Re: [PATCH net-next 3/3] net: dsa: mv88e6xxx: mac-auth/MAB implementation

[netdev]

On 2022-12-06 13:53, Ido Schimmel wrote:
> On Mon, Dec 05, 2022 at 07:59:08PM +0100, Hans J. Schultz wrote:
> > This implementation for the Marvell mv88e6xxx chip series, is based on
> > handling ATU miss violations occurring when packets ingress on a port
> > that is locked with learning on. This will trigger a
> > SWITCHDEV_FDB_ADD_TO_BRIDGE event, which will result in the bridge 
> > module
> > adding a locked FDB entry. This bridge FDB entry will not age out as
> > it has the extern_learn flag set.
> >
> > Userspace daemons can listen to these events and either accept or deny
> > access for the host, by either replacing the locked FDB entry with a
> > simple entry or leave the locked entry.
> >
> > If the host MAC address is already present on another port, a ATU
> > member violation will occur, but to no real effect.
>
> And the packet will be dropped in hardware, right?

Every packet that enters a locked port and does not have a matching ATU 
entry on the port will be dropped (in HW) afaik.

> > ---
>
> The changelog from previous versions is missing.

I am afraid because I made a mistake with the version string last, this 
should be regarded as a first. Therefore no changelog.

> >  	err = mv88e6xxx_g1_atu_mac_read(chip, &entry);
> >  	if (err)
> > -		goto out;
> > +		goto out_unlock;
> > +
> > +	mv88e6xxx_reg_unlock(chip);
>
> I was under the impression that we agreed that the locking change will
> be split to a separate patch.

Sorry, I guess that because of the quite long time that has passed as I 
needed to get this FID=0 issue sorted out, and had many other different 
changes to attend, I forgot. I see an updated version is needed anyhow, 
so I will do it there.

> >  	spid = entry.state;