From patchwork Thu Mar 17 06:50:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mattias Forsblad X-Patchwork-Id: 12783587 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1282DC433F5 for ; Thu, 17 Mar 2022 06:50:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229946AbiCQGwA (ORCPT ); Thu, 17 Mar 2022 02:52:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229927AbiCQGv7 (ORCPT ); Thu, 17 Mar 2022 02:51:59 -0400 Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B226A27F6 for ; Wed, 16 Mar 2022 23:50:42 -0700 (PDT) Received: by mail-lf1-x12d.google.com with SMTP id w7so7424443lfd.6 for ; Wed, 16 Mar 2022 23:50:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JxLEWNkta/vpkDsBY4QhLGrjAG0PeNah3cTWg60yylY=; b=YrHkU0Efk0AYtMhnCoG4+fkfUX2I0R2SKa7BQ8u0POuqwo7y/1T3Lb0VQv21MtM5e/ caqe7h9scKM4qsGEafiZLda2263AH6iur+DsyIZZYewP6Xo21/KhCWyElFXRjpGk0QlT 4stqB/eY/XRVFJ6GvWluM7xs8lCpQJwvCwbEC2UYtRq7Mktm8U8OhwqdDJkMLrWAIkvv zY11LFVhZ+wsE0oZGLouPIjGyXP13e6FPrnDngHhnBqARbHjdc6kBPWObZXEbjVrAKvI m1QR5MQP4v2BGOMfvO7kOo+DEDyY5CpfMe5O6zyQ0MlbkyagXEMluIQSDdN3u3aC3ZfW Ua9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JxLEWNkta/vpkDsBY4QhLGrjAG0PeNah3cTWg60yylY=; b=Cq1bpMvEY798ClBfVegVxqbSPYsvbTAP131XrwtyfWZKpVmQ4Tjk2JSp6t70eFuT9v jwiOOmPwkgd2Jdnw9/y6SbK/jAGAo/xag9s+puOpM4IszYEg/8JBM6Iay7FQfIa5BVXS uL9D7ls1tFSaf4DrjYhLMEGdXlbrbbnY6DD0mXEGTgAMh6aF11mtu4ppBFPBdwO4S2jt pjna0+jj+oETepHMtqfPlJKqP3FQLDpMFFHdADwgxMx2FM+z90R7yqG20t3L4nTJjo5V IJDJxg9S3Lsx2uQ8wwM0uWNC2mZIk6bThF26EdVvd7lgV7jCFIFPiWGDH4g6ngVsjpwc EyAA== X-Gm-Message-State: AOAM5318MpPIvwOodmBZfPhMeu2HhGSopnOOFeDGFITvjFpNQvU0XixE obcVWRi31/78Qhcz5QMfah2etsVK4LoFFQV5 X-Google-Smtp-Source: ABdhPJyM6nEHQTuLK7fl/d3Sj0hdJEzf1R6P7h0zS3xo+PJZI1IZfZhlwm7KLVa1jQU4yv7gzsh+zw== X-Received: by 2002:a05:6512:2308:b0:449:f7eb:cc2f with SMTP id o8-20020a056512230800b00449f7ebcc2fmr831113lfu.37.1647499840633; Wed, 16 Mar 2022 23:50:40 -0700 (PDT) Received: from wse-c0089.raspi.local (h-98-128-237-157.A259.priv.bahnhof.se. [98.128.237.157]) by smtp.gmail.com with ESMTPSA id l25-20020ac25559000000b0044825a2539csm362215lfk.59.2022.03.16.23.50.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 23:50:39 -0700 (PDT) From: Mattias Forsblad To: netdev@vger.kernel.org Cc: "David S . Miller" , Jakub Kicinski , Andrew Lunn , Florian Fainelli , Vivien Didelot , Roopa Prabhu , Tobias Waldekranz , Mattias Forsblad Subject: [PATCH 1/5] switchdev: Add local_receive attribute Date: Thu, 17 Mar 2022 07:50:27 +0100 Message-Id: <20220317065031.3830481-2-mattias.forsblad@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220317065031.3830481-1-mattias.forsblad@gmail.com> References: <20220317065031.3830481-1-mattias.forsblad@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org This commit adds the local_receive switchdev attribute in preparation for bridge usage. Signed-off-by: Mattias Forsblad --- include/net/switchdev.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/net/switchdev.h b/include/net/switchdev.h index 3e424d40fae3..f4c1671c2561 100644 --- a/include/net/switchdev.h +++ b/include/net/switchdev.h @@ -28,6 +28,7 @@ enum switchdev_attr_id { SWITCHDEV_ATTR_ID_BRIDGE_MC_DISABLED, SWITCHDEV_ATTR_ID_BRIDGE_MROUTER, SWITCHDEV_ATTR_ID_MRP_PORT_ROLE, + SWITCHDEV_ATTR_ID_BRIDGE_FLOOD, }; struct switchdev_brport_flags { From patchwork Thu Mar 17 06:50:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mattias Forsblad X-Patchwork-Id: 12783589 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8726EC433F5 for ; Thu, 17 Mar 2022 06:50:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229996AbiCQGwD (ORCPT ); Thu, 17 Mar 2022 02:52:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47634 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229637AbiCQGwB (ORCPT ); Thu, 17 Mar 2022 02:52:01 -0400 Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93970DFD45 for ; Wed, 16 Mar 2022 23:50:43 -0700 (PDT) Received: by mail-lf1-x12e.google.com with SMTP id g17so7454588lfh.2 for ; Wed, 16 Mar 2022 23:50:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=CBpOpgR5F1RukWk4rMFCOYveSEljF2XAMrExoOZw//0=; b=LrDQ3zNcP0OhmgMXrmyv3pwlyHnEYXH+NxS7dVwkIaLF9ZuGTSd95aWyy9G+KYLaTk ItdNFVDWFsSNHaTaBdvSd5pLVWxwxsPuZhJGIiTOf6mPHX/JBs6CxtsQpZjTbYQ6nKLK ntfdyM/aoSxes7+iGYvPjWdtvddSqsyi0ZqLfH70lCfoNcX6iYqoe3aiGG6RcmwXuKZx bgN52Plo3qTRaEk0czc+oz1JxU6G5878O5Sohay0PkbcNtJ7ORGcx8Q2LaxU/KXKcvqo ljWkO4DnNYOiKhYo0J4AOuuoNUxhoMuNTHWmJ5uy9U9rURfqItOPp+m/35lACyg7u56J EVag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=CBpOpgR5F1RukWk4rMFCOYveSEljF2XAMrExoOZw//0=; b=wHDFUNsQDYaiwQ14vcpnYfZopNVGn96OJN1nS13lcCUMsZyD648K3W1X0RnFMG9VYH 1ZRN9hq0JgZGX7QT1Hce1alJ7HG39Fq+fvOF+GGW5s+1HSYYdnTXw8iX4fG3OSP7zug+ sjuYT7zhdfP/0X9ICcXuY/DAwpgpWv0UnzNEumtL9QyTu4Ru6xnTEy1JVMSlxuevlxjo 5JS3L8/S2MP80VtcxHzlTUq21CBtpBqcIa9S0yAVYmgJELnqArFBueML8Bk2CceW8z4X HHcH/gQFuPaA+AXUnH3N+1WLRQypO/0k7p4JbHBgWst2JKa5E+b9IKDixEOyWBxltwaJ FQ7w== X-Gm-Message-State: AOAM532WKy2Sm//ckc7+ekAihRPvfXoKA8/re3lSfkMzk8h+bfSP682K ODXzfwiM1U+l5i29mOq9JR7G40DqH214f9Od X-Google-Smtp-Source: ABdhPJyRLpTiaIoqv9HTdhIBdiJze2WTcO1mMRNzgq1lH/huyC2NqGCpYBb9im15psPK903ExvLJaQ== X-Received: by 2002:ac2:5933:0:b0:448:3821:571f with SMTP id v19-20020ac25933000000b004483821571fmr1966053lfi.375.1647499841437; Wed, 16 Mar 2022 23:50:41 -0700 (PDT) Received: from wse-c0089.raspi.local (h-98-128-237-157.A259.priv.bahnhof.se. [98.128.237.157]) by smtp.gmail.com with ESMTPSA id l25-20020ac25559000000b0044825a2539csm362215lfk.59.2022.03.16.23.50.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 23:50:40 -0700 (PDT) From: Mattias Forsblad To: netdev@vger.kernel.org Cc: "David S . Miller" , Jakub Kicinski , Andrew Lunn , Florian Fainelli , Vivien Didelot , Roopa Prabhu , Tobias Waldekranz , Mattias Forsblad Subject: [PATCH 2/5] net: bridge: Implement bridge flood flag Date: Thu, 17 Mar 2022 07:50:28 +0100 Message-Id: <20220317065031.3830481-3-mattias.forsblad@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220317065031.3830481-1-mattias.forsblad@gmail.com> References: <20220317065031.3830481-1-mattias.forsblad@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org This patch implements the bridge flood flags. There are three different flags matching unicast, multicast and broadcast. When the corresponding flag is cleared packets received on bridge ports will not be flooded towards the bridge. This makes is possible to only forward selected traffic between the port members of the bridge. Signed-off-by: Mattias Forsblad --- include/linux/if_bridge.h | 6 +++++ include/uapi/linux/if_bridge.h | 9 ++++++- net/bridge/br.c | 45 ++++++++++++++++++++++++++++++++++ net/bridge/br_device.c | 3 +++ net/bridge/br_input.c | 23 ++++++++++++++--- net/bridge/br_private.h | 4 +++ 6 files changed, 85 insertions(+), 5 deletions(-) diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h index 3aae023a9353..fa8e000a6fb9 100644 --- a/include/linux/if_bridge.h +++ b/include/linux/if_bridge.h @@ -157,6 +157,7 @@ static inline int br_vlan_get_info_rcu(const struct net_device *dev, u16 vid, struct net_device *br_fdb_find_port(const struct net_device *br_dev, const unsigned char *addr, __u16 vid); +bool br_flood_enabled(const struct net_device *dev); void br_fdb_clear_offload(const struct net_device *dev, u16 vid); bool br_port_flag_is_set(const struct net_device *dev, unsigned long flag); u8 br_port_get_stp_state(const struct net_device *dev); @@ -170,6 +171,11 @@ br_fdb_find_port(const struct net_device *br_dev, return NULL; } +static inline bool br_flood_enabled(const struct net_device *dev) +{ + return true; +} + static inline void br_fdb_clear_offload(const struct net_device *dev, u16 vid) { } diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h index 2711c3522010..765ed70c9b28 100644 --- a/include/uapi/linux/if_bridge.h +++ b/include/uapi/linux/if_bridge.h @@ -72,6 +72,7 @@ struct __bridge_info { __u32 tcn_timer_value; __u32 topology_change_timer_value; __u32 gc_timer_value; + __u8 flood; }; struct __port_info { @@ -752,13 +753,19 @@ struct br_mcast_stats { /* bridge boolean options * BR_BOOLOPT_NO_LL_LEARN - disable learning from link-local packets * BR_BOOLOPT_MCAST_VLAN_SNOOPING - control vlan multicast snooping + * BR_BOOLOPT_FLOOD - control bridge flood flag + * BR_BOOLOPT_MCAST_FLOOD - control bridge multicast flood flag + * BR_BOOLOPT_BCAST_FLOOD - control bridge broadcast flood flag * * IMPORTANT: if adding a new option do not forget to handle - * it in br_boolopt_toggle/get and bridge sysfs + * it in br_boolopt_toggle/get */ enum br_boolopt_id { BR_BOOLOPT_NO_LL_LEARN, BR_BOOLOPT_MCAST_VLAN_SNOOPING, + BR_BOOLOPT_FLOOD, + BR_BOOLOPT_MCAST_FLOOD, + BR_BOOLOPT_BCAST_FLOOD, BR_BOOLOPT_MAX }; diff --git a/net/bridge/br.c b/net/bridge/br.c index b1dea3febeea..63a17bed6c63 100644 --- a/net/bridge/br.c +++ b/net/bridge/br.c @@ -265,6 +265,11 @@ int br_boolopt_toggle(struct net_bridge *br, enum br_boolopt_id opt, bool on, case BR_BOOLOPT_MCAST_VLAN_SNOOPING: err = br_multicast_toggle_vlan_snooping(br, on, extack); break; + case BR_BOOLOPT_FLOOD: + case BR_BOOLOPT_MCAST_FLOOD: + case BR_BOOLOPT_BCAST_FLOOD: + err = br_flood_toggle(br, opt, on); + break; default: /* shouldn't be called with unsupported options */ WARN_ON(1); @@ -281,6 +286,12 @@ int br_boolopt_get(const struct net_bridge *br, enum br_boolopt_id opt) return br_opt_get(br, BROPT_NO_LL_LEARN); case BR_BOOLOPT_MCAST_VLAN_SNOOPING: return br_opt_get(br, BROPT_MCAST_VLAN_SNOOPING_ENABLED); + case BR_BOOLOPT_FLOOD: + return br_opt_get(br, BROPT_FLOOD); + case BR_BOOLOPT_MCAST_FLOOD: + return br_opt_get(br, BROPT_MCAST_FLOOD); + case BR_BOOLOPT_BCAST_FLOOD: + return br_opt_get(br, BROPT_BCAST_FLOOD); default: /* shouldn't be called with unsupported options */ WARN_ON(1); @@ -325,6 +336,40 @@ void br_boolopt_multi_get(const struct net_bridge *br, bm->optmask = GENMASK((BR_BOOLOPT_MAX - 1), 0); } +int br_flood_toggle(struct net_bridge *br, enum br_boolopt_id opt, + bool on) +{ + struct switchdev_attr attr = { + .orig_dev = br->dev, + .id = SWITCHDEV_ATTR_ID_BRIDGE_FLOOD, + .flags = SWITCHDEV_F_DEFER, + }; + enum net_bridge_opts bropt; + int ret; + + switch (opt) { + case BR_BOOLOPT_FLOOD: + bropt = BROPT_FLOOD; + break; + case BR_BOOLOPT_MCAST_FLOOD: + bropt = BROPT_MCAST_FLOOD; + break; + case BR_BOOLOPT_BCAST_FLOOD: + bropt = BROPT_BCAST_FLOOD; + break; + default: + WARN_ON(1); + return -EINVAL; + } + br_opt_toggle(br, bropt, on); + + attr.u.brport_flags.mask = BIT(bropt); + attr.u.brport_flags.val = on << bropt; + ret = switchdev_port_attr_set(br->dev, &attr, NULL); + + return ret; +} + /* private bridge options, controlled by the kernel */ void br_opt_toggle(struct net_bridge *br, enum net_bridge_opts opt, bool on) { diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 8d6bab244c4a..fafaef9d4b3a 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -524,6 +524,9 @@ void br_dev_setup(struct net_device *dev) br->bridge_hello_time = br->hello_time = 2 * HZ; br->bridge_forward_delay = br->forward_delay = 15 * HZ; br->bridge_ageing_time = br->ageing_time = BR_DEFAULT_AGEING_TIME; + br_opt_toggle(br, BROPT_FLOOD, true); + br_opt_toggle(br, BROPT_MCAST_FLOOD, true); + br_opt_toggle(br, BROPT_BCAST_FLOOD, true); dev->max_mtu = ETH_MAX_MTU; br_netfilter_rtable_init(br); diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index e0c13fcc50ed..fcb0757bfdcc 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -109,11 +109,12 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb /* by definition the broadcast is also a multicast address */ if (is_broadcast_ether_addr(eth_hdr(skb)->h_dest)) { pkt_type = BR_PKT_BROADCAST; - local_rcv = true; + local_rcv = true && br_opt_get(br, BROPT_BCAST_FLOOD); } else { pkt_type = BR_PKT_MULTICAST; - if (br_multicast_rcv(&brmctx, &pmctx, vlan, skb, vid)) - goto drop; + if (br_opt_get(br, BROPT_MCAST_FLOOD)) + if (br_multicast_rcv(&brmctx, &pmctx, vlan, skb, vid)) + goto drop; } } @@ -155,9 +156,13 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb local_rcv = true; br->dev->stats.multicast++; } + if (!br_opt_get(br, BROPT_MCAST_FLOOD)) + local_rcv = false; break; case BR_PKT_UNICAST: dst = br_fdb_find_rcu(br, eth_hdr(skb)->h_dest, vid); + if (!br_opt_get(br, BROPT_FLOOD)) + local_rcv = false; break; default: break; @@ -166,7 +171,7 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb if (dst) { unsigned long now = jiffies; - if (test_bit(BR_FDB_LOCAL, &dst->flags)) + if (test_bit(BR_FDB_LOCAL, &dst->flags) && local_rcv) return br_pass_frame_up(skb); if (now != dst->used) @@ -190,6 +195,16 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb } EXPORT_SYMBOL_GPL(br_handle_frame_finish); +bool br_flood_enabled(const struct net_device *dev) +{ + struct net_bridge *br = netdev_priv(dev); + + return !!(br_opt_get(br, BROPT_FLOOD) || + br_opt_get(br, BROPT_MCAST_FLOOD) || + br_opt_get(br, BROPT_BCAST_FLOOD)); +} +EXPORT_SYMBOL_GPL(br_flood_enabled); + static void __br_handle_local_finish(struct sk_buff *skb) { struct net_bridge_port *p = br_port_get_rcu(skb->dev); diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 48bc61ebc211..cf88dce0b92b 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -445,6 +445,9 @@ enum net_bridge_opts { BROPT_NO_LL_LEARN, BROPT_VLAN_BRIDGE_BINDING, BROPT_MCAST_VLAN_SNOOPING_ENABLED, + BROPT_FLOOD, + BROPT_MCAST_FLOOD, + BROPT_BCAST_FLOOD, }; struct net_bridge { @@ -720,6 +723,7 @@ int br_boolopt_multi_toggle(struct net_bridge *br, void br_boolopt_multi_get(const struct net_bridge *br, struct br_boolopt_multi *bm); void br_opt_toggle(struct net_bridge *br, enum net_bridge_opts opt, bool on); +int br_flood_toggle(struct net_bridge *br, enum br_boolopt_id opt, bool on); /* br_device.c */ void br_dev_setup(struct net_device *dev); From patchwork Thu Mar 17 06:50:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mattias Forsblad X-Patchwork-Id: 12783590 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0BB22C433EF for ; Thu, 17 Mar 2022 06:50:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229974AbiCQGwE (ORCPT ); Thu, 17 Mar 2022 02:52:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47646 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229927AbiCQGwB (ORCPT ); Thu, 17 Mar 2022 02:52:01 -0400 Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45049ABF4C for ; Wed, 16 Mar 2022 23:50:44 -0700 (PDT) Received: by mail-lf1-x12f.google.com with SMTP id bu29so7511971lfb.0 for ; Wed, 16 Mar 2022 23:50:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=lCUc36wMLGuTup0uWW9rIeQHoFjF/vJZIzoTIUj4pLY=; b=TCeYZQm9mvMs8RlgpBcWoDGcUQghqpW71PRAx8GNfUpEIFj+ZM6oHCgu/kKzL5RvCj IJ6EI2l7GWPGRsEN1+M46xcP5NMWvwAW2CujEHdmLdCoquT+AKfWHm7J7BeOFALdfew+ qOTG8cy//RFoW/Kd8H8fSDT9by8/qdbrp5m2BHc7MyBH7y5ewkzAveK3pKM221PE+RIR IkbYS5FhI0v5b89Qq3tP2HpwcGgcipgF3Rj+V7lTiPt/PzfkdmCeWfogrY2XbQNeitmt 8vDSzB2baxUdMad82z9lgvQKxopYJscCNPSk8Yf3SaGhSnon0/sq5riwcWX91Sjetql5 T1kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lCUc36wMLGuTup0uWW9rIeQHoFjF/vJZIzoTIUj4pLY=; b=6mFAT6D6I7pvX961g+YGRB2dGGiUPTRe2cNQLDHFFyd8YlVXSJ5AxwmeTQKnpT/0U+ nV/PT68NQFTgSedSOtljocUPDlY1VSj+MkxKonhQVk20fPjxL3TpNPn1dnmuqB95/50T FSiQFSZK5Xkabbkn9dJY3/U8Fi/XYjNB67NLfM3jXrMGYZ1qO7oyIHBoZIAEpy68kZsu DFvaXnIzLpltcdr5q5E/vanT8H4mMvGcscjTu165ryF4Pbe7sAtzfequ2/iqmmUT5vSd jf8FReVQYWw6M+qHEZm9+kyKerx8Cxy39J+f/FJKW9UcitXQV7YIUtNATMQIoaL/A/ma 4CRw== X-Gm-Message-State: AOAM531MQhQ6oumed4NJApirrfl/nokTXnQTTUBRkpvLo10RKmy3R8zX 8qJmSTOWtv+W3eOxJ3WWQbiFEX6gUQyvAxR1 X-Google-Smtp-Source: ABdhPJzPgkQqyOiJ+IXcdQ6EWVX9KIunc3EMw20GUUmk7NrKISkKhLzn5HJ9kN1X7yEK4qYE/ExRjA== X-Received: by 2002:a05:6512:3e0c:b0:448:3480:1fe5 with SMTP id i12-20020a0565123e0c00b0044834801fe5mr2049249lfv.358.1647499842471; Wed, 16 Mar 2022 23:50:42 -0700 (PDT) Received: from wse-c0089.raspi.local (h-98-128-237-157.A259.priv.bahnhof.se. [98.128.237.157]) by smtp.gmail.com with ESMTPSA id l25-20020ac25559000000b0044825a2539csm362215lfk.59.2022.03.16.23.50.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 23:50:41 -0700 (PDT) From: Mattias Forsblad To: netdev@vger.kernel.org Cc: "David S . Miller" , Jakub Kicinski , Andrew Lunn , Florian Fainelli , Vivien Didelot , Roopa Prabhu , Tobias Waldekranz , Mattias Forsblad Subject: [PATCH 3/5] dsa: Handle the flood flag in the DSA layer. Date: Thu, 17 Mar 2022 07:50:29 +0100 Message-Id: <20220317065031.3830481-4-mattias.forsblad@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220317065031.3830481-1-mattias.forsblad@gmail.com> References: <20220317065031.3830481-1-mattias.forsblad@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Add infrastructure to be able to handle the flood flag in the DSA layer. Signed-off-by: Mattias Forsblad --- include/net/dsa.h | 7 +++++++ net/dsa/dsa_priv.h | 2 ++ net/dsa/slave.c | 18 ++++++++++++++++++ 3 files changed, 27 insertions(+) diff --git a/include/net/dsa.h b/include/net/dsa.h index 9bfe984fcdbf..fcb47dc832e1 100644 --- a/include/net/dsa.h +++ b/include/net/dsa.h @@ -939,6 +939,13 @@ struct dsa_switch_ops { void (*get_regs)(struct dsa_switch *ds, int port, struct ethtool_regs *regs, void *p); + /* + * Local receive + */ + int (*set_flood)(struct dsa_switch *ds, int port, + struct net_device *bridge, unsigned long mask, + unsigned long val); + /* * Upper device tracking. */ diff --git a/net/dsa/dsa_priv.h b/net/dsa/dsa_priv.h index f20bdd8ea0a8..ca3ea320c8eb 100644 --- a/net/dsa/dsa_priv.h +++ b/net/dsa/dsa_priv.h @@ -234,6 +234,8 @@ int dsa_port_vlan_filtering(struct dsa_port *dp, bool vlan_filtering, struct netlink_ext_ack *extack); bool dsa_port_skip_vlan_configuration(struct dsa_port *dp); int dsa_port_ageing_time(struct dsa_port *dp, clock_t ageing_clock); +int dsa_port_set_flood(struct dsa_port *dp, struct net_device *br, unsigned long mask, + unsigned long val); int dsa_port_mtu_change(struct dsa_port *dp, int new_mtu, bool targeted_match); int dsa_port_fdb_add(struct dsa_port *dp, const unsigned char *addr, diff --git a/net/dsa/slave.c b/net/dsa/slave.c index d24b6bf845c1..f3d780e2b42b 100644 --- a/net/dsa/slave.c +++ b/net/dsa/slave.c @@ -458,6 +458,13 @@ static int dsa_slave_port_attr_set(struct net_device *dev, const void *ctx, ret = dsa_port_vlan_filtering(dp, attr->u.vlan_filtering, extack); break; + case SWITCHDEV_ATTR_ID_BRIDGE_FLOOD: + if (!dsa_port_offloads_bridge_dev(dp, attr->orig_dev)) + return -EOPNOTSUPP; + + ret = dsa_port_set_flood(dp, attr->orig_dev, attr->u.brport_flags.mask, + attr->u.brport_flags.val); + break; case SWITCHDEV_ATTR_ID_BRIDGE_AGEING_TIME: if (!dsa_port_offloads_bridge_dev(dp, attr->orig_dev)) return -EOPNOTSUPP; @@ -834,6 +841,17 @@ dsa_slave_get_regs(struct net_device *dev, struct ethtool_regs *regs, void *_p) ds->ops->get_regs(ds, dp->index, regs, _p); } +int dsa_port_set_flood(struct dsa_port *dp, struct net_device *br, unsigned long mask, + unsigned long val) +{ + struct dsa_switch *ds = dp->ds; + + if (ds->ops->set_flood) + return ds->ops->set_flood(ds, dp->index, br, mask, val); + + return 0; +} + static int dsa_slave_nway_reset(struct net_device *dev) { struct dsa_port *dp = dsa_slave_to_port(dev); From patchwork Thu Mar 17 06:50:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mattias Forsblad X-Patchwork-Id: 12783591 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22675C433FE for ; Thu, 17 Mar 2022 06:50:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230013AbiCQGwF (ORCPT ); Thu, 17 Mar 2022 02:52:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229961AbiCQGwB (ORCPT ); Thu, 17 Mar 2022 02:52:01 -0400 Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 598ABABF49 for ; Wed, 16 Mar 2022 23:50:45 -0700 (PDT) Received: by mail-lj1-x22f.google.com with SMTP id bn33so6009411ljb.6 for ; Wed, 16 Mar 2022 23:50:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=BhW5SBNBTPctrelIzld1iwNsFgR0rLG9u9qtdpPA1+I=; b=FpZ6XcG09qFtWy5BzGJky+7dKtAoomHFiOgkSFCqMKisiNz/8MMb9tiyLrjNXFRgeC KJ569QKgC9TaqYZ8txeBqBZ+9cVAfp3KjeJaOBO2jAt891s6avwE54IKtDjYMP8UPV/C iB8qp9O/cD0orC2LgO9NgzkI58RmpuGgZA3oOFKel3DKfKMnjouqErt6w/CZTgX0M2x5 1zDpGn/115jgMHWqOZ8RD0q4mj9xwPbzyzjAGucYHeM0XsABDDOktg1LJId1pNWeW1pT mxp2pFZLPmLoaJfnCbs41JJ8TTPR4EJbfMLlNn9jDUxpKIzjxZPdcOCsZwE/B6uL1KMF zLrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BhW5SBNBTPctrelIzld1iwNsFgR0rLG9u9qtdpPA1+I=; b=LWuGYyEttTmQ3te5UgQsqzg8oE7DBlLratxtsPkSeje7/YD32fhxHZxhHIQD2Iq/2L UTTUs0XRfQZLot7RGCVTAIBZs8sdWtWmzCDvmqz8H+Rf4xtpXz/m8rTMl1xvmGVa64Ga KBEfrpmBj8b4QtbT8Ms8IfEpXoLuaVWyiUeVRGR43UzynXcEBZW4i1UNbfTNfUobjptA q8inTFCYDsmxYWL2DjPNhOAtKWh0FRnF3jNSpBb/yp4UiVBgQP1wUzpH5d49TmqC6f0H UjFfI5jpE3c5DzCi2axYPXZbpY//OfQk41HUptAX4xQPBOJ/g2GGhEyO035O/Uh9M0i/ SO/g== X-Gm-Message-State: AOAM533sy5JO6oBVBxxHoMQern6ry0Que5nOfCBXBeqt+byyzQIAhCOg LRikTLqdAv6/E3cDSIJ855/sNkBcHsahwRe2 X-Google-Smtp-Source: ABdhPJwFmI0org6dsLCB3WhSk3/Vq7cmvBrhgwFseN5U0rS8eZol2Giu9ick8e5AZ9TLa/iy1bh6Yw== X-Received: by 2002:a05:651c:1541:b0:248:de2a:862d with SMTP id y1-20020a05651c154100b00248de2a862dmr2132848ljp.10.1647499843468; Wed, 16 Mar 2022 23:50:43 -0700 (PDT) Received: from wse-c0089.raspi.local (h-98-128-237-157.A259.priv.bahnhof.se. [98.128.237.157]) by smtp.gmail.com with ESMTPSA id l25-20020ac25559000000b0044825a2539csm362215lfk.59.2022.03.16.23.50.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 23:50:42 -0700 (PDT) From: Mattias Forsblad To: netdev@vger.kernel.org Cc: "David S . Miller" , Jakub Kicinski , Andrew Lunn , Florian Fainelli , Vivien Didelot , Roopa Prabhu , Tobias Waldekranz , Mattias Forsblad Subject: [PATCH 4/5] mv88e6xxx: Offload the flood flag Date: Thu, 17 Mar 2022 07:50:30 +0100 Message-Id: <20220317065031.3830481-5-mattias.forsblad@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220317065031.3830481-1-mattias.forsblad@gmail.com> References: <20220317065031.3830481-1-mattias.forsblad@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Use the port vlan table to restrict ingressing traffic to the CPU port if the flood flags are cleared. Signed-off-by: Mattias Forsblad --- drivers/net/dsa/mv88e6xxx/chip.c | 45 ++++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 84b90fc36c58..39347a05c3a5 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -1384,6 +1384,7 @@ static u16 mv88e6xxx_port_vlan(struct mv88e6xxx_chip *chip, int dev, int port) struct dsa_switch *ds = chip->ds; struct dsa_switch_tree *dst = ds->dst; struct dsa_port *dp, *other_dp; + bool flood = true; bool found = false; u16 pvlan; @@ -1425,6 +1426,9 @@ static u16 mv88e6xxx_port_vlan(struct mv88e6xxx_chip *chip, int dev, int port) pvlan = 0; + if (dp->bridge) + flood = br_flood_enabled(dp->bridge->dev); + /* Frames from standalone user ports can only egress on the * upstream port. */ @@ -1433,10 +1437,11 @@ static u16 mv88e6xxx_port_vlan(struct mv88e6xxx_chip *chip, int dev, int port) /* Frames from bridged user ports can egress any local DSA * links and CPU ports, as well as any local member of their - * bridge group. + * as well as any local member of their bridge group. However, CPU ports + * are omitted if flood is cleared. */ dsa_switch_for_each_port(other_dp, ds) - if (other_dp->type == DSA_PORT_TYPE_CPU || + if ((other_dp->type == DSA_PORT_TYPE_CPU && flood) || other_dp->type == DSA_PORT_TYPE_DSA || dsa_port_bridge_same(dp, other_dp)) pvlan |= BIT(other_dp->index); @@ -2718,6 +2723,41 @@ static void mv88e6xxx_crosschip_bridge_leave(struct dsa_switch *ds, mv88e6xxx_reg_unlock(chip); } +static int mv88e6xxx_set_flood(struct dsa_switch *ds, int port, struct net_device *br, + unsigned long mask, unsigned long val) +{ + struct mv88e6xxx_chip *chip = ds->priv; + struct dsa_bridge *bridge; + struct dsa_port *dp; + bool found = false; + int err; + + if (!netif_is_bridge_master(br)) + return 0; + + list_for_each_entry(dp, &ds->dst->ports, list) { + if (dp->ds == ds && dp->index == port) { + found = true; + break; + } + } + + if (!found) + return 0; + + bridge = dp->bridge; + if (!bridge) + return 0; + + mv88e6xxx_reg_lock(chip); + + err = mv88e6xxx_bridge_map(chip, *bridge); + + mv88e6xxx_reg_unlock(chip); + + return err; +} + static int mv88e6xxx_software_reset(struct mv88e6xxx_chip *chip) { if (chip->info->ops->reset) @@ -6478,6 +6518,7 @@ static const struct dsa_switch_ops mv88e6xxx_switch_ops = { .set_eeprom = mv88e6xxx_set_eeprom, .get_regs_len = mv88e6xxx_get_regs_len, .get_regs = mv88e6xxx_get_regs, + .set_flood = mv88e6xxx_set_flood, .get_rxnfc = mv88e6xxx_get_rxnfc, .set_rxnfc = mv88e6xxx_set_rxnfc, .set_ageing_time = mv88e6xxx_set_ageing_time, From patchwork Thu Mar 17 06:50:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mattias Forsblad X-Patchwork-Id: 12783592 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC993C433EF for ; Thu, 17 Mar 2022 06:51:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230079AbiCQGwO (ORCPT ); Thu, 17 Mar 2022 02:52:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229968AbiCQGwE (ORCPT ); Thu, 17 Mar 2022 02:52:04 -0400 Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD301DFD5D for ; Wed, 16 Mar 2022 23:50:46 -0700 (PDT) Received: by mail-lf1-x129.google.com with SMTP id t25so7407507lfg.7 for ; Wed, 16 Mar 2022 23:50:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5BQ/V8CPJ+RYXBNXY3dT0PtjCSslwMLQ/gsT556KJdE=; b=SJGpWAPq+CP/uDdIdMqT0zq5YY01cLpwOkCuiKB+0dWmiqEOIkAqM7qMBSVYVK2Gh5 aCU6e5mbvDTfo7tryt80xvRQazkHCKQgQiNJYfyF333Pp2r1971X0Y2przm9Ydb0Ome2 P6lAz4W/F0kPK3VBpfk1N65p6m/awjfQ7NECyvPgWkK0WMv0Bx1uVNklfM/QQupHfywu 9hX3GodMPcPbddWiBZ9GQllAOKoXEsfxzcVuCVbBxeFGrYq4hF9phczqVkqzg191ePDB 63fr0CXZdfeE4Gh+xqthW588Tyb7hKkR/M1ywWubw1N9/7QffLBio2rtdZQI3VRDZNFs MKKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5BQ/V8CPJ+RYXBNXY3dT0PtjCSslwMLQ/gsT556KJdE=; b=WWnbdffm7rr592Km44KB19e+W1Ua+8LSy2Lll+eN3AZfAb36vIl0n+7WEwQIILIUv5 64YbRcWzqS9k11F1fZOUvp5igYK2Bb/CN5QWT05QqWGslwFUobou37Hkv2PKelxi4rdd HmWkdP3RMNjWUfGPwzuxjQjE5sEqNclPcqywV84V/AImqSYU5vqP9obuMTXDk+/pe51z b9wwZK0BgpYGdY09cx7Tx2SJfFoE/nRcW0bvFggVwJd+78Fa6fbutD1bvRvbvgyTc1gx LupsJNKvSOXmDqJq0ii8InuZ5zBHXP7/CjXUdFDixnXP1+6Vzfi+5DRMzyUGvvWF4r/7 8AGA== X-Gm-Message-State: AOAM530/bmMq0MdsX6Vx1p1306PtyKvSYrIBzsPgSsqKvwyUPGJfkbMT 3eHXcQLMqt5hLe9LxTn+0zgL7nY4m3afm9hI X-Google-Smtp-Source: ABdhPJw00BrdyeQose4+vpQXwzMPItoX/cmUP3HmwmQWx4lYHTvOoARyfzSoO3ruO1+ca66DU5VUpQ== X-Received: by 2002:a05:6512:1045:b0:448:a174:8a0 with SMTP id c5-20020a056512104500b00448a17408a0mr1991466lfb.255.1647499844749; Wed, 16 Mar 2022 23:50:44 -0700 (PDT) Received: from wse-c0089.raspi.local (h-98-128-237-157.A259.priv.bahnhof.se. [98.128.237.157]) by smtp.gmail.com with ESMTPSA id l25-20020ac25559000000b0044825a2539csm362215lfk.59.2022.03.16.23.50.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 23:50:43 -0700 (PDT) From: Mattias Forsblad To: netdev@vger.kernel.org Cc: "David S . Miller" , Jakub Kicinski , Andrew Lunn , Florian Fainelli , Vivien Didelot , Roopa Prabhu , Tobias Waldekranz , Mattias Forsblad Subject: [PATCH 5/5] selftest: Add bridge flood flag tests Date: Thu, 17 Mar 2022 07:50:31 +0100 Message-Id: <20220317065031.3830481-6-mattias.forsblad@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220317065031.3830481-1-mattias.forsblad@gmail.com> References: <20220317065031.3830481-1-mattias.forsblad@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Add test to check that the bridge flood flags works correctly. When the bridge flag {flood,mcast_flood,bcast_flood} are cleared no packets of the corresponding type should be flooded to the bridge. Signed-off-by: Mattias Forsblad --- .../testing/selftests/net/forwarding/Makefile | 1 + .../selftests/net/forwarding/bridge_flood.sh | 169 ++++++++++++++++++ tools/testing/selftests/net/forwarding/lib.sh | 8 + 3 files changed, 178 insertions(+) create mode 100755 tools/testing/selftests/net/forwarding/bridge_flood.sh diff --git a/tools/testing/selftests/net/forwarding/Makefile b/tools/testing/selftests/net/forwarding/Makefile index 8fa97ae9af9e..24ca6a333edd 100644 --- a/tools/testing/selftests/net/forwarding/Makefile +++ b/tools/testing/selftests/net/forwarding/Makefile @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0+ OR MIT TEST_PROGS = bridge_igmp.sh \ + bridge_flood.sh \ bridge_locked_port.sh \ bridge_port_isolation.sh \ bridge_sticky_fdb.sh \ diff --git a/tools/testing/selftests/net/forwarding/bridge_flood.sh b/tools/testing/selftests/net/forwarding/bridge_flood.sh new file mode 100755 index 000000000000..ea3e7da139aa --- /dev/null +++ b/tools/testing/selftests/net/forwarding/bridge_flood.sh @@ -0,0 +1,169 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +ALL_TESTS="ping_test bridge_flood" +NUM_NETIFS=4 +CHECK_TC="no" +source lib.sh +bridge=br3 + +h1_create() +{ + simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64 +} + +h1_destroy() +{ + simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64 +} + +h2_create() +{ + simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64 +} + +h2_destroy() +{ + simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64 +} + +switch_create() +{ + ip link add dev $bridge type bridge + + ip link set dev $swp1 master $bridge + ip link set dev $swp2 master $bridge + ip link set dev $swp1 type bridge_slave learning off + ip link set dev $swp2 type bridge_slave learning off + + ip link set dev $bridge type bridge flood 0 mcast_flood 0 bcast_flood 0 + check_err $? "Can't set bridge flooding off on $bridge" + + ip link set dev $bridge up + ip link set dev $bridge promisc on + ip link set dev $swp1 up + ip link set dev $swp2 up +} + +switch_destroy() +{ + ip link set dev $swp2 down + ip link set dev $swp1 down + + ip link del dev $bridge +} + +setup_prepare() +{ + h1=${NETIFS[p1]} + swp1=${NETIFS[p2]} + + swp2=${NETIFS[p3]} + h2=${NETIFS[p4]} + + vrf_prepare + + h1_create + h2_create + + switch_create +} + +ping_test() +{ + echo "Check connectivity /w ping" + ping_do $h1 192.0.2.2 + check_err $? "ping fail" + log_test "ping test" +} + +cleanup() +{ + pre_cleanup + + switch_destroy + + h2_destroy + h1_destroy + + vrf_cleanup +} + +bridge_flood_test_do() +{ + local should_flood=$1 + local mac=$2 + local ip=$3 + local host1_if=$4 + local err=0 + local vrf_name + + + # Add an ACL on `host2_if` which will tell us whether the packet + # was flooded to it or not. + tc qdisc add dev $bridge ingress + tc filter add dev $bridge ingress protocol ip pref 1 handle 101 \ + flower dst_mac $mac action drop + + vrf_name=$(master_name_get $host1_if) + ip vrf exec $vrf_name \ + $MZ $host1_if -c 1 -p 64 -b $mac -B $ip -t ip -q + sleep 1 + + tc -j -s filter show dev $bridge ingress \ + | jq -e ".[] | select(.options.handle == 101) \ + | select(.options.actions[0].stats.packets == 1)" &> /dev/null + if [[ $? -ne 0 && $should_flood == "true" || \ + $? -eq 0 && $should_flood == "false" ]]; then + err=1 + fi + + tc filter del dev $bridge ingress protocol ip pref 1 handle 101 flower + tc qdisc del dev $bridge ingress + + return $err +} + +bridge_flood_test() +{ + local mac=$1 + local ip=$2 + local flag=$3 + + RET=0 + + ip link set dev $bridge type bridge $flag 0 + + bridge_flood_test_do false $mac $ip $h1 $bridge + check_err $? "Packet flooded when should not" + log_test "Bridge test flag $flag disabled" + + ip link set dev $bridge type bridge $flag 1 + + bridge_flood_test_do true $mac $ip $h1 $bridge + check_err $? "Packet was not flooded when should" + + log_test "Bridge test flag $flag enabled" +} + +bridge_flood() +{ + RET=0 + + check_bridge_flood_support $bridge || return 0 + + bridge_flood_test de:ad:be:ef:13:37 192.0.2.100 flood + + bridge_flood_test 01:00:5e:00:00:01 239.0.0.1 mcast_flood + + bridge_flood_test ff:ff:ff:ff:ff:ff 192.0.2.100 bcast_flood +} + +trap cleanup EXIT + +setup_prepare +setup_wait + +tests_run + +exit $EXIT_STATUS diff --git a/tools/testing/selftests/net/forwarding/lib.sh b/tools/testing/selftests/net/forwarding/lib.sh index 664b9ecaf228..12e69837374e 100644 --- a/tools/testing/selftests/net/forwarding/lib.sh +++ b/tools/testing/selftests/net/forwarding/lib.sh @@ -134,6 +134,14 @@ check_locked_port_support() fi } +check_bridge_flood_support() +{ + if ! ip -d link show dev $1 | grep -q " flood"; then + echo "SKIP: iproute2 too old; Bridge flood feature not supported." + return $ksft_skip + fi +} + if [[ "$(id -u)" -ne 0 ]]; then echo "SKIP: need root privileges" exit $ksft_skip