linux/drivers/net/dsa
Vladimir Oltean 1cf3299b03 net: dsa: felix: Allow unknown unicast traffic towards the CPU port module
Compared to other DSA switches, in the Ocelot cores, the RX filtering is
a much more important concern.

Firstly, the primary use case for Ocelot is non-DSA, so there isn't any
secondary Ethernet MAC [the DSA master's one] to implicitly drop frames
having a DMAC we are not interested in.  So the switch driver itself
needs to install FDB entries towards the CPU port module (PGID_CPU) for
the MAC address of each switch port, in each VLAN installed on the port.
Every address that is not whitelisted is implicitly dropped. This is in
order to achieve a behavior similar to N standalone net devices.

Secondly, even in the secondary use case of DSA, such as illustrated by
Felix with the NPI port mode, that secondary Ethernet MAC is present,
but its RX filter is bypassed. This is because the DSA tags themselves
are placed before Ethernet, so the DMAC that the switch ports see is
not seen by the DSA master too (since it's shifter to the right).

So RX filtering is pretty important. A good RX filter won't bother the
CPU in case the switch port receives a frame that it's not interested
in, and there exists no other line of defense.

Ocelot is pretty strict when it comes to RX filtering: non-IP multicast
and broadcast traffic is allowed to go to the CPU port module, but
unknown unicast isn't. This means that traffic reception for any other
MAC addresses than the ones configured on each switch port net device
won't work. This includes use cases such as macvlan or bridging with a
non-Ocelot (so-called "foreign") interface. But this seems to be fine
for the scenarios that the Linux system embedded inside an Ocelot switch
is intended for - it is simply not interested in unknown unicast
traffic, as explained in Allan Nielsen's presentation [0].

On the other hand, the Felix DSA switch is integrated in more
general-purpose Linux systems, so it can't afford to drop that sort of
traffic in hardware, even if it will end up doing so later, in software.

Actually, unknown unicast means more for Felix than it does for Ocelot.
Felix doesn't attempt to perform the whitelisting of switch port MAC
addresses towards PGID_CPU at all, mainly because it is too complicated
to be feasible: while the MAC addresses are unique in Ocelot, by default
in DSA all ports are equal and inherited from the DSA master. This adds
into account the question of reference counting MAC addresses (delayed
ocelot_mact_forget), not to mention reference counting for the VLAN IDs
that those MAC addresses are installed in. This reference counting
should be done in the DSA core, and the fact that it wasn't needed so
far is due to the fact that the other DSA switches don't have the DSA
tag placed before Ethernet, so the DSA master is able to whitelist the
MAC addresses in hardware.

So this means that even regular traffic termination on a Felix switch
port happens through flooding (because neither Felix nor Ocelot learn
source MAC addresses from CPU-injected frames).

So far we've explained that whitelisting towards PGID_CPU:
- helps to reduce the likelihood of spamming the CPU with frames it
  won't process very far anyway
- is implemented in the ocelot driver
- is sufficient for the ocelot use cases
- is not feasible in DSA
- breaks use cases in DSA, in the current status (whitelisting enabled
  but no MAC address whitelisted)

So the proposed patch allows unknown unicast frames to be sent to the
CPU port module. This is done for the Felix DSA driver only, as Ocelot
seems to be happy without it.

[0]: https://www.youtube.com/watch?v=B1HhxEcU7Jg

Suggested-by: Allan W. Nielsen <allan.nielsen@microchip.com>
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Allan W. Nielsen <allan.nielsen@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-03-04 14:19:01 -08:00
..
b53 net: dsa: propagate resolved link config via mac_link_up() 2020-02-27 12:02:14 -08:00
microchip net: dsa: microchip: enable module autoprobe 2020-02-07 18:45:12 +01:00
mv88e6xxx Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-02-27 18:31:39 -08:00
ocelot net: dsa: felix: Allow unknown unicast traffic towards the CPU port module 2020-03-04 14:19:01 -08:00
qca net: dsa: propagate resolved link config via mac_link_up() 2020-02-27 12:02:14 -08:00
sja1105 net: dsa: sja1105: add 100baseT1_Full support 2020-03-03 14:54:05 -08:00
bcm_sf2_cfp.c net: dsa: bcm_sf2: Fix IP fragment location and behavior 2019-12-24 16:08:49 -08:00
bcm_sf2_regs.h Revert "net: dsa: bcm_sf2: Also configure Port 5 for 2Gb/sec on 7278" 2020-02-26 16:33:35 -08:00
bcm_sf2.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-02-27 18:31:39 -08:00
bcm_sf2.h net: dsa: bcm_sf2: Add support for optional reset controller line 2019-11-05 18:06:38 -08:00
dsa_loop_bdinfo.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
dsa_loop.c net: dsa: Get information about stacked DSA protocol 2020-01-08 16:01:13 -08:00
dsa_loop.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig net: dsa: vsc73xx: Remove dependency on CONFIG_OF 2020-01-05 14:23:48 -08:00
lan9303_i2c.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
lan9303_mdio.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
lan9303-core.c net: dsa: Get information about stacked DSA protocol 2020-01-08 16:01:13 -08:00
lan9303.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
lantiq_gswip.c net: dsa: propagate resolved link config via mac_link_up() 2020-02-27 12:02:14 -08:00
lantiq_pce.h net: dsa: Use the correct style for SPDX License Identifier 2019-09-22 15:25:08 -07:00
Makefile net: dsa: add support for Atheros AR9331 built-in switch 2019-12-20 17:05:47 -08:00
mt7530.c net: dsa: propagate resolved link config via mac_link_up() 2020-02-27 12:02:14 -08:00
mt7530.h net: dsa: mt7530: Add support for port 5 2019-09-05 00:28:23 +02:00
mv88e6060.c net: dsa: Get information about stacked DSA protocol 2020-01-08 16:01:13 -08:00
mv88e6060.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
qca8k.c net: dsa: Get information about stacked DSA protocol 2020-01-08 16:01:13 -08:00
qca8k.h net: dsa: qca8k: introduce reset via gpio feature 2019-06-27 11:17:30 -07:00
realtek-smi-core.c net: dsa: remove dsa_switch_alloc helper 2019-10-22 12:37:07 -07:00
realtek-smi-core.h net: dsa: fix warning same module names 2019-06-14 19:28:54 -07:00
rtl8366.c net: dsa: rtl8366: Check VLAN ID and not ports 2019-10-02 12:09:23 -04:00
rtl8366rb.c net: dsa: Get information about stacked DSA protocol 2020-01-08 16:01:13 -08:00
vitesse-vsc73xx-core.c net: dsa: Get information about stacked DSA protocol 2020-01-08 16:01:13 -08:00
vitesse-vsc73xx-platform.c net: dsa: vsc73xx: add support for parallel mode 2019-07-07 14:16:32 -07:00
vitesse-vsc73xx-spi.c net: dsa: vsc73xx: Split vsc73xx driver 2019-07-07 14:16:32 -07:00
vitesse-vsc73xx.h net: dsa: vsc73xx: Split vsc73xx driver 2019-07-07 14:16:32 -07:00