• Vivien Didelot's avatar
    net: dsa: mv88e6xxx: fix hardware bridging · 5fe7f680
    Vivien Didelot authored
    Playing with the VLAN map of every port to implement "hardware bridging"
    in the 88E6352 driver was a hack until full 802.1Q was supported.
    
    Indeed with 802.1Q port mode "Disabled" or "Fallback", this feature is
    used to restrict which output ports an input port can egress frames to.
    
    A Linux bridge is an untagged VLAN. With full 802.1Q support, we don't
    need this hack anymore and can use the "Secure" strict 802.1Q port mode.
    
    With this mode, the port-based VLAN map still needs to be configured,
    but all the logic is VTU-centric. This means that the switch only cares
    about rules described in its hardware VLAN table, which is exactly what
    Linux bridge expects and what we want.
    
    Note also that the hardware bridging was broken with the previous
    flexible "Fallback" 802.1Q port mode. Here's an example:
    
    Port0 and Port1 belong to the same bridge. If Port0 sends crafted tagged
    frames with VID 200 to Port1, Port1 receives it. Even if Port1 is in
    hardware VLAN 200, but not Port0, Port1 will still receive it, because
    Fallback mode doesn't care about invalid VID or non-member source port.
    Signed-off-by: default avatarVivien Didelot <vivien.didelot@savoirfairelinux.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    5fe7f680
mv88e6171.c 3.74 KB