All of lore.kernel.org
 help / color / mirror / Atom feed
From: Florian Fainelli <f.fainelli@gmail.com>
To: Vladimir Oltean <olteanv@gmail.com>
Cc: davem@davemloft.net, vivien.didelot@gmail.com, andrew@lunn.ch,
	netdev@vger.kernel.org
Subject: Re: [PATCH net-next 4/4] net: dsa: set configure_vlan_while_not_filtering to true by default
Date: Wed, 9 Sep 2020 11:34:02 -0700	[thread overview]
Message-ID: <5edf3aa2-c417-e708-b259-7235de7bc8d2@gmail.com> (raw)
In-Reply-To: <20200909175325.bshts3hl537xtz2q@skbuf>



On 9/9/2020 10:53 AM, Vladimir Oltean wrote:
> On Wed, Sep 09, 2020 at 10:22:42AM -0700, Florian Fainelli wrote:
>> How do you make sure that the CPU port sees the frame untagged which would
>> be necessary for a VLAN-unaware bridge? Do you have a special remapping
>> rule?
> 
> No, I don't have any remapping rules that would be relevant here.
> Why would the frames need to be necessarily untagged for a VLAN-unaware
> bridge, why is it a problem if they aren't?
> 
> bool br_allowed_ingress(const struct net_bridge *br,
> 			struct net_bridge_vlan_group *vg, struct sk_buff *skb,
> 			u16 *vid, u8 *state)
> {
> 	/* If VLAN filtering is disabled on the bridge, all packets are
> 	 * permitted.
> 	 */
> 	if (!br_opt_get(br, BROPT_VLAN_ENABLED)) {
> 		BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
> 		return true;
> 	}
> 
> 	return __allowed_ingress(br, vg, skb, vid, state);
> }
> 
> If I have a VLAN on a bridged switch port where the bridge is not
> filtering, I have an 8021q upper of the bridge with that VLAN ID.

Yes that is the key right there, you need an 8021q upper to pop the VLAN 
ID or push it, that is another thing that users need to be aware of 
which is a bit awkward, most expect things to just work. Maybe we should 
just refuse to have bridge devices that are not VLAN-aware, because this 
is just too cumbersome to deal with.

> 
>> Initially the concern I had was with the use case described above which was
>> a 802.1Q separation, but in hindsight MAC address learning would result in
>> the frames going to the appropriate ports/VLANs anyway.
> 
> If by "separation" you mean "limiting the forwarding domain", the switch
> keeps the same VLAN associated with the frame internally, regardless of
> whether it's egress-tagged or not.

True, so I am not sure what I was thinking back then.

> 
>>>
>>>> Tangentially, maybe we should finally add support for programming the CPU
>>>> port's VLAN membership independently from the other ports.
>>>
>>> How?
>>
>> Something like this:
>>
>> https://lore.kernel.org/lkml/20180625091713.GA13442@apalos/T/
> 
> I need to take some time to understand what's going on there.
> 

-- 
Florian

  reply	other threads:[~2020-09-09 18:34 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-07 18:29 [PATCH net-next 0/4] Some VLAN handling cleanup in DSA Vladimir Oltean
2020-09-07 18:29 ` [PATCH net-next 1/4] net: dsa: tag_8021q: include missing refcount.h Vladimir Oltean
2020-09-08  4:07   ` Florian Fainelli
2020-09-07 18:29 ` [PATCH net-next 2/4] net: dsa: tag_8021q: add a context structure Vladimir Oltean
2020-09-07 18:29 ` [PATCH net-next 3/4] Revert "net: dsa: Add more convenient functions for installing port VLANs" Vladimir Oltean
2020-09-07 18:29 ` [PATCH net-next 4/4] net: dsa: set configure_vlan_while_not_filtering to true by default Vladimir Oltean
2020-09-08  4:07   ` Florian Fainelli
2020-09-08 10:33     ` Vladimir Oltean
2020-09-08 22:28     ` Florian Fainelli
2020-09-09  0:02       ` Florian Fainelli
2020-09-09 16:31         ` Vladimir Oltean
2020-09-09 17:22           ` Florian Fainelli
2020-09-09 17:53             ` Vladimir Oltean
2020-09-09 18:34               ` Florian Fainelli [this message]
2020-09-10 21:58                 ` Florian Fainelli
2020-09-11  0:03                   ` Vladimir Oltean
2020-09-11  3:09                     ` Florian Fainelli
2020-09-11 15:43                       ` Vladimir Oltean
2020-09-11 18:23                         ` Florian Fainelli
2020-09-11 18:35                           ` Vladimir Oltean
2020-09-11 19:39                             ` Florian Fainelli
2020-09-11 19:48                               ` Florian Fainelli
2020-09-11 22:30                                 ` Vladimir Oltean
2020-09-08 10:14   ` Kurt Kanzenbach
2020-09-08 10:29     ` Vladimir Oltean
2020-10-02  8:06       ` Kurt Kanzenbach
2020-10-02  8:15         ` Vladimir Oltean
2020-10-03  7:52           ` Vladimir Oltean
2020-10-03  9:45             ` Kurt Kanzenbach
2020-10-04 10:56               ` Vladimir Oltean
2020-10-05 12:34                 ` Vladimir Oltean

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5edf3aa2-c417-e708-b259-7235de7bc8d2@gmail.com \
    --to=f.fainelli@gmail.com \
    --cc=andrew@lunn.ch \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=olteanv@gmail.com \
    --cc=vivien.didelot@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.