[PATCH v5 net-next 6/6] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests

Ido Schimmel idosch at nvidia.com
Tue Sep 27 23:59:14 PDT 2022


Sorry for the delay, was away.

On Tue, Sep 27, 2022 at 10:33:10AM +0200, netdev at kapio-technology.com wrote:
> On 2022-09-21 09:15, Ido Schimmel wrote:
> > 	bridge fdb add `mac_get $h2` dev br0 blackhole
> 
> To make this work, I think we need to change the concept, so that blackhole
> FDB entries are added to ports connected to the bridge, thus
>      bridge fdb add MAC dev $swpX master blackhole
> 
> This makes sense as the driver adds them based on the port where the SMAC is
> seen, even though the effect of the blackhole FDB entry is switch wide.

Asking user space to associate a blackhole entry with a bridge port does
not make sense to me because unlike regular entries, blackhole entries
do not forward packets out of this port. Blackhole routes and nexthops
are not associated with a device either.

> Adding them to the bridge (e.g. f.ex. br0) will not work in the SW bridge as
> the entries then are not found.

Why not found? This works:

 # bridge fdb add 00:11:22:33:44:55 dev br0 self local
 $ bridge fdb get 00:11:22:33:44:55 br br0
 00:11:22:33:44:55 dev br0 master br0 permanent

With blackhole support I expect:

 # bridge fdb add 00:11:22:33:44:55 dev br0 self local blackhole
 $ bridge fdb get 00:11:22:33:44:55 br br0
 00:11:22:33:44:55 dev br0 master br0 permanent blackhole



More information about the linux-arm-kernel mailing list