Thread (69 messages) 69 messages, 5 authors, 2022-09-29

Re: [PATCH v5 net-next 6/6] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests

From: Ido Schimmel <idosch@nvidia.com>
Date: 2022-09-28 06:59:44
Also in: bridge, linux-arm-kernel, linux-kselftest, linux-mediatek, lkml

Sorry for the delay, was away.

On Tue, Sep 27, 2022 at 10:33:10AM +0200, netdev@kapio-technology.com wrote:
On 2022-09-21 09:15, Ido Schimmel wrote:
quoted
	bridge fdb add `mac_get $h2` dev br0 blackhole
To make this work, I think we need to change the concept, so that blackhole
FDB entries are added to ports connected to the bridge, thus
     bridge fdb add MAC dev $swpX master blackhole

This makes sense as the driver adds them based on the port where the SMAC is
seen, even though the effect of the blackhole FDB entry is switch wide.
Asking user space to associate a blackhole entry with a bridge port does
not make sense to me because unlike regular entries, blackhole entries
do not forward packets out of this port. Blackhole routes and nexthops
are not associated with a device either.
Adding them to the bridge (e.g. f.ex. br0) will not work in the SW bridge as
the entries then are not found.
Why not found? This works:

 # bridge fdb add 00:11:22:33:44:55 dev br0 self local
 $ bridge fdb get 00:11:22:33:44:55 br br0
 00:11:22:33:44:55 dev br0 master br0 permanent

With blackhole support I expect:

 # bridge fdb add 00:11:22:33:44:55 dev br0 self local blackhole
 $ bridge fdb get 00:11:22:33:44:55 br br0
 00:11:22:33:44:55 dev br0 master br0 permanent blackhole
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help