From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B68CC43334 for ; Sun, 17 Jul 2022 12:57:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231351AbiGQM50 (ORCPT ); Sun, 17 Jul 2022 08:57:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229542AbiGQM5Y (ORCPT ); Sun, 17 Jul 2022 08:57:24 -0400 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3BD813CF0; Sun, 17 Jul 2022 05:57:23 -0700 (PDT) Received: by mail-ej1-x62e.google.com with SMTP id b11so16763163eju.10; Sun, 17 Jul 2022 05:57:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=2gmtNIUUpvopJUec+O7hhUT0Dno5h9V+8LiFQ4qDF9o=; b=k4SKpSa3N3YVNVsGETrFqgc7O1Gei21+1Bl7GKznWtW7g/CY4lqGhIVu0U8vhpPzQz Plh+/nM/rqhALQbZVIwSq16R4FXRKq1d+Yml3HubQr/QOkC5+adlVohA2mul6H6GMQHj sUrwalKo/99FfC/arjGzEpurzBOj5+/Hn2FszJYNlbrIlRKgT8yx6JX+Pgc9326oL/yg hq4wRuLrJiCpEsiQZmT0j4QBYzyQdwVveiB3U0qZZjqxie/GPYR4i8O13TTQbJT1GmOM UKxBmtPp2nRaBaKeS3tJ1ZOXUrVLNF77EnXNaSZeZbU64bNooizuYgajBY02YU37AQJI zxXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=2gmtNIUUpvopJUec+O7hhUT0Dno5h9V+8LiFQ4qDF9o=; b=hmrasD0O4BLFJ/NfDb/14d8MS9OKmXGIPbTQL5CJajl96Dcy/j5aEy3d+Qalm4ujYZ q8pd65tkQkMW3attjOFHq/gOMeyq+/rmAFXCPXAljLTAZdoIv1N6nMjVOop/PJ0Ss3GA hTv+teeko8Tcl1h6vVXIKceo4MjbU3JpJ5zMxX2uldvtu4yA8HYF34jDNMb+q8wAwfR2 PRtZY9nwGRM42tbmh8oMiCwvfjOlxhNPoqruf7OBPCdP6mEHpTstQj/mePj8AVlA7Tu3 kUskKay7X0YNTp/Xx5GdO1sFEqoXE4HVuSkyVWV29KEUoS4WjkYsEeXQzkm1JP69NpK1 kw5A== X-Gm-Message-State: AJIora+jrrzyCS4Qum39TdSyTZvZZ1P8NFIx3N3kk5bAylSMzLWHQfgf ARy718c6ID7ugmW+bdi9sRDcH5qu3TY= X-Google-Smtp-Source: AGRyM1s5dLQ9rJsisC51YqHpwFfp3KbcwuCasxvHsCLNpwLjQx6HndCuLJJNu1SVyevu2Z9pSZqboA== X-Received: by 2002:a17:907:28c8:b0:72b:97cd:d628 with SMTP id en8-20020a17090728c800b0072b97cdd628mr21882592ejc.208.1658062642128; Sun, 17 Jul 2022 05:57:22 -0700 (PDT) Received: from skbuf ([188.25.231.115]) by smtp.gmail.com with ESMTPSA id b6-20020aa7cd06000000b004355998ec1asm6559370edw.14.2022.07.17.05.57.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Jul 2022 05:57:21 -0700 (PDT) Date: Sun, 17 Jul 2022 15:57:18 +0300 From: Vladimir Oltean To: netdev@kapio-technology.com Cc: Ido Schimmel , davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org, Andrew Lunn , Vivien Didelot , Florian Fainelli , Eric Dumazet , Paolo Abeni , Jiri Pirko , Ivan Vecera , Roopa Prabhu , Nikolay Aleksandrov , Shuah Khan , Daniel Borkmann , linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH v4 net-next 3/6] drivers: net: dsa: add locked fdb entry flag to drivers Message-ID: <20220717125718.mj7b3j3jmltu6gm5@skbuf> References: <20220708084904.33otb6x256huddps@skbuf> <20220708091550.2qcu3tyqkhgiudjg@skbuf> <20220708115624.rrjzjtidlhcqczjv@skbuf> <723e2995314b41ff323272536ef27341@kapio-technology.com> <648ba6718813bf76e7b973150b73f028@kapio-technology.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <648ba6718813bf76e7b973150b73f028@kapio-technology.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 17, 2022 at 02:21:47PM +0200, netdev@kapio-technology.com wrote: > On 2022-07-13 14:39, Ido Schimmel wrote: > > On Wed, Jul 13, 2022 at 09:09:58AM +0200, netdev@kapio-technology.com > > wrote: > > > > > What are "Storm Prevention" and "zero-DPV" FDB entries? > > They are both FDB entries that at the HW level drops all packets having a > specific SA, thus using minimum resources. > (thus the name "Storm Prevention" aka, protection against DOS attacks. We > must remember that we operate with CPU based learning.) DPV means Destination Port Vector, and an ATU entry with a DPV of 0 essentially means a FDB entry pointing nowhere, so it will drop the packet. That's a slight problem with Hans' implementation, the bridge thinks that the locked FDB entry belongs to port X, but in reality it matches on all bridged ports (since it matches by FID). FID allocation in mv88e6xxx is slightly strange, all VLAN-unaware bridge ports, belonging to any bridge, share the same FID, so the FDB databases are not exactly isolated from each other. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 2C7F3416BC DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 36123416B1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=2gmtNIUUpvopJUec+O7hhUT0Dno5h9V+8LiFQ4qDF9o=; b=k4SKpSa3N3YVNVsGETrFqgc7O1Gei21+1Bl7GKznWtW7g/CY4lqGhIVu0U8vhpPzQz Plh+/nM/rqhALQbZVIwSq16R4FXRKq1d+Yml3HubQr/QOkC5+adlVohA2mul6H6GMQHj sUrwalKo/99FfC/arjGzEpurzBOj5+/Hn2FszJYNlbrIlRKgT8yx6JX+Pgc9326oL/yg hq4wRuLrJiCpEsiQZmT0j4QBYzyQdwVveiB3U0qZZjqxie/GPYR4i8O13TTQbJT1GmOM UKxBmtPp2nRaBaKeS3tJ1ZOXUrVLNF77EnXNaSZeZbU64bNooizuYgajBY02YU37AQJI zxXQ== Date: Sun, 17 Jul 2022 15:57:18 +0300 From: Vladimir Oltean Message-ID: <20220717125718.mj7b3j3jmltu6gm5@skbuf> References: <20220708084904.33otb6x256huddps@skbuf> <20220708091550.2qcu3tyqkhgiudjg@skbuf> <20220708115624.rrjzjtidlhcqczjv@skbuf> <723e2995314b41ff323272536ef27341@kapio-technology.com> <648ba6718813bf76e7b973150b73f028@kapio-technology.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <648ba6718813bf76e7b973150b73f028@kapio-technology.com> Subject: Re: [Bridge] [PATCH v4 net-next 3/6] drivers: net: dsa: add locked fdb entry flag to drivers List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: netdev@kapio-technology.com Cc: Ivan Vecera , Andrew Lunn , Florian Fainelli , Jiri Pirko , Daniel Borkmann , bridge@lists.linux-foundation.org, Ido Schimmel , Nikolay Aleksandrov , Roopa Prabhu , linux-kernel@vger.kernel.org, Vivien Didelot , Eric Dumazet , linux-kselftest@vger.kernel.org, netdev@vger.kernel.org, kuba@kernel.org, Paolo Abeni , Shuah Khan , davem@davemloft.net On Sun, Jul 17, 2022 at 02:21:47PM +0200, netdev@kapio-technology.com wrote: > On 2022-07-13 14:39, Ido Schimmel wrote: > > On Wed, Jul 13, 2022 at 09:09:58AM +0200, netdev@kapio-technology.com > > wrote: > > > > > What are "Storm Prevention" and "zero-DPV" FDB entries? > > They are both FDB entries that at the HW level drops all packets having a > specific SA, thus using minimum resources. > (thus the name "Storm Prevention" aka, protection against DOS attacks. We > must remember that we operate with CPU based learning.) DPV means Destination Port Vector, and an ATU entry with a DPV of 0 essentially means a FDB entry pointing nowhere, so it will drop the packet. That's a slight problem with Hans' implementation, the bridge thinks that the locked FDB entry belongs to port X, but in reality it matches on all bridged ports (since it matches by FID). FID allocation in mv88e6xxx is slightly strange, all VLAN-unaware bridge ports, belonging to any bridge, share the same FID, so the FDB databases are not exactly isolated from each other.