Re: [PATCH net-next 3/3] net: dsa: mv88e6xxx: mac-auth/MAB implementation

From: netdev
Date: Tue Dec 06 2022 - 11:38:27 EST


On 2022-12-06 13:53, Ido Schimmel wrote:
On Mon, Dec 05, 2022 at 07:59:08PM +0100, Hans J. Schultz wrote:
This implementation for the Marvell mv88e6xxx chip series, is based on
handling ATU miss violations occurring when packets ingress on a port
that is locked with learning on. This will trigger a
SWITCHDEV_FDB_ADD_TO_BRIDGE event, which will result in the bridge module
adding a locked FDB entry. This bridge FDB entry will not age out as
it has the extern_learn flag set.

Userspace daemons can listen to these events and either accept or deny
access for the host, by either replacing the locked FDB entry with a
simple entry or leave the locked entry.

If the host MAC address is already present on another port, a ATU
member violation will occur, but to no real effect.

And the packet will be dropped in hardware, right?

Every packet that enters a locked port and does not have a matching ATU entry on the port will be dropped (in HW) afaik.

---

The changelog from previous versions is missing.


I am afraid because I made a mistake with the version string last, this should be regarded as a first. Therefore no changelog.

err = mv88e6xxx_g1_atu_mac_read(chip, &entry);
if (err)
- goto out;
+ goto out_unlock;
+
+ mv88e6xxx_reg_unlock(chip);

I was under the impression that we agreed that the locking change will
be split to a separate patch.


Sorry, I guess that because of the quite long time that has passed as I needed to get this FID=0 issue sorted out, and had many other different changes to attend, I forgot. I see an updated version is needed anyhow, so I will do it there.


spid = entry.state;