On Tue, Nov 08, 2022 at 11:47:08AM +0100, Petr Machata wrote: > From: Hans J. Schultz <netdev@xxxxxxxxxxxxxxxxxxxx> > > When the bridge is offloaded to hardware, FDB entries are learned and > aged-out by the hardware. Some device drivers synchronize the hardware > and software FDBs by generating switchdev events towards the bridge. > > When a port is locked, the hardware must not learn autonomously, as > otherwise any host will blindly gain authorization. Instead, the > hardware should generate events regarding hosts that are trying to gain > authorization and their MAC addresses should be notified by the device > driver as locked FDB entries towards the bridge driver. > > Allow device drivers to notify the bridge driver about such entries by > extending the 'switchdev_notifier_fdb_info' structure with the 'locked' > bit. The bit can only be set by device drivers and not by the bridge > driver. > > Prevent a locked entry from being installed if MAB is not enabled on the > bridge port. > > If an entry already exists in the bridge driver, reject the locked entry > if the current entry does not have the "locked" flag set or if it points > to a different port. The same semantics are implemented in the software > data path. > > Signed-off-by: Hans J. Schultz <netdev@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Ido Schimmel <idosch@xxxxxxxxxx> > Reviewed-by: Petr Machata <petrm@xxxxxxxxxx> > Signed-off-by: Petr Machata <petrm@xxxxxxxxxx> > --- > > Notes: > v1: > * Adjust commit message. > * Add a check in br_switchdev_fdb_notify(). > * Use 'false' instead of '0' in br_switchdev_fdb_populate(). Thanks for making the changes. Reviewed-by: Vladimir Oltean <vladimir.oltean@xxxxxxx> (imagine this was my NXP email address, I'm not subscribed to netdev @work)
