| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Mar 2022 07:50:26 +0100
From: Mattias Forsblad <mattias.forsblad@...il.com>
To: netdev@...r.kernel.org
Cc: "David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Andrew Lunn <andrew@...n.ch>,
Florian Fainelli <f.fainelli@...il.com>,
Vivien Didelot <vivien.didelot@...il.com>,
Roopa Prabhu <roopa@...dia.com>,
Tobias Waldekranz <tobias@...dekranz.com>,
Mattias Forsblad <mattias.forsblad@...il.com>
Subject: [PATCH v3 net-next 0/5] bridge: dsa: switchdev: mv88e6xxx: Implement bridge flood flags
Greetings,
This series implements new bridge flood flags
{flood,mcast_flood,bcast_flood}
and HW offloading for Marvell mv88e6xxx.
When using a non-VLAN filtering bridge we want to be able to limit
traffic to the CPU port to lessen the CPU load. This is specially
important when we have disabled learning on user ports.
A sample configuration could be something like this:
br0
/ \
swp0 swp1
ip link add dev br0 type bridge stp_state 0 vlan_filtering 0
ip link set swp0 master br0
ip link set swp1 master br0
ip link set swp0 type bridge_slave learning off
ip link set swp1 type bridge_slave learning off
ip link set swp0 up
ip link set swp1 up
ip link set br0 type bridge flood 0 mcast_flood 0 bcast_flood 0
ip link set br0 up
To further explain the reasoning for this please refer to post by
Tobias Waldekranz:
https://lore.kernel.org/netdev/87ilsxo052.fsf@waldekranz.com/
The first part(1,2) of the series implements the flags for the SW bridge
and the second part(3) the DSA infrastructure. Part (4) implements
offloading of this flag to HW for mv88e6xxx, which uses the
port vlan table to restrict the ingress from user ports
to the CPU port when all of the flag is cleared. Part (5) adds
selftests for these flags.
v2 -> v3:
- Fixed compile warnings (Jakub Kicinski, lkp@...el.com)
v1 -> v2:
- Split patch series in a more consistent way (Ido Shimmel)
- Drop sysfs implementation (Ido, Nikolay Aleksandrov)
- Change to use the boolopt API (Nikolay)
- Drop ioctl implementation (Nikolay)
- Split and rename local_receive to match bridge_slave
{flood,mcast_flood,bcast_flood} (Ido)
- Only handle the flags at apropiate places in the hot-path (Ido)
- Add selftest (Ido)
Mattias Forsblad (5):
switchdev: Add local_receive attribute
net: bridge: Implement bridge flood flag
dsa: Handle the flood flag in the DSA layer.
mv88e6xxx: Offload the flood flag
selftest: Add bridge flood flag tests
drivers/net/dsa/mv88e6xxx/chip.c | 45 ++++-
include/linux/if_bridge.h | 6 +
include/net/dsa.h | 7 +
include/net/switchdev.h | 1 +
include/uapi/linux/if_bridge.h | 9 +-
net/bridge/br.c | 46 +++++
net/bridge/br_device.c | 3 +
net/bridge/br_input.c | 23 ++-
net/bridge/br_private.h | 4 +
net/dsa/dsa_priv.h | 2 +
net/dsa/slave.c | 18 ++
.../testing/selftests/net/forwarding/Makefile | 1 +
.../selftests/net/forwarding/bridge_flood.sh | 169 ++++++++++++++++++
tools/testing/selftests/net/forwarding/lib.sh | 8 +
14 files changed, 335 insertions(+), 7 deletions(-)
create mode 100755 tools/testing/selftests/net/forwarding/bridge_flood.sh
--
2.25.1
Powered by blists - more mailing lists