Re: [RFC 8/9] net: dsa: mv88e6352: set port 802.1Q mode to Secure
From: Vivien Didelot
Date: Tue Jun 02 2015 - 19:45:31 EST
Hi Guenter,
On Jun 2, 2015, at 10:31 AM, Guenter Roeck linux@xxxxxxxxxxxx wrote:
On 06/01/2015 06:27 PM, Vivien Didelot wrote:
>> This commit changes the 802.1Q mode of each port from Disabled to
>> Secure. This enables the VLAN support, by checking the VTU entries on
>> ingress.
>>
>> Signed-off-by: Vivien Didelot <vivien.didelot@xxxxxxxxxxxxxxxxxxxx>
>> ---
>> drivers/net/dsa/mv88e6xxx.c | 14 +++++++-------
>> drivers/net/dsa/mv88e6xxx.h | 5 +++++
>> 2 files changed, 12 insertions(+), 7 deletions(-)
>>
>> diff --git a/drivers/net/dsa/mv88e6xxx.c b/drivers/net/dsa/mv88e6xxx.c
>> index ed49bd8..35243d8 100644
>> --- a/drivers/net/dsa/mv88e6xxx.c
>> +++ b/drivers/net/dsa/mv88e6xxx.c
>> @@ -1723,13 +1723,11 @@ static int mv88e6xxx_setup_port(struct dsa_switch *ds,
>> int port)
>> goto abort;
>> }
>>
>> - /* Port Control 2: don't force a good FCS, set the maximum
>> - * frame size to 10240 bytes, don't let the switch add or
>> - * strip 802.1q tags, don't discard tagged or untagged frames
>> - * on this port, do a destination address lookup on all
>> - * received packets as usual, disable ARP mirroring and don't
>> - * send a copy of all transmitted/received frames on this port
>> - * to the CPU.
>> + /* Port Control 2: don't force a good FCS, set the maximum frame size to
>> + * 10240 bytes, enable secure 802.1q tags, don't discard tagged or
>> + * untagged frames on this port, do a destination address lookup on all
>> + * received packets as usual, disable ARP mirroring and don't send a
>> + * copy of all transmitted/received frames on this port to the CPU.
>> */
>> reg = 0;
>> if (mv88e6xxx_6352_family(ds) || mv88e6xxx_6351_family(ds) ||
>> @@ -1751,6 +1749,8 @@ static int mv88e6xxx_setup_port(struct dsa_switch *ds, int
>> port)
>> reg |= PORT_CONTROL_2_FORWARD_UNKNOWN;
>> }
>>
>> + reg |= PORT_CONTROL_2_8021Q_SECURE;
>> +
>
> Hi Vivien,
>
> Unless I misunderstand the documentation, this effectively disables VLAN
> support on non-bridge ports, especially since the ndo_ functions to add VLAN
> entries to such ports are not implemented. Is that intentional, or am I
> missing something ?
Indeed, I intentionaly set the port mode to Secure to work on 802.1q.
For both cases, the Fallback mode should be enough; this mode checks the
VTU for a valid entry, otherwise checks the port-based VLAN map.
Supporting port-based VLAN looks like another tricky thread.
Ideally, this must be configurable. In my case I do need strict 802.1q.
Can ethtool/iproute2 can do something about the port 802.1q mode?
Thanks,
-v
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/