Hi Andrew,
Andrew Lunn <and...@lunn.ch> writes:
> I don't like the idea of leaking frames.
I don't like it neither. That's why this patch series is out there. It
improves the security on PVT-capable Marvell switches by programming the
tables correctly on bridging events.
A next step can be to warn the user about the software or hardware
limitations (s)he is currently experiencing with something roughly like
this in cross-chip bridging operations:
if (!mv88e6xxx_has_pvt(chip)) {
#if IS_ENABLED(BRIDGE_VLAN_FILTERING)
return 0;
#else
pr_err("Cross-chip bridging is forbidden on non-PVT hardware and
non-VLAN-filtering aware systems\n");
return -EINVAL;
#endif
}
But let's keep it simple for the moment and go baby steps. First program
PVT tables correctly as this patchset does, then figure out how to
handle non-PVT systems. That is a good topic for next week ;-)
Thanks,
Vivien
