lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <894793886.88178.1436375596747.JavaMail.zimbra@savoirfairelinux.com>
Date:	Wed, 8 Jul 2015 13:13:16 -0400 (EDT)
From:	Vivien Didelot <vivien.didelot@...oirfairelinux.com>
To:	Andrew Lunn <andrew@...n.ch>
Cc:	netdev <netdev@...r.kernel.org>, David <davem@...emloft.net>,
	Scott Feldman <sfeldma@...il.com>,
	Jiri Pirko <jiri@...nulli.us>,
	Florian Fainelli <f.fainelli@...il.com>,
	Guenter Roeck <linux@...ck-us.net>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	kernel <kernel@...oirfairelinux.com>
Subject: Re: [PATCH v4 0/3] net: dsa: mv88e6xxx: add support for VLAN Table
 Unit

Hi Andrew,

On Jul 8, 2015, at 10:38 AM, Andrew Lunn andrew@...n.ch wrote:

> On Tue, Jul 07, 2015 at 05:18:17PM -0400, Vivien Didelot wrote:
>> Hi all,
>> 
>> This patchset brings full support for hardware VLANs in DSA, and the Marvell
>> 88E6xxx compatible switch chips.
> 
> Hi Vivien
> 
> I would like to do a proper review and testing of these patchset, but
> i go on vacation this afternoon. So it will be in about 2 weeks time.
> 
> I spent 15 minutes tests just now. I spotted two things:
> 
> 1) I played with a configuration, and then rebooted the machine. After
> login i see:
> 
> Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
> permitted by applicable law.
> # cat /sys/kernel/debug/dsa0/vtu
> VID  FID  SID  0  1  2  3  4  5  6
>   1    1    0  u  u  u  u  x  x  t
> 500  500    0  t  t  t  t  x  x  t
> 550  550    0  t  x  x  x  x  x  t
> # bridge vlan show
> port    vlan ids
> lan0     1 PVID Egress Untagged
> 
> lan0     1 PVID Egress Untagged
> 
> lan1
> lan2
> lan3
> lan4
> lan5
> lan6
> lan7
> lan8     1 PVID Egress Untagged
> 
> lan8     1 PVID Egress Untagged
> 
> optical3
> optical4
> br0      1 PVID Egress Untagged
> 
> 
> So the switch seems to have some VTU table entries, but the bridge
> command does not show them. I suspect that a warm boot does not clear
> out the VTU entries in the switch.
> 
> Until recently we had a similar problem with the statistics
> counters. I wounder if we have the same problem with other tables? Do
> static ATU entries get removed on a reboot?
> 

You're right. There's a single operation to clear the STU and VTU. I
will send a follow-up patch to send this command during the switch
setup.

> 2) I cold booted the machine, to be sure to have a clean state. Then:
> 
> # cat /sys/kernel/debug/dsa0/vtu
> VID  FID  SID  0  1  2  3  4  5  6
>   1    1    0  u  x  x  x  x  x  t
> 
> So a good initial state. I then configure two bridges:
> 
> # brctl show
> bridge name     bridge id               STP enabled     interfaces
> br0             8000.92647a2160c4       yes             lan0
>                                                        lan1
> br1             8000.92647a2160c4       yes             lan2
>                                                        lan3
> 
> and then add vlan 500 to the four interfaces.
> 
> # bridge vlan add vid 500 dev lan0 master
> # bridge vlan add vid 500 dev lan1 master
> # bridge vlan add vid 500 dev lan2 master
> # bridge vlan add vid 500 dev lan3 master
> 
> # cat /sys/kernel/debug/dsa0/vtu
> VID  FID  SID  0  1  2  3  4  5  6
>   1    1    0  u  u  u  u  x  x  t
> 500  500    0  t  t  t  t  x  x  t
> 
> Does this mean we have one hardware bridge? All four ports can talk to
> each other? I've not actually sent any frames to test this, so i'm
> just speculating. Given that i have two software bridges, this is not
> what i would expect, if frames from lan0 or lan1, also went out lan2
> or lan3.

Indeed, with the "master" keyword, we ask switchdev to populate the
parent's (i.e. the switch chip) to create VLANs. Marvell switch such as
the 88E66352 can only have a single VLAN table entry for a given VID.

Please note that this patchset only brings support to access the
hardware VLAN Table Unit through switchdev, that is to say add, delete,
and dump entries in this table. To have fully functional VLAN support in
Linux with this switch family, there is certainly more work to do.

>From what I see, the patchset works fine for you (from bridge commands
and debugfs).

If the patchset looks good to you guys, may I suggest to get some
acknowledgments from you, so it can get merged? Then we could continue
to work on better synchronization with the FDB, STU (already in
progress) and other switchdev objects.

Regards,
-v
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ