On Tue, Nov 08, 2022 at 11:47:08AM +0100, Petr Machata wrote: > From: Hans J. Schultz <[email protected]> > > When the bridge is offloaded to hardware, FDB entries are learned and > aged-out by the hardware. Some device drivers synchronize the hardware > and software FDBs by generating switchdev events towards the bridge. > > When a port is locked, the hardware must not learn autonomously, as > otherwise any host will blindly gain authorization. Instead, the > hardware should generate events regarding hosts that are trying to gain > authorization and their MAC addresses should be notified by the device > driver as locked FDB entries towards the bridge driver. > > Allow device drivers to notify the bridge driver about such entries by > extending the 'switchdev_notifier_fdb_info' structure with the 'locked' > bit. The bit can only be set by device drivers and not by the bridge > driver. > > Prevent a locked entry from being installed if MAB is not enabled on the > bridge port. > > If an entry already exists in the bridge driver, reject the locked entry > if the current entry does not have the "locked" flag set or if it points > to a different port. The same semantics are implemented in the software > data path. > > Signed-off-by: Hans J. Schultz <[email protected]> > Signed-off-by: Ido Schimmel <[email protected]> > Reviewed-by: Petr Machata <[email protected]> > Signed-off-by: Petr Machata <[email protected]> > --- > > Notes: > v1: > * Adjust commit message. > * Add a check in br_switchdev_fdb_notify(). > * Use 'false' instead of '0' in br_switchdev_fdb_populate().
Thanks for making the changes. Reviewed-by: Vladimir Oltean <[email protected]> (imagine this was my NXP email address, I'm not subscribed to netdev @work)
