lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230404130607.GB4044@pengutronix.de>
Date:   Tue, 4 Apr 2023 15:06:07 +0200
From:   Oleksij Rempel <o.rempel@...gutronix.de>
To:     Vladimir Oltean <olteanv@...il.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Andrew Lunn <andrew@...n.ch>,
        Eric Dumazet <edumazet@...gle.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Woojung Huh <woojung.huh@...rochip.com>,
        Arun Ramadoss <arun.ramadoss@...rochip.com>,
        kernel@...gutronix.de, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, UNGLinuxDriver@...rochip.com
Subject: Re: [PATCH net-next v1 2/7] net: dsa: microchip: ksz8: Implement
 add/del_fdb and use static MAC table operations

On Tue, Apr 04, 2023 at 03:50:02PM +0300, Vladimir Oltean wrote:
> On Tue, Apr 04, 2023 at 02:19:11PM +0200, Oleksij Rempel wrote:
> > If I compare KSZ879CLX and KSZ8873MLL datasheets, i do not see direct
> > answer. The only reason I can imagine is the size of static MAC table.
> > All KSZ88xx and KSZ87xx variants have only 8 entries. One is already
> > used for STP (even if STP is not enabled, can be optimized). If
> > BRIDGE_VLAN compiled, each local address will be configured 2 times.
> > So, depending on system configuration the static MAC table will full
> > very soon.
> 
> Yikes. KSZ8765 has num_statics = 8 and port_cnt = 5 (so 4 user ports I
> assume). So if all 4 user ports had their own MAC address, it would
> simply not be possible to put them under a VLAN-aware bridge, since that
> would consume 2 BR_FDB_LOCAL entries for each port, so the static MAC
> table would be full even without taking the bridge's MAC address into
> consideration.
> 
> Even with CONFIG_BRIDGE_VLAN_FILTERING turned off or with the bridge
> option vlan_default_pvid = 0, this would still consume 4 BR_FDB_LOCAL
> entries + one for the bridge's MAC address + 1 for STP, leaving only 2
> entries usable for *both* bridge fdb, *and* bridge mdb.
> 
> I haven't opened the datasheets of these chips. Is it possible to use
> the dynamic MAC table to store static(-ish) entries?

According to KSZ8795CLX datasheet, dynamic MAC table is read-only.
But there is Access Control Lists (ACL) with 16 entries. It is possible
created a forwarding rule with match against DST MAC address.

Beside, I'm working right now on KSZ9477 tc-flower support based on ACL
implementation.

Regards,
Oleksij
-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Powered by blists - more mailing lists