Re: [PATCH RFC net-next 3/3] net: dsa: deny 8021q uppers on vlan unaware bridged ports

From: Jonas Gorski
Date: Tue Nov 11 2025 - 05:22:47 EST

Next message: Meghana Malladi: "[PATCH net-next v5 1/6] net: ti: icssg-prueth: Add functions to create and destroy Rx/Tx queues"
Previous message: Pawel Dembicki: "[PATCH v4] wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing"
In reply to: Vladimir Oltean: "Re: [PATCH RFC net-next 3/3] net: dsa: deny 8021q uppers on vlan unaware bridged ports"
Next in thread: Vladimir Oltean: "Re: [PATCH RFC net-next 3/3] net: dsa: deny 8021q uppers on vlan unaware bridged ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 10, 2025 at 11:25 PM Vladimir Oltean
<vladimir.oltean@xxxxxxx> wrote:
>
> On Mon, Nov 10, 2025 at 10:44:43PM +0100, Jonas Gorski wrote:
> > Documentation/networking/switchdev.rst says:
> >
> > - with VLAN filtering turned off, the bridge will process all ingress
> > traffic for the port, except for the traffic tagged with a VLAN ID
> > destined for a VLAN upper.
> >
> > But there is currently no way to configure this in dsa. The vlan upper
> > will trigger a vlan add to the driver, but it is the same message as a
> > newly configured bridge VLAN.
>
> hmm, not necessarily. vlan_vid_add() will only go through with
> vlan_add_rx_filter_info() -> dev->netdev_ops->ndo_vlan_rx_add_vid()
> if the device is vlan_hw_filter_capable().
>
> And that's the key, DSA user ports only(*) become vlan_hw_filter_capable()
> when under a VLAN _aware_ bridge. (*)actually here is the exception
> you're probably hitting: due to the ds->vlan_filtering_is_global quirk,
> unrelated ports become vlan_hw_filter_capable() too, not just the ones
> under the VLAN-aware bridge. This is possibly what you're seeing and the
> reason for the incorrect conclusion that VLAN-unaware bridge ports have
> the behaviour you mention.

Ah, right, no call at all.

But this is about a bridge with VLAN filtering disabled, so filtering
isn't enabled on any port, so ds->vlan_filtering_is_global does not
matter.

See my examples in my reply to 0/3, which hopefully clarify what I am
trying to prevent here.

> > Therefore traffic tagged with the VID will continue to be forwarded to
> > other ports, and therefore we cannot support VLAN uppers on ports of a
> > VLAN unaware bridges.
>
> Incorrect premise => incorrect conclusion.
> (not to say that an uncaught problem isn't there for ds->vlan_filtering_is_global
> switches, but this isn't it)

This should happen regardless of vlan filtering is global.

But I noticed while testing that apparently b53 in filtering=0 mode
does not forward any tagged traffic (and I think I know why ...).

Is there a way to ask for a replay of the fdb (static) entries? To fix
this for older switches, we need to disable 802.1q mode, but this also
switches the ARL from IVL to SVL, which changes the hashing, and would
break any existing entries. So we need to flush the ARL before
toggling 802.1q mode, and then reprogram any static entries.

Best regards,
Jonas

Next message: Meghana Malladi: "[PATCH net-next v5 1/6] net: ti: icssg-prueth: Add functions to create and destroy Rx/Tx queues"
Previous message: Pawel Dembicki: "[PATCH v4] wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing"
In reply to: Vladimir Oltean: "Re: [PATCH RFC net-next 3/3] net: dsa: deny 8021q uppers on vlan unaware bridged ports"
Next in thread: Vladimir Oltean: "Re: [PATCH RFC net-next 3/3] net: dsa: deny 8021q uppers on vlan unaware bridged ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]