Re: [PATCH v2 net-next 1/5] net: dsa: mv88e6xxx: Improve isolation of standalone ports
From: Vladimir Oltean
Date: Thu Feb 03 2022 - 07:43:40 EST
On Thu, Feb 03, 2022 at 11:16:53AM +0100, Tobias Waldekranz wrote:
> Clear MapDA on standalone ports to bypass any ATU lookup that might
> point the packet in the wrong direction. This means that all packets
> are flooded using the PVT config. So make sure that standalone ports
> are only allowed to communicate with the local upstream port.
>
> Here is a scenario in which this is needed:
>
> CPU
> | .----.
> .---0---. | .--0--.
> | sw0 | | | sw1 |
> '-1-2-3-' | '-1-2-'
> '---'
>
> - sw0p1 and sw1p1 are bridged
> - sw0p2 and sw1p2 are in standalone mode
> - Learning must be enabled on sw0p3 in order for hardware forwarding
> to work properly between bridged ports
>
> 1. A packet with SA :aa comes in on sw1p2
> 1a. Egresses sw1p0
> 1b. Ingresses sw0p3, ATU adds an entry for :aa towards port 3
> 1c. Egresses sw0p0
>
> 2. A packet with DA :aa comes in on sw0p2
> 2a. If an ATU lookup is done at this point, the packet will be
> incorrectly forwarded towards sw0p3. With this change in place,
> the ATU is bypassed and the packet is forwarded in accordance
> with the PVT, which only contains the CPU port.
>
> Signed-off-by: Tobias Waldekranz <tobias@xxxxxxxxxxxxxx>
> ---
Reviewed-by: Vladimir Oltean <olteanv@xxxxxxxxx>