diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2022-11-03 20:46:36 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2022-11-03 20:46:37 -0700 |
| commit | 0884aaf37afaac69dd31cb501b67635569483bb3 (patch) | |
| tree | 6adaa68a513147ae241c67ff4e317e3284f82db1 /include | |
| parent | fbeb229a6622523c092a13c02bd0e15f69240dde (diff) | |
| parent | 4a331d3469963b5db37d462963397a8fe52aace0 (diff) | |
| download | linux-0884aaf37afaac69dd31cb501b67635569483bb3.tar.gz linux-0884aaf37afaac69dd31cb501b67635569483bb3.tar.bz2 linux-0884aaf37afaac69dd31cb501b67635569483bb3.zip | |
Merge branch 'bridge-add-mac-authentication-bypass-mab-support'
Ido Schimmel says:
====================
bridge: Add MAC Authentication Bypass (MAB) support
Patch #1 adds MAB support in the bridge driver. See the commit message
for motivation, design choices and implementation details.
Patch #2 adds corresponding test cases.
Follow-up patchsets will add offload support in mlxsw and mv88e6xxx.
====================
Link: https://lore.kernel.org/r/20221101193922.2125323-1-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/if_bridge.h | 1 | ||||
| -rw-r--r-- | include/uapi/linux/if_link.h | 1 | ||||
| -rw-r--r-- | include/uapi/linux/neighbour.h | 8 |
3 files changed, 9 insertions, 1 deletions
diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h index d62ef428e3aa..1668ac4d7adc 100644 --- a/include/linux/if_bridge.h +++ b/include/linux/if_bridge.h @@ -59,6 +59,7 @@ struct br_ip_list { #define BR_MRP_LOST_IN_CONT BIT(19) #define BR_TX_FWD_OFFLOAD BIT(20) #define BR_PORT_LOCKED BIT(21) +#define BR_PORT_MAB BIT(22) #define BR_DEFAULT_AGEING_TIME (300 * HZ) diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 5e7a1041df3a..d92b3f79eba3 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -561,6 +561,7 @@ enum { IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT, IFLA_BRPORT_MCAST_EHT_HOSTS_CNT, IFLA_BRPORT_LOCKED, + IFLA_BRPORT_MAB, __IFLA_BRPORT_MAX }; #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) diff --git a/include/uapi/linux/neighbour.h b/include/uapi/linux/neighbour.h index a998bf761635..5e67a7eaf4a7 100644 --- a/include/uapi/linux/neighbour.h +++ b/include/uapi/linux/neighbour.h @@ -52,7 +52,8 @@ enum { #define NTF_STICKY (1 << 6) #define NTF_ROUTER (1 << 7) /* Extended flags under NDA_FLAGS_EXT: */ -#define NTF_EXT_MANAGED (1 << 0) +#define NTF_EXT_MANAGED (1 << 0) +#define NTF_EXT_LOCKED (1 << 1) /* * Neighbor Cache Entry States. @@ -86,6 +87,11 @@ enum { * NTF_EXT_MANAGED flagged neigbor entries are managed by the kernel on behalf * of a user space control plane, and automatically refreshed so that (if * possible) they remain in NUD_REACHABLE state. + * + * NTF_EXT_LOCKED flagged bridge FDB entries are entries generated by the + * bridge in response to a host trying to communicate via a locked bridge port + * with MAB enabled. Their purpose is to notify user space that a host requires + * authentication. */ struct nda_cacheinfo { |