTOR_LOCKED_PORT; + if (locked) + reg |= MV88E6XXX_PORT_ASSOC_VECTOR_LOCKED_PORT; + + err = mv88e6xxx_port_write(chip, port, MV88E6XXX_PORT_ASSOC_VECTOR, reg); + if (err) + return err; + + return 0; +} + int mv88e6xxx_port_set_8021q_mode(struct mv88e6xxx_chip *chip, int port, u16 mode) { diff --git a/drivers/net/dsa/mv88e6xxx/port.h b/drivers/net/dsa/mv88e6xxx/port.h index 03382b66f800..3f70557f0d48 100644 --- a/drivers/net/dsa/mv88e6xxx/port.h +++ b/drivers/net/dsa/mv88e6xxx/port.h @@ -142,7 +142,11 @@ /* Offset 0x04: Port Control Register */ #define MV88E6XXX_PORT_CTL0 0x04 #define MV88E6XXX_PORT_CTL0_USE_CORE_TAG 0x8000 -#define MV88E6XXX_PORT_CTL0_DROP_ON_LOCK 0x4000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_MASK 0xc000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_DISABLED 0x0000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_DROP_ON_LOCK 0x4000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_DROP_ON_UNLOCK 0x8000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_DROP_ON_CPU 0xc000 #define MV88E6XXX_PORT_CTL0_EGRESS_MODE_MASK 0x3000 #define MV88E6XXX_PORT_CTL0_EGRESS_MODE_UNMODIFIED 0x0000 #define MV88E6XXX_PORT_CTL0_EGRESS_MODE_UNTAGGED 0x1000 @@ -365,6 +369,9 @@ int mv88e6xxx_port_set_fid(struct mv88e6xxx_chip *chip, int port, u16 fid); int mv88e6xxx_port_get_pvid(struct mv88e6xxx_chip *chip, int port, u16 *pvid); int mv88e6xxx_port_set_pvid(struct mv88e6xxx_chip *chip, int port, u16 pvid); +int mv88e6xxx_port_set_lock(struct mv88e6xxx_chip *chip, int port, + bool locked); + int mv88e6xxx_port_set_8021q_mode(struct mv88e6xxx_chip *chip, int port, u16 mode); int mv88e6095_port_tag_remap(struct mv88e6xxx_chip *chip, int port); From patchwork Wed Feb 9 13:05:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12740262 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A765C433EF for ; Wed, 9 Feb 2022 13:06:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233992AbiBINGe (ORCPT ); Wed, 9 Feb 2022 08:06:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233911AbiBINGV (ORCPT ); Wed, 9 Feb 2022 08:06:21 -0500 Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3517C05CB97; Wed, 9 Feb 2022 05:06:20 -0800 (PST) Received: by mail-lf1-x12d.google.com with SMTP id i17so4001712lfg.11; Wed, 09 Feb 2022 05:06:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=inCVYeDu1fAept4QEpKoCkDC4Yb03qxpv1FlXIUns7I=; b=M6fijd92xKG7v+VrkmSvHMaDtbq/nAz0qMuwwXeK3zx2d2oUzm88mnnwcn7kLCBmZ9 ZS8tlRUaikG/pKqHaot+sA8vRCtwngbdlwqkfqEjGwau30qHA0DW2AUL4mh8hk0PP38J t67jVBU0dJ1T4IMpd7SNXWDoB7VX5qY3wl9lkJwHXjudfQzWWxxRN+x/1mYqt/Qm9GbS S24lporKHPffI8akVjpH/Jk4YUWJegACOLhwi+6x9IQloBf4w1ono9to+Zvt1GRfkM/A 0w4fRqNBMzUV8cP8Owr7iKyovAx9+0PmIfPqyFNFf/pFEhRXGlVjoe3SDij4ikyzHnkT z68Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=inCVYeDu1fAept4QEpKoCkDC4Yb03qxpv1FlXIUns7I=; b=QXT3JkDEhIlIePNdhpbx1nNa5DVpKsWTLpJzniBrXezegkrPoKwpUOUZ0/Hvm/M2ti nGFw94Dx2Js4NyGy5co/GaGSqGLMAL1bsBwbl2jvEbuBdxhIeG/j3EIEAxhzo7Tth3ND K7608a9ILpsX0nEBd8N1A7imQi4x+5sXOS7kqjtHgmTLrn4/nFb7VD7ak6BmpeO1Rvd3 h4Ezy/+6S5CR0kCFI9C+aPAO1YGHsKyLqzQN7338tyrXOfXOnKrv6zTuIyiHBQ08clzh h+cmvA7OlSgLgxAEBfICJMjqTGngwYyroNsWMSZeSZMqffC74RSiMurBv3y+sFnHf6L7 JbvA== X-Gm-Message-State: AOAM532Y1YlQ8gkJSgTeY4opgdnz2hxD5/0e9Q+zMLf6Hx1+COHa9JNL ED/jptbIEJU4lG47taFzw8E= X-Google-Smtp-Source: ABdhPJxArIjJy06rYv/F/8Maxi6QhxTI2ECVBt8J3IcsCVrOM+EO1KUfCDbLSNfVTmC5MwuPOKsgzw== X-Received: by 2002:a05:6512:1597:: with SMTP id bp23mr1660573lfb.347.1644411979092; Wed, 09 Feb 2022 05:06:19 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id k3sm2352608lfo.127.2022.02.09.05.06.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 05:06:18 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Hans Schultz , Roopa Prabhu , Nikolay Aleksandrov , bridge@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: [PATCH net-next v2 5/5] net: bridge: Refactor bridge port in locked mode to use jump labels Date: Wed, 9 Feb 2022 14:05:37 +0100 Message-Id: <20220209130538.533699-6-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> References: <20220209130538.533699-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org From: Hans Schultz As the locked mode feature is in the hot path of the bridge modules reception of packets, it needs to be refactored to use jump labels for optimization. Signed-off-by: Hans Schultz Signed-off-by: Hans Schultz --- net/bridge/br_input.c | 22 ++++++++++++++++++---- net/bridge/br_netlink.c | 6 ++++++ net/bridge/br_private.h | 2 ++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 469e3adbce07..6fc428d6bac5 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -23,6 +23,18 @@ #include "br_private.h" #include "br_private_tunnel.h" +static struct static_key_false br_input_locked_port_feature; + +void br_input_locked_port_add(void) +{ + static_branch_inc(&br_input_locked_port_feature); +} + +void br_input_locked_port_remove(void) +{ + static_branch_dec(&br_input_locked_port_feature); +} + static int br_netif_receive_skb(struct net *net, struct sock *sk, struct sk_buff *skb) { @@ -91,10 +103,12 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb &state, &vlan)) goto out; - if (p->flags & BR_PORT_LOCKED) { - fdb_entry = br_fdb_find_rcu(br, eth_hdr(skb)->h_source, vid); - if (!(fdb_entry && fdb_entry->dst == p)) - goto drop; + if (static_branch_unlikely(&br_input_locked_port_feature)) { + if (p->flags & BR_PORT_LOCKED) { + fdb_entry = br_fdb_find_rcu(br, eth_hdr(skb)->h_source, vid); + if (!(fdb_entry && fdb_entry->dst == p)) + goto drop; + } } nbp_switchdev_frame_mark(p, skb); diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 7d4432ca9a20..e3dbe9fed75c 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -860,6 +860,7 @@ static int br_set_port_state(struct net_bridge_port *p, u8 state) static void br_set_port_flag(struct net_bridge_port *p, struct nlattr *tb[], int attrtype, unsigned long mask) { + bool locked = p->flags & BR_PORT_LOCKED; if (!tb[attrtype]) return; @@ -867,6 +868,11 @@ static void br_set_port_flag(struct net_bridge_port *p, struct nlattr *tb[], p->flags |= mask; else p->flags &= ~mask; + + if ((p->flags & BR_PORT_LOCKED) && !locked) + br_input_locked_port_add(); + if (!(p->flags & BR_PORT_LOCKED) && locked) + br_input_locked_port_remove(); } /* Process bridge protocol info on port */ diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 2661dda1a92b..0ec3ef897978 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -832,6 +832,8 @@ void br_manage_promisc(struct net_bridge *br); int nbp_backup_change(struct net_bridge_port *p, struct net_device *backup_dev); /* br_input.c */ +void br_input_locked_port_add(void); +void br_input_locked_port_remove(void); int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb); rx_handler_func_t *br_get_rx_handler(const struct net_device *dev);