From patchwork Tue Feb 22 13:28:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12755079 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC272C433EF for ; Tue, 22 Feb 2022 13:29:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232155AbiBVNaF (ORCPT ); Tue, 22 Feb 2022 08:30:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232460AbiBVNaC (ORCPT ); Tue, 22 Feb 2022 08:30:02 -0500 Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BA2E125514; Tue, 22 Feb 2022 05:29:32 -0800 (PST) Received: by mail-lf1-x131.google.com with SMTP id e5so24764083lfr.9; Tue, 22 Feb 2022 05:29:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=3BXfPtwYes87TF7Ndtlw8cxUkNRZ8ysar0tPJqhRxXE=; b=RNXfPWhIi3GS914t5geUCBao/Y6xUXkHsYoIkdJETuwHinT2KMb0LZpl7HE3wgCBHf KPa+HXyk9h4+eqGyIWHTGKfpwR/saAVHSxEaEmX5OPrCqHjSpwU3YLHqf/5mPqIapPPo JPQ/BT3Rvlf9leXI3pD4vsPZiwIcaPm7bb2kwwBZhLsaV64ukDJxdgDu8hgNRkNwSIrV cw+zxfY0cJvCWJdo5rO898gNs1EryibASXvlYUsp7Ze+SWrntVcyPziy35TjawuMeyBt yqJ7y+uH0aPun69ryhWQE/FqGzFszuRjRrGODlElpZ4I7QsQeq6elEp5ePGDu8WHGk2b Xb+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=3BXfPtwYes87TF7Ndtlw8cxUkNRZ8ysar0tPJqhRxXE=; b=kxQePvqKKQBN/3xFuPIE3OydzGijO2PRtzNKmpgZ5QHS0eOkvRaK6fpYn4bVk7e0pO y4zmhYigE3eUToA2eoMzxcLUdqi2KM7cMOe/BGUp1+zVmywXu1eQEcoaxpKtxeOfur8X 2ZxWVzV6IQEZpNuG2cjFX4S5/uTKFJbcBWTY9EYMnLUtj9OCKWMiMc95nkWbpbmEWuIX WkeVOMIl/aw2wsL0j3Dh3Mg7YrT6Qfae2fF3t4oKYNaNvLHxaQM/8DDfLb/O9pe8+dIJ QTvlU6eQzvLjc3e27q1o2YzySaJxjTsN2FsGlH2QLYk/zWS49dyDGe3cGEBCc4HsVrTk 1Pkw== X-Gm-Message-State: AOAM531J8F6SU/a/Osr/gQLoFpbifsbxfwoa36aIUYLoaIia2YgKHiFc F40FDqQnpU8i6KDJirIURTg= X-Google-Smtp-Source: ABdhPJxhUrAVugWW+xfjsMau4tFpoNfMq1N0rjRAzld0kCNdJp/OnzndCvbaBdc4mp1ZiqBiHSKn4w== X-Received: by 2002:a05:6512:3d8b:b0:442:628c:73f3 with SMTP id k11-20020a0565123d8b00b00442628c73f3mr17192711lfv.419.1645536570686; Tue, 22 Feb 2022 05:29:30 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id e22sm1703685ljb.17.2022.02.22.05.29.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Feb 2022 05:29:30 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Nikolay Aleksandrov , Ido Schimmel , Andrew Lunn , Vivien Didelot , Florian Fainelli , Vladimir Oltean , Roopa Prabhu , Shuah Khan , Stephen Suryaputra , David Ahern , Petr Machata , Amit Cohen , Po-Hsu Lin , Baowen Zheng , linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org, linux-kselftest@vger.kernel.org Subject: [PATCH net-next v4 1/5] net: bridge: Add support for bridge port in locked mode Date: Tue, 22 Feb 2022 14:28:14 +0100 Message-Id: <20220222132818.1180786-2-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> References: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org In a 802.1X scenario, clients connected to a bridge port shall not be allowed to have traffic forwarded until fully authenticated. A static fdb entry of the clients MAC address for the bridge port unlocks the client and allows bidirectional communication. This scenario is facilitated with setting the bridge port in locked mode, which is also supported by various switchcore chipsets. Signed-off-by: Hans Schultz Acked-by: Nikolay Aleksandrov Reviewed-by: Ido Schimmel --- include/linux/if_bridge.h | 1 + include/uapi/linux/if_link.h | 1 + net/bridge/br_input.c | 11 ++++++++++- net/bridge/br_netlink.c | 6 +++++- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h index 509e18c7e740..3aae023a9353 100644 --- a/include/linux/if_bridge.h +++ b/include/linux/if_bridge.h @@ -58,6 +58,7 @@ struct br_ip_list { #define BR_MRP_LOST_CONT BIT(18) #define BR_MRP_LOST_IN_CONT BIT(19) #define BR_TX_FWD_OFFLOAD BIT(20) +#define BR_PORT_LOCKED BIT(21) #define BR_DEFAULT_AGEING_TIME (300 * HZ) diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 6218f93f5c1a..a45cc0a1f415 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -537,6 +537,7 @@ enum { IFLA_BRPORT_MRP_IN_OPEN, IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT, IFLA_BRPORT_MCAST_EHT_HOSTS_CNT, + IFLA_BRPORT_LOCKED, __IFLA_BRPORT_MAX }; #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index b50382f957c1..e0c13fcc50ed 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -81,6 +81,7 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb if (!p || p->state == BR_STATE_DISABLED) goto drop; + br = p->br; brmctx = &p->br->multicast_ctx; pmctx = &p->multicast_ctx; state = p->state; @@ -88,10 +89,18 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb &state, &vlan)) goto out; + if (p->flags & BR_PORT_LOCKED) { + struct net_bridge_fdb_entry *fdb_src = + br_fdb_find_rcu(br, eth_hdr(skb)->h_source, vid); + + if (!fdb_src || READ_ONCE(fdb_src->dst) != p || + test_bit(BR_FDB_LOCAL, &fdb_src->flags)) + goto drop; + } + nbp_switchdev_frame_mark(p, skb); /* insert into forwarding database after filtering to avoid spoofing */ - br = p->br; if (p->flags & BR_LEARNING) br_fdb_update(br, p, eth_hdr(skb)->h_source, vid, 0); diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 2ff83d84230d..7d4432ca9a20 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -184,6 +184,7 @@ static inline size_t br_port_info_size(void) + nla_total_size(1) /* IFLA_BRPORT_VLAN_TUNNEL */ + nla_total_size(1) /* IFLA_BRPORT_NEIGH_SUPPRESS */ + nla_total_size(1) /* IFLA_BRPORT_ISOLATED */ + + nla_total_size(1) /* IFLA_BRPORT_LOCKED */ + nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_ROOT_ID */ + nla_total_size(sizeof(struct ifla_bridge_id)) /* IFLA_BRPORT_BRIDGE_ID */ + nla_total_size(sizeof(u16)) /* IFLA_BRPORT_DESIGNATED_PORT */ @@ -269,7 +270,8 @@ static int br_port_fill_attrs(struct sk_buff *skb, BR_MRP_LOST_CONT)) || nla_put_u8(skb, IFLA_BRPORT_MRP_IN_OPEN, !!(p->flags & BR_MRP_LOST_IN_CONT)) || - nla_put_u8(skb, IFLA_BRPORT_ISOLATED, !!(p->flags & BR_ISOLATED))) + nla_put_u8(skb, IFLA_BRPORT_ISOLATED, !!(p->flags & BR_ISOLATED)) || + nla_put_u8(skb, IFLA_BRPORT_LOCKED, !!(p->flags & BR_PORT_LOCKED))) return -EMSGSIZE; timerval = br_timer_value(&p->message_age_timer); @@ -827,6 +829,7 @@ static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = { [IFLA_BRPORT_GROUP_FWD_MASK] = { .type = NLA_U16 }, [IFLA_BRPORT_NEIGH_SUPPRESS] = { .type = NLA_U8 }, [IFLA_BRPORT_ISOLATED] = { .type = NLA_U8 }, + [IFLA_BRPORT_LOCKED] = { .type = NLA_U8 }, [IFLA_BRPORT_BACKUP_PORT] = { .type = NLA_U32 }, [IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT] = { .type = NLA_U32 }, }; @@ -893,6 +896,7 @@ static int br_setport(struct net_bridge_port *p, struct nlattr *tb[], br_set_port_flag(p, tb, IFLA_BRPORT_VLAN_TUNNEL, BR_VLAN_TUNNEL); br_set_port_flag(p, tb, IFLA_BRPORT_NEIGH_SUPPRESS, BR_NEIGH_SUPPRESS); br_set_port_flag(p, tb, IFLA_BRPORT_ISOLATED, BR_ISOLATED); + br_set_port_flag(p, tb, IFLA_BRPORT_LOCKED, BR_PORT_LOCKED); changed_mask = old_flags ^ p->flags; From patchwork Tue Feb 22 13:28:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12755080 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A2BCC433FE for ; Tue, 22 Feb 2022 13:29:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232464AbiBVNaG (ORCPT ); Tue, 22 Feb 2022 08:30:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232481AbiBVNaD (ORCPT ); Tue, 22 Feb 2022 08:30:03 -0500 Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C426E15D3B8; Tue, 22 Feb 2022 05:29:36 -0800 (PST) Received: by mail-lj1-x230.google.com with SMTP id v22so17637895ljh.7; Tue, 22 Feb 2022 05:29:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=EwW1ad9aaDxzLEmHNXCm17nZVCt4Pcys+G0syr6CYU4=; b=pZe7+VYM2Ch4tnW0vNrVk4kIXpos0UkPqBnqRz0liSSCmjg5WR46ijNkTFp1HCgHFG G7xtFljcmI1+/ai2y4SDM+SuB0bYJ6ujqEiFCprXncNFqQuO3QTWAYzw1L2HjZjT4H3N v/0RVdM4I4DpTyyct5KApt+YAfxnXRgaxNJUJAMngBXVw0Ri55ZE9X1fL2nhUd6LZcrn skDkxgDKgNOhZFP6P6RWDaFGYspOza6cihrkcaaDHNr72RtORhJmLoMNX/dxH0eZmcRY MNvzvYmKHTdpW8/Glo8PDfXtx+xP4+15Juf+9hRUfW87XIYD64cyFvB8sH6Ie98g2nc5 gR+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=EwW1ad9aaDxzLEmHNXCm17nZVCt4Pcys+G0syr6CYU4=; b=bftf3bZUv7exZUErG+O9ivP51fuo+zaRG4OZ8Yr5Koo/gKCOPOQCIuYjXWoDRtVMeA a1KLdTHxDA+W69FOEwbouCRDYOcJchjlV1McC0hZVAKNdiMMmEahyX6Gep0ld4sWOs4Z eFqOLLIszjP7e8z5qR2vYGB/ayswaANPWU20c+dPKahyvdF9+O8J6gJTarIqzwtc/UhT oGA8kavvB1N5T7culGT3IJDfY0W8YTH4BvQw7XAyWXvdXS4DVwukLQUVQpwp0FYSYBGX Av2QRAmKwkGWD2u8lkpqlkFe09iqqFti+i9YaXkJAU7aOGqksWjzJQPehsZqwkyihN1g MTUg== X-Gm-Message-State: AOAM530+7N4iblDikUGjppB3DU4iV0DBVNsXIs/UogwqwJ/piTXPszfl OfIPW/4dVwM23o/8b+jox9c= X-Google-Smtp-Source: ABdhPJzHDYyISKgjREvcwBLgHfMKpwDFHOum7zloAcofWXBg+CYq18JOmAuV0xwIBhhLStIP1a2GLQ== X-Received: by 2002:a2e:8752:0:b0:23e:d951:4184 with SMTP id q18-20020a2e8752000000b0023ed9514184mr18296155ljj.410.1645536575198; Tue, 22 Feb 2022 05:29:35 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id e22sm1703685ljb.17.2022.02.22.05.29.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Feb 2022 05:29:34 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Nikolay Aleksandrov , Ido Schimmel , Andrew Lunn , Vivien Didelot , Florian Fainelli , Vladimir Oltean , Roopa Prabhu , Shuah Khan , Stephen Suryaputra , David Ahern , Petr Machata , Amit Cohen , Po-Hsu Lin , Baowen Zheng , linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org, linux-kselftest@vger.kernel.org Subject: [PATCH net-next v4 2/5] net: bridge: Add support for offloading of locked port flag Date: Tue, 22 Feb 2022 14:28:15 +0100 Message-Id: <20220222132818.1180786-3-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> References: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Various switchcores support setting ports in locked mode, so that clients behind locked ports cannot send traffic through the port unless a fdb entry is added with the clients MAC address. Signed-off-by: Hans Schultz Acked-by: Nikolay Aleksandrov Reviewed-by: Ido Schimmel --- net/bridge/br_switchdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bridge/br_switchdev.c b/net/bridge/br_switchdev.c index f8fbaaa7c501..bf549fc22556 100644 --- a/net/bridge/br_switchdev.c +++ b/net/bridge/br_switchdev.c @@ -72,7 +72,7 @@ bool nbp_switchdev_allowed_egress(const struct net_bridge_port *p, /* Flags that can be offloaded to hardware */ #define BR_PORT_FLAGS_HW_OFFLOAD (BR_LEARNING | BR_FLOOD | \ - BR_MCAST_FLOOD | BR_BCAST_FLOOD) + BR_MCAST_FLOOD | BR_BCAST_FLOOD | BR_PORT_LOCKED) int br_switchdev_set_port_flag(struct net_bridge_port *p, unsigned long flags, From patchwork Tue Feb 22 13:28:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12755081 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C7BBC433FE for ; Tue, 22 Feb 2022 13:29:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232460AbiBVNaJ (ORCPT ); Tue, 22 Feb 2022 08:30:09 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57750 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232474AbiBVNaI (ORCPT ); Tue, 22 Feb 2022 08:30:08 -0500 Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38401136ED6; Tue, 22 Feb 2022 05:29:43 -0800 (PST) Received: by mail-lf1-x130.google.com with SMTP id m14so24777885lfu.4; Tue, 22 Feb 2022 05:29:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=Z+hbLNvF0Nhve3XBOMxW8KtWdx8aJiHJ43sZ0z9sw1E=; b=qO5Sru+DZqGzH4+Za4ahOJYJK/duIXhEZA7V/VVfsVzC5RwvI/uX/oPlWpfAzaWqzV 107TBki28TfJolkKkSAvh2IFNfqHT6f62lZ5mLMFDNS7EdYGIV9NwM9Kl6a9RNdOP5i+ nkW26DL79MK2HzK5rsy47tYU7EQg9PhP1SyQYgc+NI92/MlgTF12CK7J5s6f0No+Zmop EZ/R9GrW/mbWigROLcu1w3qZBUYAnNWHE88/fvsrV4YZR4UviqsCv10r8EbOKrEyAXBg iEV+DlFF7X3WoMjYQTX+pDbeetysz/YOzRmQtJ7JhPY4Jm2SZDPu7RxYZTYvtUgWYyBi 7kwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=Z+hbLNvF0Nhve3XBOMxW8KtWdx8aJiHJ43sZ0z9sw1E=; b=MAcVYsT2L3j2FuDo+z+UhgvNLCdTowATEgCmXteuY2D3w4HygLnuQECRRihs5Zy7sV cpgF60Dk0vLYmklWA+hWwnuMuPfdJbiJDhUx+QJBPYAT29SLjRNn6RmhV2Z1MtgU9Jyn 67JcXkRbSv9GGIwz+x6AiIhiENafZI5TQokS+D9HKhpvNcTQS2oFnvvhqM0I5RbQbW6u 45q5L6BBOmbcbbX3rYdqAsNkrQJ90FGi9TTT4KTKdvmKBGPBpR15oN/mnSgOrkbGr9oZ qsa3V/ABZcSRRmjRr8hEdSEyuRbcWnVfhLIJQ7H+0eqbiuvGjUqOzAQp9CminYwiBXBf Cj/A== X-Gm-Message-State: AOAM532q0nLxRAcp+ZBvqcJdINV10ze0u2WSE60h4dgIp+WmM0sV6Xw5 GZljImM2DwDc2/kteRJzoe4= X-Google-Smtp-Source: ABdhPJwolKKl+qChVGRAvJCxdChiH+ZkxIpLXFQkRe02q8DltrOGJJiqQzm+Xu0ntqAFve+Idw9aCQ== X-Received: by 2002:a05:6512:3f08:b0:443:3d74:2461 with SMTP id y8-20020a0565123f0800b004433d742461mr16779614lfa.461.1645536581597; Tue, 22 Feb 2022 05:29:41 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id e22sm1703685ljb.17.2022.02.22.05.29.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Feb 2022 05:29:41 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Vladimir Oltean , Andrew Lunn , Vivien Didelot , Florian Fainelli , Roopa Prabhu , Nikolay Aleksandrov , Shuah Khan , Stephen Suryaputra , David Ahern , Ido Schimmel , Petr Machata , Amit Cohen , Po-Hsu Lin , Baowen Zheng , linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org, linux-kselftest@vger.kernel.org Subject: [PATCH net-next v4 3/5] net: dsa: Include BR_PORT_LOCKED in the list of synced brport flags Date: Tue, 22 Feb 2022 14:28:16 +0100 Message-Id: <20220222132818.1180786-4-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> References: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Ensures that the DSA switch driver gets notified of changes to the BR_PORT_LOCKED flag as well, for the case when a DSA port joins or leaves a LAG that is a bridge port. Signed-off-by: Hans Schultz Reviewed-by: Vladimir Oltean --- net/dsa/port.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/dsa/port.c b/net/dsa/port.c index bd78192e0e47..01ed22ed74a1 100644 --- a/net/dsa/port.c +++ b/net/dsa/port.c @@ -176,7 +176,7 @@ static int dsa_port_inherit_brport_flags(struct dsa_port *dp, struct netlink_ext_ack *extack) { const unsigned long mask = BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | - BR_BCAST_FLOOD; + BR_BCAST_FLOOD | BR_PORT_LOCKED; struct net_device *brport_dev = dsa_port_to_bridge_port(dp); int flag, err; @@ -200,7 +200,7 @@ static void dsa_port_clear_brport_flags(struct dsa_port *dp) { const unsigned long val = BR_FLOOD | BR_MCAST_FLOOD | BR_BCAST_FLOOD; const unsigned long mask = BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | - BR_BCAST_FLOOD; + BR_BCAST_FLOOD | BR_PORT_LOCKED; int flag, err; for_each_set_bit(flag, &mask, 32) { From patchwork Tue Feb 22 13:28:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12755082 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C51BC433EF for ; Tue, 22 Feb 2022 13:30:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232536AbiBVNaZ (ORCPT ); Tue, 22 Feb 2022 08:30:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58202 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232517AbiBVNaU (ORCPT ); Tue, 22 Feb 2022 08:30:20 -0500 Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF4C915DDFE; Tue, 22 Feb 2022 05:29:47 -0800 (PST) Received: by mail-lj1-x22f.google.com with SMTP id v22so17638743ljh.7; Tue, 22 Feb 2022 05:29:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=oETJ8BHkapcELva/Ym67RlDH1CS2/CVd4pT03JpAmjk=; b=j12X/FWRwP1+D8mxEcvX9o1jdK90B92UFl6uKY24B15j42WEP+srspWV5F6vGLS3en 5VCaV/Gj4M0nNhycL7FB8zZgyWIDNhdMoxS0iRvH41gMixqELiqCg5nim0zw47KXtHtW ELNq6gZY3gg8tnJifGB04Cdp/JgrWC6J9lfsk2I3e2su10YMStxSFwFXSNY5AapTe2IU kk0Sth4aVEs8jIxztVhiV2ZMYcpHQSeMgSc/TfK02AjxIiIki5+BtqeRAFI469BH85e7 1PpvbjDd8Ygfb+IBp28O6yT+RHo79Zsswq2z8foV6zP7xRqKC5iN/YcKi708AJG5fHVa ZHYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=oETJ8BHkapcELva/Ym67RlDH1CS2/CVd4pT03JpAmjk=; b=b9OM9+hC5IQySSxdOvlrK/5wAKaUdtqqNqczfKU6KS9BETBHlBxWhcTIPcwaioBGPb rZiUuc0EAbOMu4DYCTJD5aOkiVHgcXElwECfW1UPfgI409CaMUT27IMMfprHxoetNt5/ DbUPUTRt8u8CogR3773IR5c47rVmnh99ZnEI9ja/JRoZ9yrPsPCa39rXdTBxrrvWVbz5 krAgZpw8yfsqOKw9nYmF4wHLdcN8TuzeUz4e6P4VQTBKkx69bFHjnr0frh4a0p2ME2re TUe2wEha4DECs2F5W0OHVQVWOTus3TmV8zHzIIGg5Ht/dE+SLsMpjx+DJaFTZ08MZW4O Y3UQ== X-Gm-Message-State: AOAM530WzE2HRYzub3iS6NEDHN4QV3HrIScgk1fYyHoxTlsygK9zpSqA pbOnacWvlLPutnCXDsb+Xf4= X-Google-Smtp-Source: ABdhPJxwB+q7fkT4IJ7EndAKT1ahOl0DgKmvFhWAHFnAngrAcpm5HSGA7KZwvbpqXldPfYV8tXdcZg== X-Received: by 2002:a2e:2e0e:0:b0:246:1570:f001 with SMTP id u14-20020a2e2e0e000000b002461570f001mr17306006lju.217.1645536586366; Tue, 22 Feb 2022 05:29:46 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id e22sm1703685ljb.17.2022.02.22.05.29.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Feb 2022 05:29:46 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Andrew Lunn , Vivien Didelot , Florian Fainelli , Vladimir Oltean , Roopa Prabhu , Nikolay Aleksandrov , Shuah Khan , Stephen Suryaputra , David Ahern , Ido Schimmel , Petr Machata , Amit Cohen , Po-Hsu Lin , Baowen Zheng , linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org, linux-kselftest@vger.kernel.org Subject: [PATCH net-next v4 4/5] net: dsa: mv88e6xxx: Add support for bridge port locked mode Date: Tue, 22 Feb 2022 14:28:17 +0100 Message-Id: <20220222132818.1180786-5-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> References: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Supporting bridge ports in locked mode using the drop on lock feature in Marvell mv88e6xxx switchcores is described in the '88E6096/88E6097/88E6097F Datasheet', sections 4.4.6, 4.4.7 and 5.1.2.1 (Drop on Lock). This feature is implemented here facilitated by the locked port flag. Signed-off-by: Hans Schultz --- drivers/net/dsa/mv88e6xxx/chip.c | 9 ++++++++- drivers/net/dsa/mv88e6xxx/port.c | 29 +++++++++++++++++++++++++++++ drivers/net/dsa/mv88e6xxx/port.h | 9 ++++++++- 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c index 58ca684d73f7..eed3713b97ae 100644 --- a/drivers/net/dsa/mv88e6xxx/chip.c +++ b/drivers/net/dsa/mv88e6xxx/chip.c @@ -5881,7 +5881,7 @@ static int mv88e6xxx_port_pre_bridge_flags(struct dsa_switch *ds, int port, const struct mv88e6xxx_ops *ops; if (flags.mask & ~(BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | - BR_BCAST_FLOOD)) + BR_BCAST_FLOOD | BR_PORT_LOCKED)) return -EINVAL; ops = chip->info->ops; @@ -5939,6 +5939,13 @@ static int mv88e6xxx_port_bridge_flags(struct dsa_switch *ds, int port, goto out; } + if (flags.mask & BR_PORT_LOCKED) { + bool locked = !!(flags.val & BR_PORT_LOCKED); + + err = mv88e6xxx_port_set_lock(chip, port, locked); + if (err) + goto out; + } out: mv88e6xxx_reg_unlock(chip); diff --git a/drivers/net/dsa/mv88e6xxx/port.c b/drivers/net/dsa/mv88e6xxx/port.c index ab41619a809b..b71061009fd4 100644 --- a/drivers/net/dsa/mv88e6xxx/port.c +++ b/drivers/net/dsa/mv88e6xxx/port.c @@ -1234,6 +1234,35 @@ int mv88e6xxx_port_set_mirror(struct mv88e6xxx_chip *chip, int port, return err; } +int mv88e6xxx_port_set_lock(struct mv88e6xxx_chip *chip, int port, + bool locked) +{ + u16 reg; + int err; + + err = mv88e6xxx_port_read(chip, port, MV88E6XXX_PORT_CTL0, ®); + if (err) + return err; + + reg &= ~MV88E6XXX_PORT_CTL0_SA_FILT_MASK; + if (locked) + reg |= MV88E6XXX_PORT_CTL0_SA_FILT_DROP_ON_LOCK; + + err = mv88e6xxx_port_write(chip, port, MV88E6XXX_PORT_CTL0, reg); + if (err) + return err; + + err = mv88e6xxx_port_read(chip, port, MV88E6XXX_PORT_ASSOC_VECTOR, ®); + if (err) + return err; + + reg &= ~MV88E6XXX_PORT_ASSOC_VECTOR_LOCKED_PORT; + if (locked) + reg |= MV88E6XXX_PORT_ASSOC_VECTOR_LOCKED_PORT; + + return mv88e6xxx_port_write(chip, port, MV88E6XXX_PORT_ASSOC_VECTOR, reg); +} + int mv88e6xxx_port_set_8021q_mode(struct mv88e6xxx_chip *chip, int port, u16 mode) { diff --git a/drivers/net/dsa/mv88e6xxx/port.h b/drivers/net/dsa/mv88e6xxx/port.h index 03382b66f800..3f70557f0d48 100644 --- a/drivers/net/dsa/mv88e6xxx/port.h +++ b/drivers/net/dsa/mv88e6xxx/port.h @@ -142,7 +142,11 @@ /* Offset 0x04: Port Control Register */ #define MV88E6XXX_PORT_CTL0 0x04 #define MV88E6XXX_PORT_CTL0_USE_CORE_TAG 0x8000 -#define MV88E6XXX_PORT_CTL0_DROP_ON_LOCK 0x4000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_MASK 0xc000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_DISABLED 0x0000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_DROP_ON_LOCK 0x4000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_DROP_ON_UNLOCK 0x8000 +#define MV88E6XXX_PORT_CTL0_SA_FILT_DROP_ON_CPU 0xc000 #define MV88E6XXX_PORT_CTL0_EGRESS_MODE_MASK 0x3000 #define MV88E6XXX_PORT_CTL0_EGRESS_MODE_UNMODIFIED 0x0000 #define MV88E6XXX_PORT_CTL0_EGRESS_MODE_UNTAGGED 0x1000 @@ -365,6 +369,9 @@ int mv88e6xxx_port_set_fid(struct mv88e6xxx_chip *chip, int port, u16 fid); int mv88e6xxx_port_get_pvid(struct mv88e6xxx_chip *chip, int port, u16 *pvid); int mv88e6xxx_port_set_pvid(struct mv88e6xxx_chip *chip, int port, u16 pvid); +int mv88e6xxx_port_set_lock(struct mv88e6xxx_chip *chip, int port, + bool locked); + int mv88e6xxx_port_set_8021q_mode(struct mv88e6xxx_chip *chip, int port, u16 mode); int mv88e6095_port_tag_remap(struct mv88e6xxx_chip *chip, int port); From patchwork Tue Feb 22 13:28:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans S X-Patchwork-Id: 12755083 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C52A9C433EF for ; Tue, 22 Feb 2022 13:30:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232509AbiBVNa1 (ORCPT ); Tue, 22 Feb 2022 08:30:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232507AbiBVNaY (ORCPT ); Tue, 22 Feb 2022 08:30:24 -0500 Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43CE415F082; Tue, 22 Feb 2022 05:29:55 -0800 (PST) Received: by mail-lf1-x130.google.com with SMTP id j7so24786133lfu.6; Tue, 22 Feb 2022 05:29:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:organization:content-transfer-encoding; bh=apVwciccGncKyrNnT21WgTMlXkF016ygJDNOQ6HTOEY=; b=TUG8laC+Wl5KqrFopUf/VVbz6g9dDrIwlg3tfwzUw9zRlqs4eVDDH2hibE25183xEH qzS3hZTEmFMfz6PnRblUjbKF3WeWRBb6BwVeI3X648O4evbKhgdah52fBE3ZwTqfTE2M bvWHBWA/GudQMROp0hPvAbDHC2AL70GFkziwApkIlRa3w8rh8Ruydl2nZAoiR+iY2HJW bOYlRblvniIkcOm+BZD0WA+PebhWtMVDgCRcg44w0YrQgZaOvkA2/LdAevxTjbsyEhk+ i+1HlA7QQLD8wEno/44Z5u6IRGqNO/xF30cJiJwxFg8VaJ/ab1h45xVHYAS6+zExhAM9 tsmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:organization:content-transfer-encoding; bh=apVwciccGncKyrNnT21WgTMlXkF016ygJDNOQ6HTOEY=; b=Y5uQBT73KFyAo6DRAh8fiW9byvXD+eWXyt1OA76/h2k1ruRG+Og8U0jzMTKA+9WD9u G38ZFTeKuqVYG0IrUerdtYhR/EPvNGlvdRZuZ2yzS4O0hTdl6aYVq5dla23E0bayMYme eXeZF8K8Gu1wRJPpxKxBW6wIxyED9l9AIc9Gz78l3Dm+qCqlW0dxJKnzaYtmWFawZpuj b1aHPle1N1excPx7f44SDJvtolmz+wO5RK3+0fi/q5x7P8n91hO41gpVSZhhCZ6aAwPJ g1KnCKZ8/5QK71PbPwaZvl7NAsIpR3m7NMezA1CMqAQbXhZvBfEJLOEKonMOvXULgap8 scMw== X-Gm-Message-State: AOAM530SzIPgCTTFYgfHHKoPSUG7lEbZh5amUxyR4lbZgut6ecKYFz2E uCUzwZZV6BLm5RzL5/fpgPs= X-Google-Smtp-Source: ABdhPJwc6RRWm6+BPTKa0C/3tgUzVX3hZENkr5K/8THqBgvYVvDZfAJUApd4EGMAsEpP1EudELq1HA== X-Received: by 2002:ac2:5d67:0:b0:442:f135:3bcc with SMTP id h7-20020ac25d67000000b00442f1353bccmr17248740lft.452.1645536593576; Tue, 22 Feb 2022 05:29:53 -0800 (PST) Received: from wse-c0127.beijerelectronics.com ([208.127.141.29]) by smtp.gmail.com with ESMTPSA id e22sm1703685ljb.17.2022.02.22.05.29.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Feb 2022 05:29:53 -0800 (PST) From: Hans Schultz X-Google-Original-From: Hans Schultz To: davem@davemloft.net, kuba@kernel.org Cc: netdev@vger.kernel.org, Hans Schultz , Andrew Lunn , Vivien Didelot , Florian Fainelli , Vladimir Oltean , Roopa Prabhu , Nikolay Aleksandrov , Shuah Khan , Stephen Suryaputra , David Ahern , Ido Schimmel , Petr Machata , Amit Cohen , Po-Hsu Lin , Baowen Zheng , linux-kernel@vger.kernel.org, bridge@lists.linux-foundation.org, linux-kselftest@vger.kernel.org Subject: [PATCH net-next v4 5/5] selftests: forwarding: tests of locked port feature Date: Tue, 22 Feb 2022 14:28:18 +0100 Message-Id: <20220222132818.1180786-6-schultz.hans+netdev@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> References: <20220222132818.1180786-1-schultz.hans+netdev@gmail.com> MIME-Version: 1.0 Organization: Westermo Network Technologies AB Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org These tests check that the basic locked port feature works, so that no 'host' can communicate (ping) through a locked port unless the MAC address of the 'host' interface is in the forwarding database of the bridge. Signed-off-by: Hans Schultz --- .../testing/selftests/net/forwarding/Makefile | 1 + .../net/forwarding/bridge_locked_port.sh | 180 ++++++++++++++++++ tools/testing/selftests/net/forwarding/lib.sh | 8 + 3 files changed, 189 insertions(+) create mode 100755 tools/testing/selftests/net/forwarding/bridge_locked_port.sh diff --git a/tools/testing/selftests/net/forwarding/Makefile b/tools/testing/selftests/net/forwarding/Makefile index 72ee644d47bf..8fa97ae9af9e 100644 --- a/tools/testing/selftests/net/forwarding/Makefile +++ b/tools/testing/selftests/net/forwarding/Makefile @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0+ OR MIT TEST_PROGS = bridge_igmp.sh \ + bridge_locked_port.sh \ bridge_port_isolation.sh \ bridge_sticky_fdb.sh \ bridge_vlan_aware.sh \ diff --git a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh new file mode 100755 index 000000000000..a8800e531d07 --- /dev/null +++ b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh @@ -0,0 +1,180 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +ALL_TESTS="locked_port_ipv4 locked_port_ipv6 locked_port_vlan" +NUM_NETIFS=4 +CHECK_TC="no" +source lib.sh + +h1_create() +{ + simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64 + vrf_create "vrf-vlan-h1" + ip link set dev vrf-vlan-h1 up + vlan_create $h1 100 vrf-vlan-h1 198.51.100.1/24 ::ffff:c633:6401/64 +} + +h1_destroy() +{ + vlan_destroy $h1 100 + simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64 +} + +h2_create() +{ + simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64 + vrf_create "vrf-vlan-h2" + ip link set dev vrf-vlan-h2 up + vlan_create $h2 100 vrf-vlan-h2 198.51.100.2/24 ::ffff:c633:6402/64 +} + +h2_destroy() +{ + vlan_destroy $h2 100 + simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64 +} + +switch_create() +{ + ip link add dev br0 type bridge vlan_filtering 1 + + ip link set dev $swp1 master br0 + ip link set dev $swp2 master br0 + + ip link set dev br0 up + ip link set dev $swp1 up + ip link set dev $swp2 up + + bridge link set dev $swp1 learning off +} + +switch_destroy() +{ + ip link set dev $swp2 down + ip link set dev $swp1 down + + ip link del dev br0 +} + +setup_prepare() +{ + h1=${NETIFS[p1]} + swp1=${NETIFS[p2]} + + swp2=${NETIFS[p3]} + h2=${NETIFS[p4]} + + vrf_prepare + + h1_create + h2_create + + switch_create +} + +cleanup() +{ + pre_cleanup + + switch_destroy + + h2_destroy + h1_destroy + + vrf_cleanup +} + +locked_port_ipv4() +{ + RET=0 + + check_locked_port_support || return 0 + + ping_do $h1 192.0.2.2 + check_err $? "Ping did not work before locking port" + + bridge link set dev $swp1 locked on + + ping_do $h1 192.0.2.2 + check_fail $? "Ping worked after locking port, but before adding FDB entry" + + bridge fdb add `mac_get $h1` dev $swp1 master static + + ping_do $h1 192.0.2.2 + check_err $? "Ping did not work after locking port and adding FDB entry" + + bridge link set dev $swp1 locked off + bridge fdb del `mac_get $h1` dev $swp1 master static + + ping_do $h1 192.0.2.2 + check_err $? "Ping did not work after unlocking port and removing FDB entry." + + log_test "Locked port ipv4" +} + +locked_port_vlan() +{ + RET=0 + + check_locked_port_support || return 0 + + bridge vlan add vid 100 dev $swp1 + bridge vlan add vid 100 dev $swp2 + + ping_do $h1.100 198.51.100.2 + check_err $? "Ping through vlan did not work before locking port" + + bridge link set dev $swp1 locked on + ping_do $h1.100 198.51.100.2 + check_fail $? "Ping through vlan worked after locking port, but before adding FDB entry" + + bridge fdb add `mac_get $h1` dev $swp1 vlan 100 master static + + ping_do $h1.100 198.51.100.2 + check_err $? "Ping through vlan did not work after locking port and adding FDB entry" + + bridge link set dev $swp1 locked off + bridge fdb del `mac_get $h1` dev $swp1 vlan 100 master static + + ping_do $h1.100 198.51.100.2 + check_err $? "Ping through vlan did not work after unlocking port and removing FDB entry" + + bridge vlan del vid 100 dev $swp1 + bridge vlan del vid 100 dev $swp2 + log_test "Locked port vlan" +} + +locked_port_ipv6() +{ + RET=0 + check_locked_port_support || return 0 + + ping6_do $h1 2001:db8:1::2 + check_err $? "Ping6 did not work before locking port" + + bridge link set dev $swp1 locked on + + ping6_do $h1 2001:db8:1::2 + check_fail $? "Ping6 worked after locking port, but before adding FDB entry" + + bridge fdb add `mac_get $h1` dev $swp1 master static + ping6_do $h1 2001:db8:1::2 + check_err $? "Ping6 did not work after locking port and adding FDB entry" + + bridge link set dev $swp1 locked off + bridge fdb del `mac_get $h1` dev $swp1 master static + + ping6_do $h1 2001:db8:1::2 + check_err $? "Ping6 did not work after unlocking port and removing FDB entry" + + log_test "Locked port ipv6" +} + +trap cleanup EXIT + +setup_prepare +setup_wait + +tests_run + +exit $EXIT_STATUS diff --git a/tools/testing/selftests/net/forwarding/lib.sh b/tools/testing/selftests/net/forwarding/lib.sh index 7da783d6f453..c26b603abb4d 100644 --- a/tools/testing/selftests/net/forwarding/lib.sh +++ b/tools/testing/selftests/net/forwarding/lib.sh @@ -125,6 +125,14 @@ check_ethtool_lanes_support() fi } +check_locked_port_support() +{ + if ! bridge -d link show | grep -q " locked"; then + echo "SKIP: iproute2 too old; Locked port feature not supported." + return $ksft_skip + fi +} + if [[ "$(id -u)" -ne 0 ]]; then echo "SKIP: need root privileges" exit $ksft_skip