Skip to content
Commit 6c43a920 authored by Tobias Waldekranz's avatar Tobias Waldekranz Committed by Paolo Abeni
Browse files

net: dsa: tag_dsa: Fix tx from VLAN uppers on non-filtering bridges



In this situation (VLAN filtering disabled on br0):

    br0.10
     /
   br0
   / \
swp0 swp1

When a frame is transmitted from the VLAN upper, the bridge will send
it down to one of the switch ports with forward offloading
enabled. This will cause tag_dsa to generate a FORWARD tag. Before
this change, that tag would have it's VID set to 10, even though VID
10 is not loaded in the VTU.

Before the blamed commit, the frame would trigger a VTU miss and be
forwarded according to the PVT configuration. Now that all fabric
ports are in 802.1Q secure mode, the frame is dropped instead.

Therefore, restrict the condition under which we rewrite an 802.1Q tag
to a DSA tag. On standalone port's, reuse is always safe since we will
always generate FROM_CPU tags in that case. For bridged ports though,
we must ensure that VLAN filtering is enabled, which in turn
guarantees that the VID in question is loaded into the VTU.

Fixes: d352b20f ("net: dsa: mv88e6xxx: Improve multichip isolation of standalone ports")
Signed-off-by: default avatarTobias Waldekranz <tobias@waldekranz.com>
Tested-by: default avatarAndrew Lunn <andrew@lunn.ch>
Reviewed-by: default avatarVladimir Oltean <olteanv@gmail.com>
Link: https://lore.kernel.org/r/20220307110548.812455-1-tobias@waldekranz.com


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent 328c621b
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment