Merge branch 'mlxsw-add-802-1x-and-mab-offload-support'

     - Traps incoming packets that the device decided to drop because

       the destination MAC is not configured in the MAC table and

       the interface is not in promiscuous mode

   * - ``eapol``

     - ``control``

     - Traps "Extensible Authentication Protocol over LAN" (EAPOL) packets

       specified in IEEE 802.1X

   * - ``locked_port``

     - ``drop``

     - Traps packets that the device decided to drop because they failed the

       locked bridge port check. That is, packets that were received via a

       locked port and whose {SMAC, VID} does not correspond to an FDB entry

       pointing to the port

Driver-specific Packet Traps

============================

   * - ``parser_error_drops``

     - Contains packet traps for packets that were marked by the device during

       parsing as erroneous

   * - ``eapol``

     - Contains packet traps for "Extensible Authentication Protocol over LAN"

       (EAPOL) packets specified in IEEE 802.1X

Packet Trap Policers

====================

	}

}

/* SPFSR - Switch Port FDB Security Register

 * -----------------------------------------

 * Configures the security mode per port.

 */

#define MLXSW_REG_SPFSR_ID 0x2023

#define MLXSW_REG_SPFSR_LEN 0x08

MLXSW_REG_DEFINE(spfsr, MLXSW_REG_SPFSR_ID, MLXSW_REG_SPFSR_LEN);

/* reg_spfsr_local_port

 * Local port.

 * Access: Index

 *

 * Note: not supported for CPU port.

 */

MLXSW_ITEM32_LP(reg, spfsr, 0x00, 16, 0x00, 12);

/* reg_spfsr_security

 * Security checks.

 * 0: disabled (default)

 * 1: enabled

 * Access: RW

 */

MLXSW_ITEM32(reg, spfsr, security, 0x04, 31, 1);

static inline void mlxsw_reg_spfsr_pack(char *payload, u16 local_port,

					bool security)

{

	MLXSW_REG_ZERO(spfsr, payload);

	mlxsw_reg_spfsr_local_port_set(payload, local_port);

	mlxsw_reg_spfsr_security_set(payload, security);

}

/* SPVC - Switch Port VLAN Classification Register

 * -----------------------------------------------

 * Configures the port to identify packets as untagged / single tagged /

	MLXSW_REG_HTGT_TRAP_GROUP_SP_TUNNEL_DISCARDS,

	MLXSW_REG_HTGT_TRAP_GROUP_SP_ACL_DISCARDS,

	MLXSW_REG_HTGT_TRAP_GROUP_SP_BUFFER_DISCARDS,

	MLXSW_REG_HTGT_TRAP_GROUP_SP_EAPOL,

	__MLXSW_REG_HTGT_TRAP_GROUP_MAX,

	MLXSW_REG_HTGT_TRAP_GROUP_MAX = __MLXSW_REG_HTGT_TRAP_GROUP_MAX - 1

	MLXSW_REG(svpe),

	MLXSW_REG(sfmr),

	MLXSW_REG(spvmlr),

	MLXSW_REG(spfsr),

	MLXSW_REG(spvc),

	MLXSW_REG(spevet),

	MLXSW_REG(smpe),

	return err;

}

int mlxsw_sp_port_security_set(struct mlxsw_sp_port *mlxsw_sp_port, bool enable)

{

	struct mlxsw_sp *mlxsw_sp = mlxsw_sp_port->mlxsw_sp;

	char spfsr_pl[MLXSW_REG_SPFSR_LEN];

	int err;

	if (mlxsw_sp_port->security == enable)

		return 0;

	mlxsw_reg_spfsr_pack(spfsr_pl, mlxsw_sp_port->local_port, enable);

	err = mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(spfsr), spfsr_pl);

	if (err)

		return err;

	mlxsw_sp_port->security = enable;

	return 0;

}

int mlxsw_sp_ethtype_to_sver_type(u16 ethtype, u8 *p_sver_type)

{

	switch (ethtype) {

			NL_SET_ERR_MSG_MOD(extack, "VLAN uppers are only supported with 802.1q VLAN protocol");

			return -EOPNOTSUPP;

		}

		if (is_vlan_dev(upper_dev) && mlxsw_sp_port->security) {

			NL_SET_ERR_MSG_MOD(extack, "VLAN uppers are not supported on a locked port");

			return -EOPNOTSUPP;

		}

		break;

	case NETDEV_CHANGEUPPER:

		upper_dev = info->upper_dev;

	struct mlxsw_sp *mlxsw_sp;

	u16 local_port;

	u8 lagged:1,

	   split:1;

	   split:1,

	   security:1;

	u16 pvid;

	u16 lag_id;

	struct {

int mlxsw_sp_port_vp_mode_set(struct mlxsw_sp_port *mlxsw_sp_port, bool enable);

int mlxsw_sp_port_vid_learning_set(struct mlxsw_sp_port *mlxsw_sp_port, u16 vid,

				   bool learn_enable);

int mlxsw_sp_port_security_set(struct mlxsw_sp_port *mlxsw_sp_port,

			       bool enable);

int mlxsw_sp_ethtype_to_sver_type(u16 ethtype, u8 *p_sver_type);

int mlxsw_sp_port_egress_ethtype_set(struct mlxsw_sp_port *mlxsw_sp_port,

				     u16 ethtype);

static int

mlxsw_sp_port_attr_br_pre_flags_set(struct mlxsw_sp_port *mlxsw_sp_port,

				    struct switchdev_brport_flags flags)

				    const struct net_device *orig_dev,

				    struct switchdev_brport_flags flags,

				    struct netlink_ext_ack *extack)

{

	if (flags.mask & ~(BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD))

	if (flags.mask & ~(BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD |

			   BR_PORT_LOCKED | BR_PORT_MAB)) {

		NL_SET_ERR_MSG_MOD(extack, "Unsupported bridge port flag");

		return -EINVAL;

	}

	if ((flags.mask & BR_PORT_LOCKED) && is_vlan_dev(orig_dev)) {

		NL_SET_ERR_MSG_MOD(extack, "Locked flag cannot be set on a VLAN upper");

		return -EINVAL;

	}

	if ((flags.mask & BR_PORT_LOCKED) && vlan_uses_dev(orig_dev)) {

		NL_SET_ERR_MSG_MOD(extack, "Locked flag cannot be set on a bridge port that has VLAN uppers");

		return -EINVAL;

	}

	return 0;

}

			return err;

	}

	if (flags.mask & BR_PORT_LOCKED) {

		err = mlxsw_sp_port_security_set(mlxsw_sp_port,

						 flags.val & BR_PORT_LOCKED);

		if (err)

			return err;

	}

	if (bridge_port->bridge_device->multicast_enabled)

		goto out;

		break;

	case SWITCHDEV_ATTR_ID_PORT_PRE_BRIDGE_FLAGS:

		err = mlxsw_sp_port_attr_br_pre_flags_set(mlxsw_sp_port,

							  attr->u.brport_flags);

							  attr->orig_dev,

							  attr->u.brport_flags,

							  extack);

		break;

	case SWITCHDEV_ATTR_ID_PORT_BRIDGE_FLAGS:

		err = mlxsw_sp_port_attr_br_flags_set(mlxsw_sp_port,

	bridge_device->ops->port_leave(bridge_device, bridge_port,

				       mlxsw_sp_port);

	mlxsw_sp_port_security_set(mlxsw_sp_port, false);

	mlxsw_sp_bridge_port_put(mlxsw_sp->bridge, bridge_port);

}

static void

mlxsw_sp_fdb_call_notifiers(enum switchdev_notifier_type type,

			    const char *mac, u16 vid,

			    struct net_device *dev, bool offloaded)

			    struct net_device *dev, bool offloaded, bool locked)

{

	struct switchdev_notifier_fdb_info info = {};

	info.addr = mac;

	info.vid = vid;

	info.offloaded = offloaded;

	info.locked = locked;

	call_switchdev_notifiers(type, dev, &info.info, NULL);

}

	vid = bridge_device->vlan_enabled ? mlxsw_sp_port_vlan->vid : 0;

	evid = mlxsw_sp_port_vlan->vid;

	if (adding && mlxsw_sp_port->security) {

		mlxsw_sp_fdb_call_notifiers(SWITCHDEV_FDB_ADD_TO_BRIDGE, mac,

					    vid, bridge_port->dev, false, true);

		return;

	}

do_fdb_op:

	err = mlxsw_sp_port_fdb_uc_op(mlxsw_sp, local_port, mac, fid, evid,

				      adding, true);

	if (!do_notification)

		return;

	type = adding ? SWITCHDEV_FDB_ADD_TO_BRIDGE : SWITCHDEV_FDB_DEL_TO_BRIDGE;

	mlxsw_sp_fdb_call_notifiers(type, mac, vid, bridge_port->dev, adding);

	mlxsw_sp_fdb_call_notifiers(type, mac, vid, bridge_port->dev, adding,

				    false);

	return;

	vid = bridge_device->vlan_enabled ? mlxsw_sp_port_vlan->vid : 0;

	lag_vid = mlxsw_sp_port_vlan->vid;

	if (adding && mlxsw_sp_port->security) {

		mlxsw_sp_fdb_call_notifiers(SWITCHDEV_FDB_ADD_TO_BRIDGE, mac,

					    vid, bridge_port->dev, false, true);

		return;

	}

do_fdb_op:

	err = mlxsw_sp_port_fdb_uc_lag_op(mlxsw_sp, lag_id, mac, fid, lag_vid,

					  adding, true);

	if (!do_notification)

		return;

	type = adding ? SWITCHDEV_FDB_ADD_TO_BRIDGE : SWITCHDEV_FDB_DEL_TO_BRIDGE;

	mlxsw_sp_fdb_call_notifiers(type, mac, vid, bridge_port->dev, adding);

	mlxsw_sp_fdb_call_notifiers(type, mac, vid, bridge_port->dev, adding,

				    false);

	return;

	type = adding ? SWITCHDEV_FDB_ADD_TO_BRIDGE :

			SWITCHDEV_FDB_DEL_TO_BRIDGE;

	mlxsw_sp_fdb_call_notifiers(type, mac, vid, nve_dev, adding);

	mlxsw_sp_fdb_call_notifiers(type, mac, vid, nve_dev, adding, false);

	mlxsw_sp_fid_put(fid);

					 &vxlan_fdb_info.info, NULL);

		mlxsw_sp_fdb_call_notifiers(SWITCHDEV_FDB_OFFLOADED,

					    vxlan_fdb_info.eth_addr,

					    fdb_info->vid, dev, true);

					    fdb_info->vid, dev, true, false);

		break;

	case SWITCHDEV_FDB_DEL_TO_DEVICE:

		err = mlxsw_sp_port_fdb_tunnel_uc_op(mlxsw_sp,

			break;

		mlxsw_sp_fdb_call_notifiers(SWITCHDEV_FDB_OFFLOADED,

					    fdb_info->addr,

					    fdb_info->vid, dev, true);

					    fdb_info->vid, dev, true, false);

		break;

	case SWITCHDEV_FDB_DEL_TO_DEVICE:

		fdb_info = &switchdev_work->fdb_info;

	call_switchdev_notifiers(SWITCHDEV_VXLAN_FDB_OFFLOADED, dev,

				 &vxlan_fdb_info->info, NULL);

	mlxsw_sp_fdb_call_notifiers(SWITCHDEV_FDB_OFFLOADED,

				    vxlan_fdb_info->eth_addr, vid, dev, true);

				    vxlan_fdb_info->eth_addr, vid, dev, true,

				    false);

	mlxsw_sp_fid_put(fid);

				       false, false);

	vid = bridge_device->ops->fid_vid(bridge_device, fid);

	mlxsw_sp_fdb_call_notifiers(SWITCHDEV_FDB_OFFLOADED,

				    vxlan_fdb_info->eth_addr, vid, dev, false);

				    vxlan_fdb_info->eth_addr, vid, dev, false,

				    false);

	mlxsw_sp_fid_put(fid);

}