[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <DB6PR0402MB27899B298481E7A3460BB9BFE0790@DB6PR0402MB2789.eurprd04.prod.outlook.com>
Date: Wed, 6 Nov 2019 13:47:47 +0000
From: Ioana Ciornei <ioana.ciornei@....com>
To: Andrew Lunn <andrew@...n.ch>
CC: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"f.fainelli@...il.com" <f.fainelli@...il.com>
Subject: RE: [PATCH 06/12] staging: dpaa2-ethsw: add ACL entry to redirect STP
to CPU
> Subject: Re: [PATCH 06/12] staging: dpaa2-ethsw: add ACL entry to redirect
> STP to CPU
>
> > The control queues do not form an actual interface in the sense that
> > the CPU does not receive unknown unicast, broadcast and multicast
> > frames by default. For each frame that we want to direct to the CPU
> > we must add an ACL entry.
>
> So this appears to be one of the dumbest switches so far :-(
To be fair, the actual hardware can do much more.
The problem here is that the firmware models the switch in a non-Linux style.
>
> Can you add an ACL which is all L2 broadcast/multicast? That would be a good
> first step.
I can add that but it would not be enough.
For example, unknown unicast would not be matched thus would not reach the CPU.
>
> Does the ACL stop further processing of the frame? Ideally you want the
> switch to also flood broadcast/multicast out other ports, if they are in a
> bridge. If it cannot, you end up with the software bridge doing the flooding.
Yes, the ACL stops any further processing.
>
> So i also assume it does not perform learning on CPU frames? That probably
> means you need to connect up the fdb add/remove calls to add in ACLs. And
> you will need to implement ndo_set_rx_mode. Each unicast and multicast
> address needs to be turned into an ACL. What i don't know is if the network
> stack will automatically add the interfaces own MAC address. You might have
> to handle that special case.
>
> Andrew
Your assumption is true, learning, with the current implementation, is not possible for CPU frames.
In .ndo_start_xmit() we inject directly into the switch port's Tx queues, thus bypassing the entire learning process.
All in all, I do not see a way out just by using the ACL mechanism (because of unknown unicast frames).
I have to talk in detail with the firmware team, but from what I can understand if we make the following changes in firmware it would better fit the Linux framework:
* make the CPU receive unknown unicast, broadcast and multicast frames by default (without any ACLs)
* frames originated on the CPU should not bypass the learning process (it should have its own Tx queues that go through the same learning process)
Thanks,
Ioana
Powered by blists - more mailing lists