linux/net/dsa
Vladimir Oltean 64fdc5f341 net: dsa: sync unicast and multicast addresses for VLAN filters too
If certain conditions are met, DSA can install all necessary MAC
addresses on the CPU ports as FDB entries and disable flooding towards
the CPU (we call this RX filtering).

There is one corner case where this does not work.

ip link add br0 type bridge vlan_filtering 1 && ip link set br0 up
ip link set swp0 master br0 && ip link set swp0 up
ip link add link swp0 name swp0.100 type vlan id 100
ip link set swp0.100 up && ip addr add 192.168.100.1/24 dev swp0.100

Traffic through swp0.100 is broken, because the bridge turns on VLAN
filtering in the swp0 port (causing RX packets to be classified to the
FDB database corresponding to the VID from their 802.1Q header), and
although the 8021q module does call dev_uc_add() towards the real
device, that API is VLAN-unaware, so it only contains the MAC address,
not the VID; and DSA's current implementation of ndo_set_rx_mode() is
only for VID 0 (corresponding to FDB entries which are installed in an
FDB database which is only hit when the port is VLAN-unaware).

It's interesting to understand why the bridge does not turn on
IFF_PROMISC for its swp0 bridge port, and it may appear at first glance
that this is a regression caused by the logic in commit 2796d0c648
("bridge: Automatically manage port promiscuous mode."). After all,
a bridge port needs to have IFF_PROMISC by its very nature - it needs to
receive and forward frames with a MAC DA different from the bridge
ports' MAC addresses.

While that may be true, when the bridge is VLAN-aware *and* it has a
single port, there is no real reason to enable promiscuity even if that
is an automatic port, with flooding and learning (there is nowhere for
packets to go except to the BR_FDB_LOCAL entries), and this is how the
corner case appears. Adding a second automatic interface to the bridge
would make swp0 promisc as well, and would mask the corner case.

Given the dev_uc_add() / ndo_set_rx_mode() API is what it is (it doesn't
pass a VLAN ID), the only way to address that problem is to install host
FDB entries for the cartesian product of RX filtering MAC addresses and
VLAN RX filters.

Fixes: 7569459a52 ("net: dsa: manage flooding on the CPU ports")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Link: https://lore.kernel.org/r/20230329151821.745752-1-vladimir.oltean@nxp.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2023-03-30 11:32:46 -07:00
..
devlink.c net: dsa: move rest of devlink setup/teardown to devlink.c 2022-11-22 20:41:47 -08:00
devlink.h net: dsa: move rest of devlink setup/teardown to devlink.c 2022-11-22 20:41:47 -08:00
dsa.c net: dsa: kill off dsa_priv.h 2022-11-22 20:41:54 -08:00
dsa.h net: dsa: rename dsa2.c back into dsa.c and create its header 2022-11-22 20:41:53 -08:00
Kconfig net: dsa: modularize DSA_TAG_PROTO_NONE 2022-11-22 20:41:45 -08:00
Makefile net: dsa: rename dsa2.c back into dsa.c and create its header 2022-11-22 20:41:53 -08:00
master.c net: dsa: Use sysfs_emit() to instead of sprintf() 2023-02-02 15:28:59 +01:00
master.h net: dsa: move headers exported by master.c to master.h 2022-11-22 20:41:49 -08:00
netlink.c net: dsa: kill off dsa_priv.h 2022-11-22 20:41:54 -08:00
netlink.h net: dsa: kill off dsa_priv.h 2022-11-22 20:41:54 -08:00
port.c net: dsa: move tag_8021q headers to their proper place 2022-11-22 20:41:53 -08:00
port.h net: dsa: move headers exported by port.c to port.h 2022-11-22 20:41:48 -08:00
slave.c net: dsa: sync unicast and multicast addresses for VLAN filters too 2023-03-30 11:32:46 -07:00
slave.h net: dsa: move headers exported by slave.c to slave.h 2022-11-22 20:41:49 -08:00
switch.c net: dsa: kill off dsa_priv.h 2022-11-22 20:41:54 -08:00
switch.h net: dsa: move notifier definitions to switch.h 2022-11-22 20:41:52 -08:00
tag_8021q.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-12-13 09:49:29 +01:00
tag_8021q.h net: dsa: move tag_8021q headers to their proper place 2022-11-22 20:41:53 -08:00
tag_ar9331.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_brcm.c net: dsa: tag_brcm: legacy: fix daisy-chained switches 2023-03-21 17:29:13 -07:00
tag_dsa.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_gswip.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_hellcreek.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-12-08 18:19:59 -08:00
tag_ksz.c net: dsa: microchip: enable port queues for tc mqprio 2023-01-23 22:12:35 -08:00
tag_lan9303.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_mtk.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_none.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_ocelot_8021q.c net: dsa: move tag_8021q headers to their proper place 2022-11-22 20:41:53 -08:00
tag_ocelot.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_qca.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_rtl4_a.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_rtl8_4.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_rzn1_a5psw.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_sja1105.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-12-08 18:19:59 -08:00
tag_trailer.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag_xrs700x.c net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00
tag.c net: dsa: report rx_bytes unadjusted for ETH_HLEN 2023-03-20 09:09:53 +00:00
tag.h net: dsa: move tagging protocol code to tag.{c,h} 2022-11-22 20:41:50 -08:00