netdev at kapio-technology.com
2022-Sep-27 08:33 UTC
[Bridge] [PATCH v5 net-next 6/6] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests
On 2022-09-21 09:15, Ido Schimmel wrote:> bridge fdb add `mac_get $h2` dev br0 blackholeTo make this work, I think we need to change the concept, so that blackhole FDB entries are added to ports connected to the bridge, thus bridge fdb add MAC dev $swpX master blackhole This makes sense as the driver adds them based on the port where the SMAC is seen, even though the effect of the blackhole FDB entry is switch wide. Adding them to the bridge (e.g. f.ex. br0) will not work in the SW bridge as the entries then are not found. We could deny this possibility or just document the use? For offloaded I can change the add, so that it does a delete (even if none are present) and a add, thus facilitating the replace. How does this sound?
Ido Schimmel
2022-Sep-28 06:59 UTC
[Bridge] [PATCH v5 net-next 6/6] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests
Sorry for the delay, was away. On Tue, Sep 27, 2022 at 10:33:10AM +0200, netdev at kapio-technology.com wrote:> On 2022-09-21 09:15, Ido Schimmel wrote: > > bridge fdb add `mac_get $h2` dev br0 blackhole > > To make this work, I think we need to change the concept, so that blackhole > FDB entries are added to ports connected to the bridge, thus > bridge fdb add MAC dev $swpX master blackhole > > This makes sense as the driver adds them based on the port where the SMAC is > seen, even though the effect of the blackhole FDB entry is switch wide.Asking user space to associate a blackhole entry with a bridge port does not make sense to me because unlike regular entries, blackhole entries do not forward packets out of this port. Blackhole routes and nexthops are not associated with a device either.> Adding them to the bridge (e.g. f.ex. br0) will not work in the SW bridge as > the entries then are not found.Why not found? This works: # bridge fdb add 00:11:22:33:44:55 dev br0 self local $ bridge fdb get 00:11:22:33:44:55 br br0 00:11:22:33:44:55 dev br0 master br0 permanent With blackhole support I expect: # bridge fdb add 00:11:22:33:44:55 dev br0 self local blackhole $ bridge fdb get 00:11:22:33:44:55 br br0 00:11:22:33:44:55 dev br0 master br0 permanent blackhole