From patchwork Fri Aug 11 15:13:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Machata X-Patchwork-Id: 13350997 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 112F663B6 for ; Fri, 11 Aug 2023 15:14:37 +0000 (UTC) Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4991B2D7F for ; Fri, 11 Aug 2023 08:14:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AeFbX56yF6tihaq4xCvd2mmwARK4G/zKi2jA5Agc0uh6uVh8Rj3hnk8mHeZTfNW7JUjzYNzv3jigyCqBdm2URDhJYgkLW3A3fTMTNokkZZlfPaOz7uQT0Mc7CCDZy+I36VRe6DqBt132i2RM71djHbhfMzMsCrUafvY4fBMGEoWcwasnpNwasdErpKD0siUZnjwPcosfBw/SC6d81raqmHOaPzD7vgjFuQrsnTGD5GMzEdxr394B3GBKp9g5V+WEPEEmxnMR0IklqRpadlkVMp61OusD8EA8gpVe2O1CrdGHjhcSEgcmN8mFvusdZElRHpeH7q7jhg0WrfBstXqWYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S5gEKgGlkvmds0kF8PjPIPWjacfOz4BrIEjfhqsydrk=; b=Q697blAG5MG2fzBBLLw90NgOxF9AxgWUjhX2wTEBNCrSV5N9Mw9JAEGCY4rUt53704gyjosUk5JSNWPU//cNeuyoNKeuZPQ6gG/kmOEEc9+7XnhJ6KQdl4xCPNvkBmB3TQQ4nsuNhFhOg2V2mMXlTVh14kisk6LoJf83xfWYTRLnoACIBoS/cmy5u1qOT31Stu9YHuEETmZJwGkdWmg7fvTAHAyk10aX6fLrOTyeuzlu5nxdXJhs1vvnFww0XRLE/HEx48qMjrHpVxiof5C0UVVmcsIyqsgiR/zpsfV3mA0g4dIV8+RAJb9knBFjEHnNlntcs39C1OBrk8Mv+ZmcuQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=davemloft.net smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S5gEKgGlkvmds0kF8PjPIPWjacfOz4BrIEjfhqsydrk=; b=EGH6XyFNWAA5x3BhrIb30SYA061Q90sR0TpTlJ4hWBHUmitKxeamceVf99/Z2yAtvJVe4/s/aP40tOrnibHDfoJozqlRgrwnF/B43vUFBi+qwWFxxeO4L8xiOOD1T37oLy/urshO37s/D/A79OhxozMzfWTuuhlAVNlHMaca8NXAvBUAjgwikMcp8L0tB7tjepcrtWEYK07dfgcQr81jpdGARMEKXOq5rIVEqVZ4y26pbwzCV7uNVgJo4kh2pBvcva1d0nHGmOVxJ8WvRMlTf/m8HT67+UYq8Wh9U6BhlY9zCEAdOcO+Tdl7DDYY0WncBLocb3njQoZ4AkichKOBiQ== Received: from CH2PR19CA0003.namprd19.prod.outlook.com (2603:10b6:610:4d::13) by MW4PR12MB6802.namprd12.prod.outlook.com (2603:10b6:303:20f::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.30; Fri, 11 Aug 2023 15:14:33 +0000 Received: from CY4PEPF0000EE39.namprd03.prod.outlook.com (2603:10b6:610:4d:cafe::41) by CH2PR19CA0003.outlook.office365.com (2603:10b6:610:4d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.31 via Frontend Transport; Fri, 11 Aug 2023 15:14:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CY4PEPF0000EE39.mail.protection.outlook.com (10.167.242.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.19 via Frontend Transport; Fri, 11 Aug 2023 15:14:32 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Fri, 11 Aug 2023 08:14:24 -0700 Received: from localhost.localdomain (10.126.231.37) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Fri, 11 Aug 2023 08:14:21 -0700 From: Petr Machata To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , CC: Ido Schimmel , Petr Machata , Subject: [PATCH net-next 1/4] mlxsw: core_acl_flex_actions: Add IGNORE_ACTION Date: Fri, 11 Aug 2023 17:13:55 +0200 Message-ID: <43912efec4eebab2bbe7e24589f258c8f22fa047.1691764353.git.petrm@nvidia.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Originating-IP: [10.126.231.37] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE39:EE_|MW4PR12MB6802:EE_ X-MS-Office365-Filtering-Correlation-Id: 0e406037-1006-4656-9568-08db9a7daab5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3K6P0/BrkKDmEf3D36NOOrm0nPKbAbCThFVON+JagOiXtQhjJpycl6tTFIjtNcuLdVx60tp8Xn51xaXMmatIslE9tRiImp8/+onMz/UXSONJ2OuPRlPufsGiSL3jnzZArSchfYBYYyEJzFOddwy+fGEJcF5dJhGKi63qcxTVXwjb/RUzu3h6b9sZZG9ZUuvkYZtis2zrQza2nGERVE19exG7vwEGAE9PHgYEV2oclJb/Tew/QLjsr1skgnWFkTVUtG2KWfU8N3q7zyAGHcjEb7QOEI1BFU3j/K9DttJBoctpQdsdtGsposKFVkHo0gHZxgbw08tG7PrOFnBxrbTZC4zkL0WZFLxvaUhl0tcLLJe51Tl6Qb/ScwkrsHG35pzr5TSlf9y9VDcfbuWuELhF/jKUy9zAwlyMDKiQpb5sNZ5qk+kKuBue8Mh5m3XM4W50s5sBQoNx0nmhCKxt7UNd3TDZq8LE96LefpsqhJLYXgQ6pfPWGS3xAx6RgSaUP9Rs3CNlJ4Zy5W1+elkJubLVGkZVFKyhjPSzNQeh740MDpvGwEviHabxJu5KBLmiAfMDPrXI8PwpoAUXDNN6Lsj0pai90kWNe7sn9W5Vfj+A8WJO9XurRc8T2UIKBc6BqkdFEhHL6dGxlQjjMeNVW259CD2YR+ngLaVuoB8vLKvrrwBHelh8SJdlsiB6rAJE82sGGsmPduyuxSZBicY0RuZ63AFoc7jrDzQK7Eqv3Vs27tclETKhRz0a2BsS605hcmwB X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230028)(4636009)(346002)(396003)(39860400002)(136003)(376002)(186006)(82310400008)(1800799006)(451199021)(36840700001)(40470700004)(46966006)(6666004)(478600001)(70586007)(4326008)(70206006)(5660300002)(316002)(110136005)(54906003)(41300700001)(107886003)(40460700003)(8936002)(8676002)(26005)(86362001)(82740400003)(336012)(40480700001)(16526019)(36756003)(36860700001)(47076005)(7636003)(356005)(66574015)(83380400001)(2906002)(426003)(2616005);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2023 15:14:32.7267 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0e406037-1006-4656-9568-08db9a7daab5 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE39.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB6802 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org From: Ido Schimmel Add the IGNORE_ACTION which is used to ignore basic switching functions such as learning on a per-packet basis. The action will be prepended to the FORWARDING_ACTION in subsequent patches. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: Petr Machata --- .../mellanox/mlxsw/core_acl_flex_actions.c | 40 +++++++++++++++++++ .../mellanox/mlxsw/core_acl_flex_actions.h | 2 + 2 files changed, 42 insertions(+) diff --git a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c index 9dfe7148199f..faa63ea9b83e 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c +++ b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.c @@ -1887,6 +1887,46 @@ int mlxsw_afa_block_append_fid_set(struct mlxsw_afa_block *block, u16 fid, } EXPORT_SYMBOL(mlxsw_afa_block_append_fid_set); +/* Ignore Action + * ------------- + * The ignore action is used to ignore basic switching functions such as + * learning on a per-packet basis. + */ + +#define MLXSW_AFA_IGNORE_CODE 0x0F +#define MLXSW_AFA_IGNORE_SIZE 1 + +/* afa_ignore_disable_learning + * Disable learning on ingress. + */ +MLXSW_ITEM32(afa, ignore, disable_learning, 0x00, 29, 1); + +/* afa_ignore_disable_security + * Disable security lookup on ingress. + * Reserved when Spectrum-1. + */ +MLXSW_ITEM32(afa, ignore, disable_security, 0x00, 28, 1); + +static void mlxsw_afa_ignore_pack(char *payload, bool disable_learning, + bool disable_security) +{ + mlxsw_afa_ignore_disable_learning_set(payload, disable_learning); + mlxsw_afa_ignore_disable_security_set(payload, disable_security); +} + +int mlxsw_afa_block_append_ignore(struct mlxsw_afa_block *block, + bool disable_learning, bool disable_security) +{ + char *act = mlxsw_afa_block_append_action(block, MLXSW_AFA_IGNORE_CODE, + MLXSW_AFA_IGNORE_SIZE); + + if (IS_ERR(act)) + return PTR_ERR(act); + mlxsw_afa_ignore_pack(act, disable_learning, disable_security); + return 0; +} +EXPORT_SYMBOL(mlxsw_afa_block_append_ignore); + /* MC Routing Action * ----------------- * The Multicast router action. Can be used by RMFT_V2 - Router Multicast diff --git a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.h b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.h index db58037be46e..0ead3a212de8 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.h +++ b/drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_actions.h @@ -89,6 +89,8 @@ int mlxsw_afa_block_append_counter(struct mlxsw_afa_block *block, struct netlink_ext_ack *extack); int mlxsw_afa_block_append_fid_set(struct mlxsw_afa_block *block, u16 fid, struct netlink_ext_ack *extack); +int mlxsw_afa_block_append_ignore(struct mlxsw_afa_block *block, + bool disable_learning, bool disable_security); int mlxsw_afa_block_append_mcrouter(struct mlxsw_afa_block *block, u16 expected_irif, u16 min_mtu, bool rmid_valid, u32 kvdl_index); From patchwork Fri Aug 11 15:13:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Machata X-Patchwork-Id: 13350998 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B85C263B6 for ; Fri, 11 Aug 2023 15:14:45 +0000 (UTC) Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2085.outbound.protection.outlook.com [40.107.220.85]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F25230CF for ; Fri, 11 Aug 2023 08:14:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Um++wYZYyF3bpqsemA9RwhkUlgJbHJgUPzBg7kviJ2WOkGHLfe6TkuMzdbwKcjY4uazBBeiYvW9joXMSOMdKAIylZKvyXshOSFFe8idbuWV8jSqsCyd1TUiSJOP9vUStliJsiTqX73pTjb93bkn3tg3rt/1PwIscRRzWL1kHleadYuoNGR/7mSx7v4vyCqyG4Kf0cXCd4RnHy/OwR/A38eAwWfxQzKI7VfOWDE/W0+TKWCPE0RL7Tr/JadZB8g8VDQ/2hnxZAbS6CT1Hm+YvNDdrB9mA1LYY/EmJkYG+vGa0/CFhtgOdtw3dpy+hJDOvgXcVrSTJgzMSgZKshz2CaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W4wvp/z5fRV51d2LRCBMAZDdrYVZJ/DVy06iM5GphYY=; b=XGjiTCg0aCirNKVnhHK+tZQcSX4PhW1VNWDVFWfuroqISRFFZyRVBkeJV1zN4zFLcjOgvxnr/GfE+zrbBYGVlk9PY8/HABUOx3lIy8y6/ikAI2ldcWi29nPMBzBCgvUuCkk8cA8wf1iuM4bgwd8QXdOG1yH4Ob3cauY7AiMCWcaCb94oTwYljIuK7pQKjGxjANC0cSBtYTWe7IPlwahTnDnDnVSA8JzRettHAqdhJWRohONgAcqWc3MkzmOzRbCvbb8hBLqhQ2yBj35sXlJWIVGrLiO+5fMkVkDve2vqhQJ5TSLiJoQ/Y8DeuidIOHfs5yJZft3x2Hn3P/mGlvlwlw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=davemloft.net smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W4wvp/z5fRV51d2LRCBMAZDdrYVZJ/DVy06iM5GphYY=; b=I9IdARZl18NzTFNSIgVkZoIW1OuaH9LnqB6o1mF6A5uBxOR5lOwpviAk7i4Jb5Bg8Zd0s9vehcKZ/wa58QSGlZsX1b0Hogk92/RrCElkD45VDnzGBFXv78MSjgTMmTmpTkrrlf9njy3w0KgOrQVbfUZNsQyKh+MkuoHk3BgwZWDZIg461NoYdz5u6U20ijuqNmoRRh4lpKwCW6SP8imEn7jvewVxWjlVnAiYE3qhHZOUwkADv0mlSp0ByY1FXEOGaVCjJjPbtH4qwyi90OxBG+6qf6fGFi1wmE1tatZC7lKFnK52/rV/JWba0Ka8a8Hm4UFI0szQuM2mLrfna6JNMw== Received: from DS7PR03CA0079.namprd03.prod.outlook.com (2603:10b6:5:3bb::24) by BY5PR12MB4259.namprd12.prod.outlook.com (2603:10b6:a03:202::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.20; Fri, 11 Aug 2023 15:14:42 +0000 Received: from CY4PEPF0000EE3E.namprd03.prod.outlook.com (2603:10b6:5:3bb:cafe::e4) by DS7PR03CA0079.outlook.office365.com (2603:10b6:5:3bb::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.31 via Frontend Transport; Fri, 11 Aug 2023 15:14:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CY4PEPF0000EE3E.mail.protection.outlook.com (10.167.242.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.19 via Frontend Transport; Fri, 11 Aug 2023 15:14:41 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Fri, 11 Aug 2023 08:14:28 -0700 Received: from localhost.localdomain (10.126.231.37) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Fri, 11 Aug 2023 08:14:25 -0700 From: Petr Machata To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , CC: Ido Schimmel , Petr Machata , Subject: [PATCH net-next 2/4] mlxsw: spectrum_flower: Disable learning and security lookup when redirecting Date: Fri, 11 Aug 2023 17:13:56 +0200 Message-ID: <25a88ee9e0a1d9bd9d3a78376f3b6ff02bd53bce.1691764353.git.petrm@nvidia.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Originating-IP: [10.126.231.37] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE3E:EE_|BY5PR12MB4259:EE_ X-MS-Office365-Filtering-Correlation-Id: 6b2143b7-82ce-4d3a-9a73-08db9a7dafbc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: GTIAAGGmSCaeBvkIq7tMjoUxbB1mwjKRVM9UT1KiSFTjEKmuP32n4yq9VYMDzUhWp7wMl4uSV7h3j8h2kq4v5ms8Ts9oevpQi7QFI1A7yHtDABR5/b+KifpdEwHHbhtXUJRs++S90QpN5nOTPCYJQEKPWjXhs39FJvV9qxB2sfp+BfK//jw9I2mmGm2aDq5YvhUPImc+zf0gVHqE04Q29LAgOGe1K4DWCII+xOEKLE5Za9OJz07Bqk/FJd1z3i8wEt4A+rUlwOXaJdZgmyS0c0M0DZmsWi+RYbqJ2Kmquua2w4IAEd72RPpH1MfzQq0HUq4nT9bWWIthM6TmQNvOLNNzXlkyopYdE2fXApgDfJa7VK9EMcY4TDHFjtZPzeGdI0Wa+08rh8bD0N5rmqd/OucAzh3ZmDrRoH4baTEVDKY5LHA4GTU85GHckefy6IQeHvEuGWT3rbYHTtia5vmSR59qowuM8fb9WtUx2aImd5/TMVYm1UyaPzgdzLiTPTAJ1AixnJ9opRfH2/T0P1DMm1gFTONBO41GuRkQq2Pwj1euUZehfRjcEnv/t5wGW1LphJxWrXsI4y4Y+lw3yZXE8AlCj4UEdsdynYYoAc6vDkV6sKElPujjdyWq6buR5dayPTVXtKPCFANhcMDRTShWYWKxCBxeswzTEgaGUPE/dhgrDmsg7ikT7RiyewUS3DsrmeGKo3/szqBLYUOw9yYd4m2gNPedKuHIgmB1UgOVy7xLNCtZ+C8iKqFlll7NlIW6 X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230028)(4636009)(346002)(136003)(396003)(39860400002)(376002)(186006)(1800799006)(82310400008)(451199021)(36840700001)(40470700004)(46966006)(40460700003)(36756003)(86362001)(40480700001)(356005)(82740400003)(7636003)(36860700001)(107886003)(16526019)(26005)(83380400001)(47076005)(2616005)(336012)(478600001)(110136005)(426003)(54906003)(6666004)(4326008)(70206006)(316002)(41300700001)(8936002)(8676002)(15650500001)(2906002)(5660300002)(70586007);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2023 15:14:41.1613 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6b2143b7-82ce-4d3a-9a73-08db9a7dafbc X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE3E.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4259 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org From: Ido Schimmel It is possible to add a filter that redirects traffic from the ingress of a bridge port that is locked (i.e., performs security / SMAC lookup) and has learning enabled. For example: # ip link add name br0 type bridge # ip link set dev swp1 master br0 # bridge link set dev swp1 learning on locked on mab on # tc qdisc add dev swp1 clsact # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw src_ip 192.0.2.1 action mirred egress redirect dev swp2 In the kernel's Rx path, this filter is evaluated before the Rx handler of the bridge, which means that redirected traffic should not be affected by bridge port configuration such as learning. However, the hardware data path is a bit different and the redirect action (FORWARDING_ACTION in hardware) merely attaches a pointer to the packet, which is later used by the L2 lookup stage to understand how to forward the packet. Between both stages - ingress ACL and L2 lookup - learning and security lookup are performed, which means that redirected traffic is affected by bridge port configuration, unlike in the kernel's data path. The learning discrepancy was handled in commit 577fa14d2100 ("mlxsw: spectrum: Do not process learned records with a dummy FID") by simply ignoring learning notifications generated by the redirected traffic. A similar solution is not possible for the security / SMAC lookup since - unlike learning - the CPU is not involved and packets that failed the lookup are dropped by the device. Instead, solve this by prepending the ignore action to the redirect action and use it to instruct the device to disable both learning and the security / SMAC lookup for redirected traffic. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: Petr Machata --- drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 3 +++ drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | 9 +++++++++ drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 10 ++++++++++ 3 files changed, 22 insertions(+) diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.h b/drivers/net/ethernet/mellanox/mlxsw/spectrum.h index 8da7bb04fc3a..2fed55bcfd63 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.h +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.h @@ -1050,6 +1050,9 @@ int mlxsw_sp_acl_rulei_act_count(struct mlxsw_sp *mlxsw_sp, int mlxsw_sp_acl_rulei_act_fid_set(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_rule_info *rulei, u16 fid, struct netlink_ext_ack *extack); +int mlxsw_sp_acl_rulei_act_ignore(struct mlxsw_sp *mlxsw_sp, + struct mlxsw_sp_acl_rule_info *rulei, + bool disable_learning, bool disable_security); int mlxsw_sp_acl_rulei_act_sample(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_rule_info *rulei, struct mlxsw_sp_flow_block *block, diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c index 186161a3459d..7c59c8a13584 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c @@ -775,6 +775,15 @@ int mlxsw_sp_acl_rulei_act_fid_set(struct mlxsw_sp *mlxsw_sp, return mlxsw_afa_block_append_fid_set(rulei->act_block, fid, extack); } +int mlxsw_sp_acl_rulei_act_ignore(struct mlxsw_sp *mlxsw_sp, + struct mlxsw_sp_acl_rule_info *rulei, + bool disable_learning, bool disable_security) +{ + return mlxsw_afa_block_append_ignore(rulei->act_block, + disable_learning, + disable_security); +} + int mlxsw_sp_acl_rulei_act_sample(struct mlxsw_sp *mlxsw_sp, struct mlxsw_sp_acl_rule_info *rulei, struct mlxsw_sp_flow_block *block, diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c index af3f57d017ec..9fd1ca079258 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c @@ -160,6 +160,16 @@ static int mlxsw_sp_flower_parse_actions(struct mlxsw_sp *mlxsw_sp, */ rulei->egress_bind_blocker = 1; + /* Ignore learning and security lookup as redirection + * using ingress filters happens before the bridge. + */ + err = mlxsw_sp_acl_rulei_act_ignore(mlxsw_sp, rulei, + true, true); + if (err) { + NL_SET_ERR_MSG_MOD(extack, "Cannot append ignore action"); + return err; + } + fid = mlxsw_sp_acl_dummy_fid(mlxsw_sp); fid_index = mlxsw_sp_fid_index(fid); err = mlxsw_sp_acl_rulei_act_fid_set(mlxsw_sp, rulei, From patchwork Fri Aug 11 15:13:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Machata X-Patchwork-Id: 13350999 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5FA91749D for ; Fri, 11 Aug 2023 15:15:09 +0000 (UTC) Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2062.outbound.protection.outlook.com [40.107.100.62]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4619C30DA for ; Fri, 11 Aug 2023 08:15:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ic0o+o+tY8AcKPlmxf5mDlOjkcFgtCowJ9qL5BiYSrH9MCCWQcMwZeLUpGpov4o4/INtWLKyqhMQ17dzJtfRYRAurJ8mGIVshYEDPuDtwwfFDmcKB/OJKPZd1MiNw57ySTs16Gb3anf8zee3uoyvv80Xl8c8uZ5olJTUJcB3y2yNW3rGQIAtHwM4f+Rg3HXdvDbIRSFnOXQTYX4VLzJoMVsSA38o7Rjq9lpAFFShJfuyWcg09bH0KB1d442Mu9FYHOOR1dt5+GObFX8vrxMBYZLEJQiWKGNfJY2oiCvC77tpQKlwGI6SF5sg4CgCo/PiK7JExDwfrjZyPJiQf+JJMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LO+L1AlL7xuLh2tvYSU+qzp+F7VjC4wOEyPTf5W/quY=; b=MWwjjcA9pHT7EWANhj6C0tD5YjWQfuB0QKUZIAw2ViexyRUdkAEPeiLsm+qskjDhOb04m/5FMBwe+okLkmyyaimfCzjhjrDJtokxQ+BdjjajhOiubFGHzho05NtJoy57WBTBlY6foLK/ealZ8eTlifJnHHWZ87WaiC11pCEnmyMJS2bgV2cpMSX9pDBvGvAag37v54A8v2gXcv02QwfNhKzVLJSWF7BtSpsJPsgG0LCCqdkRZT7MxYjOAs5vvGK1DbLapObmml39wAQS8oSSXA2kHTxku6RgpowtBqVWeNgfejQGxh0cNQTBxEj8Qaoke9N3zHMAl+i70VOF5HQRPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=davemloft.net smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LO+L1AlL7xuLh2tvYSU+qzp+F7VjC4wOEyPTf5W/quY=; b=Y+rtOROyLAbUN5CzLQUgMQ7wuMI3CUI+KVAAmTRsiJM2j5+7zy9PF/2gCSMoOXh2f0M+Z3eKPrIBvDafAZCjGl+LkQzur6iCUNy3/PUyMQ9ExBAjkkkkppV30WfkophukX8Dl2QebgVUMxSpu/sMtyHrUiypDfY56bxcvU+2LD5bWwXggX1Tede4yZJi1QhJYzJKDCovBxuyllYypZzk6S0uQEpCwRgYUuXYsgSKVwZjkd4u8YeTTdCWK8BsBBLM5Filikt+sPIskyGaNy0/QLdMbVQFs8q/oVRsvKjMdlSuqMbzrk8lpxTOLz6O9nl0UNXUjiGk2tMsWdAbiBquHw== Received: from DM6PR11CA0030.namprd11.prod.outlook.com (2603:10b6:5:190::43) by CH2PR12MB4905.namprd12.prod.outlook.com (2603:10b6:610:64::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.30; Fri, 11 Aug 2023 15:14:54 +0000 Received: from CY4PEPF0000EE3B.namprd03.prod.outlook.com (2603:10b6:5:190:cafe::87) by DM6PR11CA0030.outlook.office365.com (2603:10b6:5:190::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.31 via Frontend Transport; Fri, 11 Aug 2023 15:14:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CY4PEPF0000EE3B.mail.protection.outlook.com (10.167.242.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.19 via Frontend Transport; Fri, 11 Aug 2023 15:14:53 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Fri, 11 Aug 2023 08:14:35 -0700 Received: from localhost.localdomain (10.126.231.37) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Fri, 11 Aug 2023 08:14:33 -0700 From: Petr Machata To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , CC: Ido Schimmel , Petr Machata , Subject: [PATCH net-next 3/4] mlxsw: spectrum: Stop ignoring learning notifications from redirected traffic Date: Fri, 11 Aug 2023 17:13:57 +0200 Message-ID: <13bc71f25d9ee4e74a514e2e992cb96f87304299.1691764353.git.petrm@nvidia.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Originating-IP: [10.126.231.37] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE3B:EE_|CH2PR12MB4905:EE_ X-MS-Office365-Filtering-Correlation-Id: acea16e6-e540-4e84-db5e-08db9a7db70f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TP8bFO6zPjnA8K1steIdIGHhQwYBWuDuHCdQD+VJ8R4lVcp4G77NzvuvkTaMpHN/D4/xYIPjasvVelp+9GFYjLgc7lx2I5LaleEMUyqSIQk8/eWPULXF573UUVhTSjR3AoiHsYE70HuTZoTIwp9sb0uhKHCQn1Vv83aSGqKJ9crycF6l337dpLlONiX6qt15gA/ThoFKvjQf2bUZ7hocrlkKSH7vD1xDvk7dtd1ZF4JOXegX3qjk9jK5Z2IT0JNQGdsOv4/1IrXqHHS7s+eTWpuleziojt097JyWjDTPflQYBIFu6naTesAH7daH1p5iCZJ/LnFfyYEYIJB/kfN6sYCjweciPp8Y9VN4A+Z69756FmiGhC5hTuIkn1FVErNjjcCyVQ41/dwC+qJfmLphERnpKQwyUnHJNSHGY2VNWiS2RlzHjts4W2MZoqoXkf1zYg6mjmKbcqQDt00b8YVhh014HqF1nJQhvXLJCW3LLlibFjz0curaQz15tp6HAj2x2RReX/cNMFQ+hiuRMz6OELuQTOioCiebiqOZqKZcwmpoi1Ne2VpLDFZn4D2Gne+Sn+bCFwDWosMqHgo3SbPmMxkJedd7zH8j8y89gWKn+9PX6NnCx3y/fjPl0VEGpNq4zrMUlCAj7IW8fpTpD2HFTHmCuScILQXYP0+lZYuDaW33B6lU9cn2Xjn9lssw9XyBFz6I4qnZRBZtswy9gm/OKg== X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230028)(4636009)(1800799006)(451199021)(82310400008)(186006)(40470700004)(36840700001)(46966006)(70586007)(16526019)(2616005)(36756003)(508600001)(110136005)(6666004)(70206006)(107886003)(336012)(26005)(54906003)(4326008)(316002)(2906002)(15650500001)(7636003)(5660300002)(356005)(8936002)(8676002)(86362001)(83380400001)(36860700001)(426003)(47076005)(40460700003);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2023 15:14:53.4510 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: acea16e6-e540-4e84-db5e-08db9a7db70f X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE3B.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4905 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org From: Ido Schimmel As explained in the previous patch, with the ignore action prepended to the redirect action, it is not longer possible for redirected traffic to generate learning notifications. Therefore, remove the workaround that was added in commit 577fa14d2100 ("mlxsw: spectrum: Do not process learned records with a dummy FID") as it is no longer needed. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: Petr Machata --- drivers/net/ethernet/mellanox/mlxsw/spectrum.h | 1 - drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c | 10 ---------- .../net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 6 ------ 3 files changed, 17 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.h b/drivers/net/ethernet/mellanox/mlxsw/spectrum.h index 2fed55bcfd63..02ca2871b6f9 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.h +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.h @@ -1271,7 +1271,6 @@ int mlxsw_sp_setup_tc_block_qevent_mark(struct mlxsw_sp_port *mlxsw_sp_port, struct flow_block_offload *f); /* spectrum_fid.c */ -bool mlxsw_sp_fid_is_dummy(struct mlxsw_sp *mlxsw_sp, u16 fid_index); struct mlxsw_sp_fid *mlxsw_sp_fid_lookup_by_index(struct mlxsw_sp *mlxsw_sp, u16 fid_index); int mlxsw_sp_fid_nve_ifindex(const struct mlxsw_sp_fid *fid, int *nve_ifindex); diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c index b6ee2d658b0c..9df098474743 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c @@ -137,16 +137,6 @@ static const int *mlxsw_sp_packet_type_sfgc_types[] = { [MLXSW_SP_FLOOD_TYPE_MC] = mlxsw_sp_sfgc_mc_packet_types, }; -bool mlxsw_sp_fid_is_dummy(struct mlxsw_sp *mlxsw_sp, u16 fid_index) -{ - enum mlxsw_sp_fid_type fid_type = MLXSW_SP_FID_TYPE_DUMMY; - struct mlxsw_sp_fid_family *fid_family; - - fid_family = mlxsw_sp->fid_core->fid_family_arr[fid_type]; - - return fid_family->start_index == fid_index; -} - struct mlxsw_sp_fid *mlxsw_sp_fid_lookup_by_index(struct mlxsw_sp *mlxsw_sp, u16 fid_index) { diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c index 3662b9da5489..6c749c148148 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c @@ -3066,9 +3066,6 @@ static void mlxsw_sp_fdb_notify_mac_process(struct mlxsw_sp *mlxsw_sp, goto just_remove; } - if (mlxsw_sp_fid_is_dummy(mlxsw_sp, fid)) - goto just_remove; - mlxsw_sp_port_vlan = mlxsw_sp_port_vlan_find_by_fid(mlxsw_sp_port, fid); if (!mlxsw_sp_port_vlan) { netdev_err(mlxsw_sp_port->dev, "Failed to find a matching {Port, VID} following FDB notification\n"); @@ -3136,9 +3133,6 @@ static void mlxsw_sp_fdb_notify_mac_lag_process(struct mlxsw_sp *mlxsw_sp, goto just_remove; } - if (mlxsw_sp_fid_is_dummy(mlxsw_sp, fid)) - goto just_remove; - mlxsw_sp_port_vlan = mlxsw_sp_port_vlan_find_by_fid(mlxsw_sp_port, fid); if (!mlxsw_sp_port_vlan) { netdev_err(mlxsw_sp_port->dev, "Failed to find a matching {Port, VID} following FDB notification\n"); From patchwork Fri Aug 11 15:13:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Machata X-Patchwork-Id: 13351000 X-Patchwork-Delegate: kuba@kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE17863B6 for ; Fri, 11 Aug 2023 15:15:12 +0000 (UTC) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2065.outbound.protection.outlook.com [40.107.96.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A89130DB for ; Fri, 11 Aug 2023 08:15:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eFZqngYk3ARET/CEe75tShE1oY9oredb2QC7Pmvk441GSbknqBwvYIXAJd7Z0U+YXeDBaiTxyFFqJu8jCC3PEbEYkwwj6SsYV/QonYCV8X9L1U/M4/fXkCwc+/4u6rwE74RIEQ47pjgzAh0yEg+gYIa50vHqYGstwwcmfPqlxqAh/n55cLi9fFKjv9yKlDIRUJR1e+Qu26M6ijKEOjAl2d9Uhd4+hFm47Hgz6Gw516XS0o2HZVBSB/Gr5iPtvh9q49sdBU2XBK01PlenHjaEs7ibHWTc+Ou90DPrDW/FehWUX1U1pHxWgaCw++A6rtgGKKNGN/OXfrAjFxZ5p3idGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=78KCfbVL25g1YzM4LukslY3PnyzpBy+2ExDWaUmr5nM=; b=WJVKLsivWsNhkSuuOosmnHBErL1SklHTi4Py7xfI/WKdFKiGDM3200PGbNTrzy+nmjdKp150T4AF6+lANeS53AhSrySz7g95dZWLNBT1ozh4ee93z7oc3EhyTp3pRg3k0iQf4Xg8kN2fLYlvFrM/fRTTVE9tbqhMNIGqzZ+Q7cCeayaQWtBhs2UrFvnxxNu89q/gsYeZe9j76bOoabx3qys0U0fyC/wqRAyFJT+0RrkZT8LGen0/9BKd+TySt5OEZMxN6AD18TxvpIR2y4zXD2VI4fdrfdbbkAiBxynjwPJVyyrBsSoBRhAH64SOzpAeu9/1Emzl2v0ximrfh1qZmQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=davemloft.net smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=78KCfbVL25g1YzM4LukslY3PnyzpBy+2ExDWaUmr5nM=; b=XwmqpD9x+R3hGzxZAKGaH/u4EkRhj8XGCZ87qzlLvan4NqHQGhSXKBOsOF5jY4XKCIMs6kFEyJxFVkdXSLrUUTkHhwvpanPzXJ8ti7g2O7Nsq5Vlahqsr1GvT6Kgv5x7oXTsInKOER/2u1aYxnf/PikK5pLHFqeUY9BGLSfFh7w8Unoo8qsbaAPOmyR98r5pJ6GqXOsfqVtq1nknK67VZf7UKMB5G+J0Jjp9z3LVcNR4ClxEh/7wq6FLn8ox5Si70SP/UHNSMeIF1q0yyh5kzvoFAWkViYStZ+HpereDYZ/bQbiEjs+j4ogDMaUnEisugLE1wt7iLT8abPBgsBlN9w== Received: from MW4PR04CA0261.namprd04.prod.outlook.com (2603:10b6:303:88::26) by PH0PR12MB7009.namprd12.prod.outlook.com (2603:10b6:510:21c::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.30; Fri, 11 Aug 2023 15:15:04 +0000 Received: from CO1PEPF000042AD.namprd03.prod.outlook.com (2603:10b6:303:88:cafe::a9) by MW4PR04CA0261.outlook.office365.com (2603:10b6:303:88::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.31 via Frontend Transport; Fri, 11 Aug 2023 15:15:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by CO1PEPF000042AD.mail.protection.outlook.com (10.167.243.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.20 via Frontend Transport; Fri, 11 Aug 2023 15:15:04 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Fri, 11 Aug 2023 08:14:42 -0700 Received: from localhost.localdomain (10.126.231.37) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Fri, 11 Aug 2023 08:14:39 -0700 From: Petr Machata To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , CC: Ido Schimmel , Petr Machata , , "Hans J . Schultz" Subject: [PATCH net-next 4/4] selftests: forwarding: Add test case for traffic redirection from a locked port Date: Fri, 11 Aug 2023 17:13:58 +0200 Message-ID: <27cc1c994a7388f8d53a0cdf8352db29c0f88d45.1691764353.git.petrm@nvidia.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Originating-IP: [10.126.231.37] X-ClientProxiedBy: rnnvmail202.nvidia.com (10.129.68.7) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PEPF000042AD:EE_|PH0PR12MB7009:EE_ X-MS-Office365-Filtering-Correlation-Id: 8cb9e5c6-e19c-48c5-5d11-08db9a7dbd7e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 8ekJ8zMd84IsGstcdx8WEhESuQ/fx2TVUpOPGjlMdisbf93lO/mHV8FfgqhivfAGARZRrTXdNmuJC+428ug3cMtTpvRxzY1ubCEYfj0ym6ZQj/sCsQjfGYd0kCBHkqxmB8rVPhAjqUxLRW+nHQIZK84A4rirJ7FgvsXBL6TmOqn3Qe86Xd7Q4Pr8JSg3V/gpm4m0uFdLDaDXActfmA0Ji/x/Xz3DlRYj0zdfAUqikVtay4T/91VQiWFdHIQP13+YdwGccYpGPHfrAre5Hgjty9aVTbauSXsvk9tQp/HyL+cV0wmPrj/CJ3XUwxxtwlrW75HO/fBT4UklX1TB5Afp7df8IVdk9eDXUXYcCMrLUVmGCJbUOATOIl44oRI94ZsXNitDTXhIN7fleI0ZjEfMCi2tsoglFQqAZ+n/6bRtEgowP4ZQz3/Nu5gmSg1crBg3Pi0aS3SPsfcRxDrNZvGPNFAYyss3aG50zQEZJ8SlMkVHkUrw4Cx41FKLhDHlvyDbFvkNmo+BHKcrveK8QDb6JukFW5j2uRDzwzafRNRuSFL9L5KaXtEbpTZf0WeICEdctWbcNCMGOuounblmO/17CQ7u5FaRF34iuU5keCSk7sGohax5vTeSVb90CV2SAtLQpwZLJGHm1/k977cm8EMNY3BRnNUBtWUZ0k+1ac+XuoXTyGOinVjE9D+VeA7oOT1x/VXxX0vkfgr/5POIXNBM81yAVbtbnnBF017M/EsOmx9Vaa+Et7P0PT8SefeuqsXD X-Forefront-Antispam-Report: CIP:216.228.117.160;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge1.nvidia.com;CAT:NONE;SFS:(13230028)(4636009)(136003)(376002)(396003)(346002)(39860400002)(186006)(1800799006)(451199021)(82310400008)(46966006)(40470700004)(36840700001)(26005)(5660300002)(8936002)(16526019)(41300700001)(8676002)(336012)(6666004)(86362001)(7636003)(356005)(36860700001)(36756003)(2616005)(426003)(47076005)(478600001)(70206006)(110136005)(54906003)(2906002)(316002)(70586007)(4326008)(40460700003)(40480700001)(83380400001)(82740400003);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2023 15:15:04.2884 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8cb9e5c6-e19c-48c5-5d11-08db9a7dbd7e X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.160];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000042AD.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7009 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: kuba@kernel.org From: Ido Schimmel Check that traffic can be redirected from a locked bridge port and that it does not create locked FDB entries. Cc: Hans J. Schultz Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: Petr Machata --- .../net/forwarding/bridge_locked_port.sh | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh index dc92d32464f6..9af9f6964808 100755 --- a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh +++ b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh @@ -9,6 +9,7 @@ ALL_TESTS=" locked_port_mab_roam locked_port_mab_config locked_port_mab_flush + locked_port_mab_redirect " NUM_NETIFS=4 @@ -319,6 +320,41 @@ locked_port_mab_flush() log_test "Locked port MAB FDB flush" } +# Check that traffic can be redirected from a locked bridge port and that it +# does not create locked FDB entries. +locked_port_mab_redirect() +{ + RET=0 + check_port_mab_support || return 0 + + bridge link set dev $swp1 learning on locked on mab on + tc qdisc add dev $swp1 clsact + tc filter add dev $swp1 ingress protocol all pref 1 handle 101 flower \ + action mirred egress redirect dev $swp2 + + ping_do $h1 192.0.2.2 + check_err $? "Ping did not work with redirection" + + bridge fdb get `mac_get $h1` br br0 vlan 1 2> /dev/null | \ + grep "dev $swp1" | grep -q "locked" + check_fail $? "Locked entry created for redirected traffic" + + tc filter del dev $swp1 ingress protocol all pref 1 handle 101 flower + + ping_do $h1 192.0.2.2 + check_fail $? "Ping worked without redirection" + + bridge fdb get `mac_get $h1` br br0 vlan 1 2> /dev/null | \ + grep "dev $swp1" | grep -q "locked" + check_err $? "Locked entry not created after deleting filter" + + bridge fdb del `mac_get $h1` vlan 1 dev $swp1 master + tc qdisc del dev $swp1 clsact + bridge link set dev $swp1 learning off locked off mab off + + log_test "Locked port MAB redirect" +} + trap cleanup EXIT setup_prepare