dsa.rst 59 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140
  1. ============
  2. Architecture
  3. ============
  4. This document describes the **Distributed Switch Architecture (DSA)** subsystem
  5. design principles, limitations, interactions with other subsystems, and how to
  6. develop drivers for this subsystem as well as a TODO for developers interested
  7. in joining the effort.
  8. Design principles
  9. =================
  10. The Distributed Switch Architecture subsystem was primarily designed to
  11. support Marvell Ethernet switches (MV88E6xxx, a.k.a. Link Street product
  12. line) using Linux, but has since evolved to support other vendors as well.
  13. The original philosophy behind this design was to be able to use unmodified
  14. Linux tools such as bridge, iproute2, ifconfig to work transparently whether
  15. they configured/queried a switch port network device or a regular network
  16. device.
  17. An Ethernet switch typically comprises multiple front-panel ports and one
  18. or more CPU or management ports. The DSA subsystem currently relies on the
  19. presence of a management port connected to an Ethernet controller capable of
  20. receiving Ethernet frames from the switch. This is a very common setup for all
  21. kinds of Ethernet switches found in Small Home and Office products: routers,
  22. gateways, or even top-of-rack switches. This host Ethernet controller will
  23. be later referred to as "conduit" and "cpu" in DSA terminology and code.
  24. The D in DSA stands for Distributed, because the subsystem has been designed
  25. with the ability to configure and manage cascaded switches on top of each other
  26. using upstream and downstream Ethernet links between switches. These specific
  27. ports are referred to as "dsa" ports in DSA terminology and code. A collection
  28. of multiple switches connected to each other is called a "switch tree".
  29. For each front-panel port, DSA creates specialized network devices which are
  30. used as controlling and data-flowing endpoints for use by the Linux networking
  31. stack. These specialized network interfaces are referred to as "user" network
  32. interfaces in DSA terminology and code.
  33. The ideal case for using DSA is when an Ethernet switch supports a "switch tag"
  34. which is a hardware feature making the switch insert a specific tag for each
  35. Ethernet frame it receives to/from specific ports to help the management
  36. interface figure out:
  37. - what port is this frame coming from
  38. - what was the reason why this frame got forwarded
  39. - how to send CPU originated traffic to specific ports
  40. The subsystem does support switches not capable of inserting/stripping tags, but
  41. the features might be slightly limited in that case (traffic separation relies
  42. on Port-based VLAN IDs).
  43. Note that DSA does not currently create network interfaces for the "cpu" and
  44. "dsa" ports because:
  45. - the "cpu" port is the Ethernet switch facing side of the management
  46. controller, and as such, would create a duplication of feature, since you
  47. would get two interfaces for the same conduit: conduit netdev, and "cpu" netdev
  48. - the "dsa" port(s) are just conduits between two or more switches, and as such
  49. cannot really be used as proper network interfaces either, only the
  50. downstream, or the top-most upstream interface makes sense with that model
  51. NB: for the past 15 years, the DSA subsystem had been making use of the terms
  52. "master" (rather than "conduit") and "slave" (rather than "user"). These terms
  53. have been removed from the DSA codebase and phased out of the uAPI.
  54. Switch tagging protocols
  55. ------------------------
  56. DSA supports many vendor-specific tagging protocols, one software-defined
  57. tagging protocol, and a tag-less mode as well (``DSA_TAG_PROTO_NONE``).
  58. The exact format of the tag protocol is vendor specific, but in general, they
  59. all contain something which:
  60. - identifies which port the Ethernet frame came from/should be sent to
  61. - provides a reason why this frame was forwarded to the management interface
  62. All tagging protocols are in ``net/dsa/tag_*.c`` files and implement the
  63. methods of the ``struct dsa_device_ops`` structure, which are detailed below.
  64. Tagging protocols generally fall in one of three categories:
  65. 1. The switch-specific frame header is located before the Ethernet header,
  66. shifting to the right (from the perspective of the DSA conduit's frame
  67. parser) the MAC DA, MAC SA, EtherType and the entire L2 payload.
  68. 2. The switch-specific frame header is located before the EtherType, keeping
  69. the MAC DA and MAC SA in place from the DSA conduit's perspective, but
  70. shifting the 'real' EtherType and L2 payload to the right.
  71. 3. The switch-specific frame header is located at the tail of the packet,
  72. keeping all frame headers in place and not altering the view of the packet
  73. that the DSA conduit's frame parser has.
  74. A tagging protocol may tag all packets with switch tags of the same length, or
  75. the tag length might vary (for example packets with PTP timestamps might
  76. require an extended switch tag, or there might be one tag length on TX and a
  77. different one on RX). Either way, the tagging protocol driver must populate the
  78. ``struct dsa_device_ops::needed_headroom`` and/or ``struct dsa_device_ops::needed_tailroom``
  79. with the length in octets of the longest switch frame header/trailer. The DSA
  80. framework will automatically adjust the MTU of the conduit interface to
  81. accommodate for this extra size in order for DSA user ports to support the
  82. standard MTU (L2 payload length) of 1500 octets. The ``needed_headroom`` and
  83. ``needed_tailroom`` properties are also used to request from the network stack,
  84. on a best-effort basis, the allocation of packets with enough extra space such
  85. that the act of pushing the switch tag on transmission of a packet does not
  86. cause it to reallocate due to lack of memory.
  87. Even though applications are not expected to parse DSA-specific frame headers,
  88. the format on the wire of the tagging protocol represents an Application Binary
  89. Interface exposed by the kernel towards user space, for decoders such as
  90. ``libpcap``. The tagging protocol driver must populate the ``proto`` member of
  91. ``struct dsa_device_ops`` with a value that uniquely describes the
  92. characteristics of the interaction required between the switch hardware and the
  93. data path driver: the offset of each bit field within the frame header and any
  94. stateful processing required to deal with the frames (as may be required for
  95. PTP timestamping).
  96. From the perspective of the network stack, all switches within the same DSA
  97. switch tree use the same tagging protocol. In case of a packet transiting a
  98. fabric with more than one switch, the switch-specific frame header is inserted
  99. by the first switch in the fabric that the packet was received on. This header
  100. typically contains information regarding its type (whether it is a control
  101. frame that must be trapped to the CPU, or a data frame to be forwarded).
  102. Control frames should be decapsulated only by the software data path, whereas
  103. data frames might also be autonomously forwarded towards other user ports of
  104. other switches from the same fabric, and in this case, the outermost switch
  105. ports must decapsulate the packet.
  106. Note that in certain cases, it might be the case that the tagging format used
  107. by a leaf switch (not connected directly to the CPU) is not the same as what
  108. the network stack sees. This can be seen with Marvell switch trees, where the
  109. CPU port can be configured to use either the DSA or the Ethertype DSA (EDSA)
  110. format, but the DSA links are configured to use the shorter (without Ethertype)
  111. DSA frame header, in order to reduce the autonomous packet forwarding overhead.
  112. It still remains the case that, if the DSA switch tree is configured for the
  113. EDSA tagging protocol, the operating system sees EDSA-tagged packets from the
  114. leaf switches that tagged them with the shorter DSA header. This can be done
  115. because the Marvell switch connected directly to the CPU is configured to
  116. perform tag translation between DSA and EDSA (which is simply the operation of
  117. adding or removing the ``ETH_P_EDSA`` EtherType and some padding octets).
  118. It is possible to construct cascaded setups of DSA switches even if their
  119. tagging protocols are not compatible with one another. In this case, there are
  120. no DSA links in this fabric, and each switch constitutes a disjoint DSA switch
  121. tree. The DSA links are viewed as simply a pair of a DSA conduit (the out-facing
  122. port of the upstream DSA switch) and a CPU port (the in-facing port of the
  123. downstream DSA switch).
  124. The tagging protocol of the attached DSA switch tree can be viewed through the
  125. ``dsa/tagging`` sysfs attribute of the DSA conduit::
  126. cat /sys/class/net/eth0/dsa/tagging
  127. If the hardware and driver are capable, the tagging protocol of the DSA switch
  128. tree can be changed at runtime. This is done by writing the new tagging
  129. protocol name to the same sysfs device attribute as above (the DSA conduit and
  130. all attached switch ports must be down while doing this).
  131. It is desirable that all tagging protocols are testable with the ``dsa_loop``
  132. mockup driver, which can be attached to any network interface. The goal is that
  133. any network interface should be capable of transmitting the same packet in the
  134. same way, and the tagger should decode the same received packet in the same way
  135. regardless of the driver used for the switch control path, and the driver used
  136. for the DSA conduit.
  137. The transmission of a packet goes through the tagger's ``xmit`` function.
  138. The passed ``struct sk_buff *skb`` has ``skb->data`` pointing at
  139. ``skb_mac_header(skb)``, i.e. at the destination MAC address, and the passed
  140. ``struct net_device *dev`` represents the virtual DSA user network interface
  141. whose hardware counterpart the packet must be steered to (i.e. ``swp0``).
  142. The job of this method is to prepare the skb in a way that the switch will
  143. understand what egress port the packet is for (and not deliver it towards other
  144. ports). Typically this is fulfilled by pushing a frame header. Checking for
  145. insufficient size in the skb headroom or tailroom is unnecessary provided that
  146. the ``needed_headroom`` and ``needed_tailroom`` properties were filled out
  147. properly, because DSA ensures there is enough space before calling this method.
  148. The reception of a packet goes through the tagger's ``rcv`` function. The
  149. passed ``struct sk_buff *skb`` has ``skb->data`` pointing at
  150. ``skb_mac_header(skb) + ETH_ALEN`` octets, i.e. to where the first octet after
  151. the EtherType would have been, were this frame not tagged. The role of this
  152. method is to consume the frame header, adjust ``skb->data`` to really point at
  153. the first octet after the EtherType, and to change ``skb->dev`` to point to the
  154. virtual DSA user network interface corresponding to the physical front-facing
  155. switch port that the packet was received on.
  156. Since tagging protocols in category 1 and 2 break software (and most often also
  157. hardware) packet dissection on the DSA conduit, features such as RPS (Receive
  158. Packet Steering) on the DSA conduit would be broken. The DSA framework deals
  159. with this by hooking into the flow dissector and shifting the offset at which
  160. the IP header is to be found in the tagged frame as seen by the DSA conduit.
  161. This behavior is automatic based on the ``overhead`` value of the tagging
  162. protocol. If not all packets are of equal size, the tagger can implement the
  163. ``flow_dissect`` method of the ``struct dsa_device_ops`` and override this
  164. default behavior by specifying the correct offset incurred by each individual
  165. RX packet. Tail taggers do not cause issues to the flow dissector.
  166. Checksum offload should work with category 1 and 2 taggers when the DSA conduit
  167. driver declares NETIF_F_HW_CSUM in vlan_features and looks at csum_start and
  168. csum_offset. For those cases, DSA will shift the checksum start and offset by
  169. the tag size. If the DSA conduit driver still uses the legacy NETIF_F_IP_CSUM
  170. or NETIF_F_IPV6_CSUM in vlan_features, the offload might only work if the
  171. offload hardware already expects that specific tag (perhaps due to matching
  172. vendors). DSA user ports inherit those flags from the conduit, and it is up to
  173. the driver to correctly fall back to software checksum when the IP header is not
  174. where the hardware expects. If that check is ineffective, the packets might go
  175. to the network without a proper checksum (the checksum field will have the
  176. pseudo IP header sum). For category 3, when the offload hardware does not
  177. already expect the switch tag in use, the checksum must be calculated before any
  178. tag is inserted (i.e. inside the tagger). Otherwise, the DSA conduit would
  179. include the tail tag in the (software or hardware) checksum calculation. Then,
  180. when the tag gets stripped by the switch during transmission, it will leave an
  181. incorrect IP checksum in place.
  182. Due to various reasons (most common being category 1 taggers being associated
  183. with DSA-unaware conduits, mangling what the conduit perceives as MAC DA), the
  184. tagging protocol may require the DSA conduit to operate in promiscuous mode, to
  185. receive all frames regardless of the value of the MAC DA. This can be done by
  186. setting the ``promisc_on_conduit`` property of the ``struct dsa_device_ops``.
  187. Note that this assumes a DSA-unaware conduit driver, which is the norm.
  188. Conduit network devices
  189. -----------------------
  190. Conduit network devices are regular, unmodified Linux network device drivers for
  191. the CPU/management Ethernet interface. Such a driver might occasionally need to
  192. know whether DSA is enabled (e.g.: to enable/disable specific offload features),
  193. but the DSA subsystem has been proven to work with industry standard drivers:
  194. ``e1000e,`` ``mv643xx_eth`` etc. without having to introduce modifications to these
  195. drivers. Such network devices are also often referred to as conduit network
  196. devices since they act as a pipe between the host processor and the hardware
  197. Ethernet switch.
  198. Networking stack hooks
  199. ----------------------
  200. When a conduit netdev is used with DSA, a small hook is placed in the
  201. networking stack is in order to have the DSA subsystem process the Ethernet
  202. switch specific tagging protocol. DSA accomplishes this by registering a
  203. specific (and fake) Ethernet type (later becoming ``skb->protocol``) with the
  204. networking stack, this is also known as a ``ptype`` or ``packet_type``. A typical
  205. Ethernet Frame receive sequence looks like this:
  206. Conduit network device (e.g.: e1000e):
  207. 1. Receive interrupt fires:
  208. - receive function is invoked
  209. - basic packet processing is done: getting length, status etc.
  210. - packet is prepared to be processed by the Ethernet layer by calling
  211. ``eth_type_trans``
  212. 2. net/ethernet/eth.c::
  213. eth_type_trans(skb, dev)
  214. if (dev->dsa_ptr != NULL)
  215. -> skb->protocol = ETH_P_XDSA
  216. 3. drivers/net/ethernet/\*::
  217. netif_receive_skb(skb)
  218. -> iterate over registered packet_type
  219. -> invoke handler for ETH_P_XDSA, calls dsa_switch_rcv()
  220. 4. net/dsa/dsa.c::
  221. -> dsa_switch_rcv()
  222. -> invoke switch tag specific protocol handler in 'net/dsa/tag_*.c'
  223. 5. net/dsa/tag_*.c:
  224. - inspect and strip switch tag protocol to determine originating port
  225. - locate per-port network device
  226. - invoke ``eth_type_trans()`` with the DSA user network device
  227. - invoked ``netif_receive_skb()``
  228. Past this point, the DSA user network devices get delivered regular Ethernet
  229. frames that can be processed by the networking stack.
  230. User network devices
  231. --------------------
  232. User network devices created by DSA are stacked on top of their conduit network
  233. device, each of these network interfaces will be responsible for being a
  234. controlling and data-flowing end-point for each front-panel port of the switch.
  235. These interfaces are specialized in order to:
  236. - insert/remove the switch tag protocol (if it exists) when sending traffic
  237. to/from specific switch ports
  238. - query the switch for ethtool operations: statistics, link state,
  239. Wake-on-LAN, register dumps...
  240. - manage external/internal PHY: link, auto-negotiation, etc.
  241. These user network devices have custom net_device_ops and ethtool_ops function
  242. pointers which allow DSA to introduce a level of layering between the networking
  243. stack/ethtool and the switch driver implementation.
  244. Upon frame transmission from these user network devices, DSA will look up which
  245. switch tagging protocol is currently registered with these network devices and
  246. invoke a specific transmit routine which takes care of adding the relevant
  247. switch tag in the Ethernet frames.
  248. These frames are then queued for transmission using the conduit network device
  249. ``ndo_start_xmit()`` function. Since they contain the appropriate switch tag, the
  250. Ethernet switch will be able to process these incoming frames from the
  251. management interface and deliver them to the physical switch port.
  252. When using multiple CPU ports, it is possible to stack a LAG (bonding/team)
  253. device between the DSA user devices and the physical DSA conduits. The LAG
  254. device is thus also a DSA conduit, but the LAG slave devices continue to be DSA
  255. conduits as well (just with no user port assigned to them; this is needed for
  256. recovery in case the LAG DSA conduit disappears). Thus, the data path of the LAG
  257. DSA conduit is used asymmetrically. On RX, the ``ETH_P_XDSA`` handler, which
  258. calls ``dsa_switch_rcv()``, is invoked early (on the physical DSA conduit;
  259. LAG slave). Therefore, the RX data path of the LAG DSA conduit is not used.
  260. On the other hand, TX takes place linearly: ``dsa_user_xmit`` calls
  261. ``dsa_enqueue_skb``, which calls ``dev_queue_xmit`` towards the LAG DSA conduit.
  262. The latter calls ``dev_queue_xmit`` towards one physical DSA conduit or the
  263. other, and in both cases, the packet exits the system through a hardware path
  264. towards the switch.
  265. Graphical representation
  266. ------------------------
  267. Summarized, this is basically how DSA looks like from a network device
  268. perspective::
  269. Unaware application
  270. opens and binds socket
  271. | ^
  272. | |
  273. +-----------v--|--------------------+
  274. |+------+ +------+ +------+ +------+|
  275. || swp0 | | swp1 | | swp2 | | swp3 ||
  276. |+------+-+------+-+------+-+------+|
  277. | DSA switch driver |
  278. +-----------------------------------+
  279. | ^
  280. Tag added by | | Tag consumed by
  281. switch driver | | switch driver
  282. v |
  283. +-----------------------------------+
  284. | Unmodified host interface driver | Software
  285. --------+-----------------------------------+------------
  286. | Host interface (eth0) | Hardware
  287. +-----------------------------------+
  288. | ^
  289. Tag consumed by | | Tag added by
  290. switch hardware | | switch hardware
  291. v |
  292. +-----------------------------------+
  293. | Switch |
  294. |+------+ +------+ +------+ +------+|
  295. || swp0 | | swp1 | | swp2 | | swp3 ||
  296. ++------+-+------+-+------+-+------++
  297. User MDIO bus
  298. -------------
  299. In order to be able to read to/from a switch PHY built into it, DSA creates an
  300. user MDIO bus which allows a specific switch driver to divert and intercept
  301. MDIO reads/writes towards specific PHY addresses. In most MDIO-connected
  302. switches, these functions would utilize direct or indirect PHY addressing mode
  303. to return standard MII registers from the switch builtin PHYs, allowing the PHY
  304. library and/or to return link status, link partner pages, auto-negotiation
  305. results, etc.
  306. For Ethernet switches which have both external and internal MDIO buses, the
  307. user MII bus can be utilized to mux/demux MDIO reads and writes towards either
  308. internal or external MDIO devices this switch might be connected to: internal
  309. PHYs, external PHYs, or even external switches.
  310. Data structures
  311. ---------------
  312. DSA data structures are defined in ``include/net/dsa.h`` as well as
  313. ``net/dsa/dsa_priv.h``:
  314. - ``dsa_chip_data``: platform data configuration for a given switch device,
  315. this structure describes a switch device's parent device, its address, as
  316. well as various properties of its ports: names/labels, and finally a routing
  317. table indication (when cascading switches)
  318. - ``dsa_platform_data``: platform device configuration data which can reference
  319. a collection of dsa_chip_data structures if multiple switches are cascaded,
  320. the conduit network device this switch tree is attached to needs to be
  321. referenced
  322. - ``dsa_switch_tree``: structure assigned to the conduit network device under
  323. ``dsa_ptr``, this structure references a dsa_platform_data structure as well as
  324. the tagging protocol supported by the switch tree, and which receive/transmit
  325. function hooks should be invoked, information about the directly attached
  326. switch is also provided: CPU port. Finally, a collection of dsa_switch are
  327. referenced to address individual switches in the tree.
  328. - ``dsa_switch``: structure describing a switch device in the tree, referencing
  329. a ``dsa_switch_tree`` as a backpointer, user network devices, conduit network
  330. device, and a reference to the backing``dsa_switch_ops``
  331. - ``dsa_switch_ops``: structure referencing function pointers, see below for a
  332. full description.
  333. Design limitations
  334. ==================
  335. Lack of CPU/DSA network devices
  336. -------------------------------
  337. DSA does not currently create user network devices for the CPU or DSA ports, as
  338. described before. This might be an issue in the following cases:
  339. - inability to fetch switch CPU port statistics counters using ethtool, which
  340. can make it harder to debug MDIO switch connected using xMII interfaces
  341. - inability to configure the CPU port link parameters based on the Ethernet
  342. controller capabilities attached to it: http://patchwork.ozlabs.org/patch/509806/
  343. - inability to configure specific VLAN IDs / trunking VLANs between switches
  344. when using a cascaded setup
  345. Common pitfalls using DSA setups
  346. --------------------------------
  347. Once a conduit network device is configured to use DSA (dev->dsa_ptr becomes
  348. non-NULL), and the switch behind it expects a tagging protocol, this network
  349. interface can only exclusively be used as a conduit interface. Sending packets
  350. directly through this interface (e.g.: opening a socket using this interface)
  351. will not make us go through the switch tagging protocol transmit function, so
  352. the Ethernet switch on the other end, expecting a tag will typically drop this
  353. frame.
  354. Interactions with other subsystems
  355. ==================================
  356. DSA currently leverages the following subsystems:
  357. - MDIO/PHY library: ``drivers/net/phy/phy.c``, ``mdio_bus.c``
  358. - Switchdev:``net/switchdev/*``
  359. - Device Tree for various of_* functions
  360. - Devlink: ``net/core/devlink.c``
  361. MDIO/PHY library
  362. ----------------
  363. User network devices exposed by DSA may or may not be interfacing with PHY
  364. devices (``struct phy_device`` as defined in ``include/linux/phy.h)``, but the DSA
  365. subsystem deals with all possible combinations:
  366. - internal PHY devices, built into the Ethernet switch hardware
  367. - external PHY devices, connected via an internal or external MDIO bus
  368. - internal PHY devices, connected via an internal MDIO bus
  369. - special, non-autonegotiated or non MDIO-managed PHY devices: SFPs, MoCA; a.k.a
  370. fixed PHYs
  371. The PHY configuration is done by the ``dsa_user_phy_setup()`` function and the
  372. logic basically looks like this:
  373. - if Device Tree is used, the PHY device is looked up using the standard
  374. "phy-handle" property, if found, this PHY device is created and registered
  375. using ``of_phy_connect()``
  376. - if Device Tree is used and the PHY device is "fixed", that is, conforms to
  377. the definition of a non-MDIO managed PHY as defined in
  378. ``Documentation/devicetree/bindings/net/fixed-link.txt``, the PHY is registered
  379. and connected transparently using the special fixed MDIO bus driver
  380. - finally, if the PHY is built into the switch, as is very common with
  381. standalone switch packages, the PHY is probed using the user MII bus created
  382. by DSA
  383. SWITCHDEV
  384. ---------
  385. DSA directly utilizes SWITCHDEV when interfacing with the bridge layer, and
  386. more specifically with its VLAN filtering portion when configuring VLANs on top
  387. of per-port user network devices. As of today, the only SWITCHDEV objects
  388. supported by DSA are the FDB and VLAN objects.
  389. Devlink
  390. -------
  391. DSA registers one devlink device per physical switch in the fabric.
  392. For each devlink device, every physical port (i.e. user ports, CPU ports, DSA
  393. links or unused ports) is exposed as a devlink port.
  394. DSA drivers can make use of the following devlink features:
  395. - Regions: debugging feature which allows user space to dump driver-defined
  396. areas of hardware information in a low-level, binary format. Both global
  397. regions as well as per-port regions are supported. It is possible to export
  398. devlink regions even for pieces of data that are already exposed in some way
  399. to the standard iproute2 user space programs (ip-link, bridge), like address
  400. tables and VLAN tables. For example, this might be useful if the tables
  401. contain additional hardware-specific details which are not visible through
  402. the iproute2 abstraction, or it might be useful to inspect these tables on
  403. the non-user ports too, which are invisible to iproute2 because no network
  404. interface is registered for them.
  405. - Params: a feature which enables user to configure certain low-level tunable
  406. knobs pertaining to the device. Drivers may implement applicable generic
  407. devlink params, or may add new device-specific devlink params.
  408. - Resources: a monitoring feature which enables users to see the degree of
  409. utilization of certain hardware tables in the device, such as FDB, VLAN, etc.
  410. - Shared buffers: a QoS feature for adjusting and partitioning memory and frame
  411. reservations per port and per traffic class, in the ingress and egress
  412. directions, such that low-priority bulk traffic does not impede the
  413. processing of high-priority critical traffic.
  414. For more details, consult ``Documentation/networking/devlink/``.
  415. Device Tree
  416. -----------
  417. DSA features a standardized binding which is documented in
  418. ``Documentation/devicetree/bindings/net/dsa/dsa.txt``. PHY/MDIO library helper
  419. functions such as ``of_get_phy_mode()``, ``of_phy_connect()`` are also used to query
  420. per-port PHY specific details: interface connection, MDIO bus location, etc.
  421. Driver development
  422. ==================
  423. DSA switch drivers need to implement a ``dsa_switch_ops`` structure which will
  424. contain the various members described below.
  425. Probing, registration and device lifetime
  426. -----------------------------------------
  427. DSA switches are regular ``device`` structures on buses (be they platform, SPI,
  428. I2C, MDIO or otherwise). The DSA framework is not involved in their probing
  429. with the device core.
  430. Switch registration from the perspective of a driver means passing a valid
  431. ``struct dsa_switch`` pointer to ``dsa_register_switch()``, usually from the
  432. switch driver's probing function. The following members must be valid in the
  433. provided structure:
  434. - ``ds->dev``: will be used to parse the switch's OF node or platform data.
  435. - ``ds->num_ports``: will be used to create the port list for this switch, and
  436. to validate the port indices provided in the OF node.
  437. - ``ds->ops``: a pointer to the ``dsa_switch_ops`` structure holding the DSA
  438. method implementations.
  439. - ``ds->priv``: backpointer to a driver-private data structure which can be
  440. retrieved in all further DSA method callbacks.
  441. In addition, the following flags in the ``dsa_switch`` structure may optionally
  442. be configured to obtain driver-specific behavior from the DSA core. Their
  443. behavior when set is documented through comments in ``include/net/dsa.h``.
  444. - ``ds->vlan_filtering_is_global``
  445. - ``ds->needs_standalone_vlan_filtering``
  446. - ``ds->configure_vlan_while_not_filtering``
  447. - ``ds->untag_bridge_pvid``
  448. - ``ds->assisted_learning_on_cpu_port``
  449. - ``ds->mtu_enforcement_ingress``
  450. - ``ds->fdb_isolation``
  451. Internally, DSA keeps an array of switch trees (group of switches) global to
  452. the kernel, and attaches a ``dsa_switch`` structure to a tree on registration.
  453. The tree ID to which the switch is attached is determined by the first u32
  454. number of the ``dsa,member`` property of the switch's OF node (0 if missing).
  455. The switch ID within the tree is determined by the second u32 number of the
  456. same OF property (0 if missing). Registering multiple switches with the same
  457. switch ID and tree ID is illegal and will cause an error. Using platform data,
  458. a single switch and a single switch tree is permitted.
  459. In case of a tree with multiple switches, probing takes place asymmetrically.
  460. The first N-1 callers of ``dsa_register_switch()`` only add their ports to the
  461. port list of the tree (``dst->ports``), each port having a backpointer to its
  462. associated switch (``dp->ds``). Then, these switches exit their
  463. ``dsa_register_switch()`` call early, because ``dsa_tree_setup_routing_table()``
  464. has determined that the tree is not yet complete (not all ports referenced by
  465. DSA links are present in the tree's port list). The tree becomes complete when
  466. the last switch calls ``dsa_register_switch()``, and this triggers the effective
  467. continuation of initialization (including the call to ``ds->ops->setup()``) for
  468. all switches within that tree, all as part of the calling context of the last
  469. switch's probe function.
  470. The opposite of registration takes place when calling ``dsa_unregister_switch()``,
  471. which removes a switch's ports from the port list of the tree. The entire tree
  472. is torn down when the first switch unregisters.
  473. It is mandatory for DSA switch drivers to implement the ``shutdown()`` callback
  474. of their respective bus, and call ``dsa_switch_shutdown()`` from it (a minimal
  475. version of the full teardown performed by ``dsa_unregister_switch()``).
  476. The reason is that DSA keeps a reference on the conduit net device, and if the
  477. driver for the conduit device decides to unbind on shutdown, DSA's reference
  478. will block that operation from finalizing.
  479. Either ``dsa_switch_shutdown()`` or ``dsa_unregister_switch()`` must be called,
  480. but not both, and the device driver model permits the bus' ``remove()`` method
  481. to be called even if ``shutdown()`` was already called. Therefore, drivers are
  482. expected to implement a mutual exclusion method between ``remove()`` and
  483. ``shutdown()`` by setting their drvdata to NULL after any of these has run, and
  484. checking whether the drvdata is NULL before proceeding to take any action.
  485. After ``dsa_switch_shutdown()`` or ``dsa_unregister_switch()`` was called, no
  486. further callbacks via the provided ``dsa_switch_ops`` may take place, and the
  487. driver may free the data structures associated with the ``dsa_switch``.
  488. Switch configuration
  489. --------------------
  490. - ``get_tag_protocol``: this is to indicate what kind of tagging protocol is
  491. supported, should be a valid value from the ``dsa_tag_protocol`` enum.
  492. The returned information does not have to be static; the driver is passed the
  493. CPU port number, as well as the tagging protocol of a possibly stacked
  494. upstream switch, in case there are hardware limitations in terms of supported
  495. tag formats.
  496. - ``change_tag_protocol``: when the default tagging protocol has compatibility
  497. problems with the conduit or other issues, the driver may support changing it
  498. at runtime, either through a device tree property or through sysfs. In that
  499. case, further calls to ``get_tag_protocol`` should report the protocol in
  500. current use.
  501. - ``setup``: setup function for the switch, this function is responsible for setting
  502. up the ``dsa_switch_ops`` private structure with all it needs: register maps,
  503. interrupts, mutexes, locks, etc. This function is also expected to properly
  504. configure the switch to separate all network interfaces from each other, that
  505. is, they should be isolated by the switch hardware itself, typically by creating
  506. a Port-based VLAN ID for each port and allowing only the CPU port and the
  507. specific port to be in the forwarding vector. Ports that are unused by the
  508. platform should be disabled. Past this function, the switch is expected to be
  509. fully configured and ready to serve any kind of request. It is recommended
  510. to issue a software reset of the switch during this setup function in order to
  511. avoid relying on what a previous software agent such as a bootloader/firmware
  512. may have previously configured. The method responsible for undoing any
  513. applicable allocations or operations done here is ``teardown``.
  514. - ``port_setup`` and ``port_teardown``: methods for initialization and
  515. destruction of per-port data structures. It is mandatory for some operations
  516. such as registering and unregistering devlink port regions to be done from
  517. these methods, otherwise they are optional. A port will be torn down only if
  518. it has been previously set up. It is possible for a port to be set up during
  519. probing only to be torn down immediately afterwards, for example in case its
  520. PHY cannot be found. In this case, probing of the DSA switch continues
  521. without that particular port.
  522. - ``port_change_conduit``: method through which the affinity (association used
  523. for traffic termination purposes) between a user port and a CPU port can be
  524. changed. By default all user ports from a tree are assigned to the first
  525. available CPU port that makes sense for them (most of the times this means
  526. the user ports of a tree are all assigned to the same CPU port, except for H
  527. topologies as described in commit 2c0b03258b8b). The ``port`` argument
  528. represents the index of the user port, and the ``conduit`` argument represents
  529. the new DSA conduit ``net_device``. The CPU port associated with the new
  530. conduit can be retrieved by looking at ``struct dsa_port *cpu_dp =
  531. conduit->dsa_ptr``. Additionally, the conduit can also be a LAG device where
  532. all the slave devices are physical DSA conduits. LAG DSA also have a
  533. valid ``conduit->dsa_ptr`` pointer, however this is not unique, but rather a
  534. duplicate of the first physical DSA conduit's (LAG slave) ``dsa_ptr``. In case
  535. of a LAG DSA conduit, a further call to ``port_lag_join`` will be emitted
  536. separately for the physical CPU ports associated with the physical DSA
  537. conduits, requesting them to create a hardware LAG associated with the LAG
  538. interface.
  539. PHY devices and link management
  540. -------------------------------
  541. - ``get_phy_flags``: Some switches are interfaced to various kinds of Ethernet PHYs,
  542. if the PHY library PHY driver needs to know about information it cannot obtain
  543. on its own (e.g.: coming from switch memory mapped registers), this function
  544. should return a 32-bit bitmask of "flags" that is private between the switch
  545. driver and the Ethernet PHY driver in ``drivers/net/phy/\*``.
  546. - ``phy_read``: Function invoked by the DSA user MDIO bus when attempting to read
  547. the switch port MDIO registers. If unavailable, return 0xffff for each read.
  548. For builtin switch Ethernet PHYs, this function should allow reading the link
  549. status, auto-negotiation results, link partner pages, etc.
  550. - ``phy_write``: Function invoked by the DSA user MDIO bus when attempting to write
  551. to the switch port MDIO registers. If unavailable return a negative error
  552. code.
  553. - ``adjust_link``: Function invoked by the PHY library when a user network device
  554. is attached to a PHY device. This function is responsible for appropriately
  555. configuring the switch port link parameters: speed, duplex, pause based on
  556. what the ``phy_device`` is providing.
  557. - ``fixed_link_update``: Function invoked by the PHY library, and specifically by
  558. the fixed PHY driver asking the switch driver for link parameters that could
  559. not be auto-negotiated, or obtained by reading the PHY registers through MDIO.
  560. This is particularly useful for specific kinds of hardware such as QSGMII,
  561. MoCA or other kinds of non-MDIO managed PHYs where out of band link
  562. information is obtained
  563. Ethtool operations
  564. ------------------
  565. - ``get_strings``: ethtool function used to query the driver's strings, will
  566. typically return statistics strings, private flags strings, etc.
  567. - ``get_ethtool_stats``: ethtool function used to query per-port statistics and
  568. return their values. DSA overlays user network devices general statistics:
  569. RX/TX counters from the network device, with switch driver specific statistics
  570. per port
  571. - ``get_sset_count``: ethtool function used to query the number of statistics items
  572. - ``get_wol``: ethtool function used to obtain Wake-on-LAN settings per-port, this
  573. function may for certain implementations also query the conduit network device
  574. Wake-on-LAN settings if this interface needs to participate in Wake-on-LAN
  575. - ``set_wol``: ethtool function used to configure Wake-on-LAN settings per-port,
  576. direct counterpart to set_wol with similar restrictions
  577. - ``set_eee``: ethtool function which is used to configure a switch port EEE (Green
  578. Ethernet) settings, can optionally invoke the PHY library to enable EEE at the
  579. PHY level if relevant. This function should enable EEE at the switch port MAC
  580. controller and data-processing logic
  581. - ``get_eee``: ethtool function which is used to query a switch port EEE settings,
  582. this function should return the EEE state of the switch port MAC controller
  583. and data-processing logic as well as query the PHY for its currently configured
  584. EEE settings
  585. - ``get_eeprom_len``: ethtool function returning for a given switch the EEPROM
  586. length/size in bytes
  587. - ``get_eeprom``: ethtool function returning for a given switch the EEPROM contents
  588. - ``set_eeprom``: ethtool function writing specified data to a given switch EEPROM
  589. - ``get_regs_len``: ethtool function returning the register length for a given
  590. switch
  591. - ``get_regs``: ethtool function returning the Ethernet switch internal register
  592. contents. This function might require user-land code in ethtool to
  593. pretty-print register values and registers
  594. Power management
  595. ----------------
  596. - ``suspend``: function invoked by the DSA platform device when the system goes to
  597. suspend, should quiesce all Ethernet switch activities, but keep ports
  598. participating in Wake-on-LAN active as well as additional wake-up logic if
  599. supported
  600. - ``resume``: function invoked by the DSA platform device when the system resumes,
  601. should resume all Ethernet switch activities and re-configure the switch to be
  602. in a fully active state
  603. - ``port_enable``: function invoked by the DSA user network device ndo_open
  604. function when a port is administratively brought up, this function should
  605. fully enable a given switch port. DSA takes care of marking the port with
  606. ``BR_STATE_BLOCKING`` if the port is a bridge member, or ``BR_STATE_FORWARDING`` if it
  607. was not, and propagating these changes down to the hardware
  608. - ``port_disable``: function invoked by the DSA user network device ndo_close
  609. function when a port is administratively brought down, this function should
  610. fully disable a given switch port. DSA takes care of marking the port with
  611. ``BR_STATE_DISABLED`` and propagating changes to the hardware if this port is
  612. disabled while being a bridge member
  613. Address databases
  614. -----------------
  615. Switching hardware is expected to have a table for FDB entries, however not all
  616. of them are active at the same time. An address database is the subset (partition)
  617. of FDB entries that is active (can be matched by address learning on RX, or FDB
  618. lookup on TX) depending on the state of the port. An address database may
  619. occasionally be called "FID" (Filtering ID) in this document, although the
  620. underlying implementation may choose whatever is available to the hardware.
  621. For example, all ports that belong to a VLAN-unaware bridge (which is
  622. *currently* VLAN-unaware) are expected to learn source addresses in the
  623. database associated by the driver with that bridge (and not with other
  624. VLAN-unaware bridges). During forwarding and FDB lookup, a packet received on a
  625. VLAN-unaware bridge port should be able to find a VLAN-unaware FDB entry having
  626. the same MAC DA as the packet, which is present on another port member of the
  627. same bridge. At the same time, the FDB lookup process must be able to not find
  628. an FDB entry having the same MAC DA as the packet, if that entry points towards
  629. a port which is a member of a different VLAN-unaware bridge (and is therefore
  630. associated with a different address database).
  631. Similarly, each VLAN of each offloaded VLAN-aware bridge should have an
  632. associated address database, which is shared by all ports which are members of
  633. that VLAN, but not shared by ports belonging to different bridges that are
  634. members of the same VID.
  635. In this context, a VLAN-unaware database means that all packets are expected to
  636. match on it irrespective of VLAN ID (only MAC address lookup), whereas a
  637. VLAN-aware database means that packets are supposed to match based on the VLAN
  638. ID from the classified 802.1Q header (or the pvid if untagged).
  639. At the bridge layer, VLAN-unaware FDB entries have the special VID value of 0,
  640. whereas VLAN-aware FDB entries have non-zero VID values. Note that a
  641. VLAN-unaware bridge may have VLAN-aware (non-zero VID) FDB entries, and a
  642. VLAN-aware bridge may have VLAN-unaware FDB entries. As in hardware, the
  643. software bridge keeps separate address databases, and offloads to hardware the
  644. FDB entries belonging to these databases, through switchdev, asynchronously
  645. relative to the moment when the databases become active or inactive.
  646. When a user port operates in standalone mode, its driver should configure it to
  647. use a separate database called a port private database. This is different from
  648. the databases described above, and should impede operation as standalone port
  649. (packet in, packet out to the CPU port) as little as possible. For example,
  650. on ingress, it should not attempt to learn the MAC SA of ingress traffic, since
  651. learning is a bridging layer service and this is a standalone port, therefore
  652. it would consume useless space. With no address learning, the port private
  653. database should be empty in a naive implementation, and in this case, all
  654. received packets should be trivially flooded to the CPU port.
  655. DSA (cascade) and CPU ports are also called "shared" ports because they service
  656. multiple address databases, and the database that a packet should be associated
  657. to is usually embedded in the DSA tag. This means that the CPU port may
  658. simultaneously transport packets coming from a standalone port (which were
  659. classified by hardware in one address database), and from a bridge port (which
  660. were classified to a different address database).
  661. Switch drivers which satisfy certain criteria are able to optimize the naive
  662. configuration by removing the CPU port from the flooding domain of the switch,
  663. and just program the hardware with FDB entries pointing towards the CPU port
  664. for which it is known that software is interested in those MAC addresses.
  665. Packets which do not match a known FDB entry will not be delivered to the CPU,
  666. which will save CPU cycles required for creating an skb just to drop it.
  667. DSA is able to perform host address filtering for the following kinds of
  668. addresses:
  669. - Primary unicast MAC addresses of ports (``dev->dev_addr``). These are
  670. associated with the port private database of the respective user port,
  671. and the driver is notified to install them through ``port_fdb_add`` towards
  672. the CPU port.
  673. - Secondary unicast and multicast MAC addresses of ports (addresses added
  674. through ``dev_uc_add()`` and ``dev_mc_add()``). These are also associated
  675. with the port private database of the respective user port.
  676. - Local/permanent bridge FDB entries (``BR_FDB_LOCAL``). These are the MAC
  677. addresses of the bridge ports, for which packets must be terminated locally
  678. and not forwarded. They are associated with the address database for that
  679. bridge.
  680. - Static bridge FDB entries installed towards foreign (non-DSA) interfaces
  681. present in the same bridge as some DSA switch ports. These are also
  682. associated with the address database for that bridge.
  683. - Dynamically learned FDB entries on foreign interfaces present in the same
  684. bridge as some DSA switch ports, only if ``ds->assisted_learning_on_cpu_port``
  685. is set to true by the driver. These are associated with the address database
  686. for that bridge.
  687. For various operations detailed below, DSA provides a ``dsa_db`` structure
  688. which can be of the following types:
  689. - ``DSA_DB_PORT``: the FDB (or MDB) entry to be installed or deleted belongs to
  690. the port private database of user port ``db->dp``.
  691. - ``DSA_DB_BRIDGE``: the entry belongs to one of the address databases of bridge
  692. ``db->bridge``. Separation between the VLAN-unaware database and the per-VID
  693. databases of this bridge is expected to be done by the driver.
  694. - ``DSA_DB_LAG``: the entry belongs to the address database of LAG ``db->lag``.
  695. Note: ``DSA_DB_LAG`` is currently unused and may be removed in the future.
  696. The drivers which act upon the ``dsa_db`` argument in ``port_fdb_add``,
  697. ``port_mdb_add`` etc should declare ``ds->fdb_isolation`` as true.
  698. DSA associates each offloaded bridge and each offloaded LAG with a one-based ID
  699. (``struct dsa_bridge :: num``, ``struct dsa_lag :: id``) for the purposes of
  700. refcounting addresses on shared ports. Drivers may piggyback on DSA's numbering
  701. scheme (the ID is readable through ``db->bridge.num`` and ``db->lag.id`` or may
  702. implement their own.
  703. Only the drivers which declare support for FDB isolation are notified of FDB
  704. entries on the CPU port belonging to ``DSA_DB_PORT`` databases.
  705. For compatibility/legacy reasons, ``DSA_DB_BRIDGE`` addresses are notified to
  706. drivers even if they do not support FDB isolation. However, ``db->bridge.num``
  707. and ``db->lag.id`` are always set to 0 in that case (to denote the lack of
  708. isolation, for refcounting purposes).
  709. Note that it is not mandatory for a switch driver to implement physically
  710. separate address databases for each standalone user port. Since FDB entries in
  711. the port private databases will always point to the CPU port, there is no risk
  712. for incorrect forwarding decisions. In this case, all standalone ports may
  713. share the same database, but the reference counting of host-filtered addresses
  714. (not deleting the FDB entry for a port's MAC address if it's still in use by
  715. another port) becomes the responsibility of the driver, because DSA is unaware
  716. that the port databases are in fact shared. This can be achieved by calling
  717. ``dsa_fdb_present_in_other_db()`` and ``dsa_mdb_present_in_other_db()``.
  718. The down side is that the RX filtering lists of each user port are in fact
  719. shared, which means that user port A may accept a packet with a MAC DA it
  720. shouldn't have, only because that MAC address was in the RX filtering list of
  721. user port B. These packets will still be dropped in software, however.
  722. Bridge layer
  723. ------------
  724. Offloading the bridge forwarding plane is optional and handled by the methods
  725. below. They may be absent, return -EOPNOTSUPP, or ``ds->max_num_bridges`` may
  726. be non-zero and exceeded, and in this case, joining a bridge port is still
  727. possible, but the packet forwarding will take place in software, and the ports
  728. under a software bridge must remain configured in the same way as for
  729. standalone operation, i.e. have all bridging service functions (address
  730. learning etc) disabled, and send all received packets to the CPU port only.
  731. Concretely, a port starts offloading the forwarding plane of a bridge once it
  732. returns success to the ``port_bridge_join`` method, and stops doing so after
  733. ``port_bridge_leave`` has been called. Offloading the bridge means autonomously
  734. learning FDB entries in accordance with the software bridge port's state, and
  735. autonomously forwarding (or flooding) received packets without CPU intervention.
  736. This is optional even when offloading a bridge port. Tagging protocol drivers
  737. are expected to call ``dsa_default_offload_fwd_mark(skb)`` for packets which
  738. have already been autonomously forwarded in the forwarding domain of the
  739. ingress switch port. DSA, through ``dsa_port_devlink_setup()``, considers all
  740. switch ports part of the same tree ID to be part of the same bridge forwarding
  741. domain (capable of autonomous forwarding to each other).
  742. Offloading the TX forwarding process of a bridge is a distinct concept from
  743. simply offloading its forwarding plane, and refers to the ability of certain
  744. driver and tag protocol combinations to transmit a single skb coming from the
  745. bridge device's transmit function to potentially multiple egress ports (and
  746. thereby avoid its cloning in software).
  747. Packets for which the bridge requests this behavior are called data plane
  748. packets and have ``skb->offload_fwd_mark`` set to true in the tag protocol
  749. driver's ``xmit`` function. Data plane packets are subject to FDB lookup,
  750. hardware learning on the CPU port, and do not override the port STP state.
  751. Additionally, replication of data plane packets (multicast, flooding) is
  752. handled in hardware and the bridge driver will transmit a single skb for each
  753. packet that may or may not need replication.
  754. When the TX forwarding offload is enabled, the tag protocol driver is
  755. responsible to inject packets into the data plane of the hardware towards the
  756. correct bridging domain (FID) that the port is a part of. The port may be
  757. VLAN-unaware, and in this case the FID must be equal to the FID used by the
  758. driver for its VLAN-unaware address database associated with that bridge.
  759. Alternatively, the bridge may be VLAN-aware, and in that case, it is guaranteed
  760. that the packet is also VLAN-tagged with the VLAN ID that the bridge processed
  761. this packet in. It is the responsibility of the hardware to untag the VID on
  762. the egress-untagged ports, or keep the tag on the egress-tagged ones.
  763. - ``port_bridge_join``: bridge layer function invoked when a given switch port is
  764. added to a bridge, this function should do what's necessary at the switch
  765. level to permit the joining port to be added to the relevant logical
  766. domain for it to ingress/egress traffic with other members of the bridge.
  767. By setting the ``tx_fwd_offload`` argument to true, the TX forwarding process
  768. of this bridge is also offloaded.
  769. - ``port_bridge_leave``: bridge layer function invoked when a given switch port is
  770. removed from a bridge, this function should do what's necessary at the
  771. switch level to deny the leaving port from ingress/egress traffic from the
  772. remaining bridge members.
  773. - ``port_stp_state_set``: bridge layer function invoked when a given switch port STP
  774. state is computed by the bridge layer and should be propagated to switch
  775. hardware to forward/block/learn traffic.
  776. - ``port_bridge_flags``: bridge layer function invoked when a port must
  777. configure its settings for e.g. flooding of unknown traffic or source address
  778. learning. The switch driver is responsible for initial setup of the
  779. standalone ports with address learning disabled and egress flooding of all
  780. types of traffic, then the DSA core notifies of any change to the bridge port
  781. flags when the port joins and leaves a bridge. DSA does not currently manage
  782. the bridge port flags for the CPU port. The assumption is that address
  783. learning should be statically enabled (if supported by the hardware) on the
  784. CPU port, and flooding towards the CPU port should also be enabled, due to a
  785. lack of an explicit address filtering mechanism in the DSA core.
  786. - ``port_fast_age``: bridge layer function invoked when flushing the
  787. dynamically learned FDB entries on the port is necessary. This is called when
  788. transitioning from an STP state where learning should take place to an STP
  789. state where it shouldn't, or when leaving a bridge, or when address learning
  790. is turned off via ``port_bridge_flags``.
  791. Bridge VLAN filtering
  792. ---------------------
  793. - ``port_vlan_filtering``: bridge layer function invoked when the bridge gets
  794. configured for turning on or off VLAN filtering. If nothing specific needs to
  795. be done at the hardware level, this callback does not need to be implemented.
  796. When VLAN filtering is turned on, the hardware must be programmed with
  797. rejecting 802.1Q frames which have VLAN IDs outside of the programmed allowed
  798. VLAN ID map/rules. If there is no PVID programmed into the switch port,
  799. untagged frames must be rejected as well. When turned off the switch must
  800. accept any 802.1Q frames irrespective of their VLAN ID, and untagged frames are
  801. allowed.
  802. - ``port_vlan_add``: bridge layer function invoked when a VLAN is configured
  803. (tagged or untagged) for the given switch port. The CPU port becomes a member
  804. of a VLAN only if a foreign bridge port is also a member of it (and
  805. forwarding needs to take place in software), or the VLAN is installed to the
  806. VLAN group of the bridge device itself, for termination purposes
  807. (``bridge vlan add dev br0 vid 100 self``). VLANs on shared ports are
  808. reference counted and removed when there is no user left. Drivers do not need
  809. to manually install a VLAN on the CPU port.
  810. - ``port_vlan_del``: bridge layer function invoked when a VLAN is removed from the
  811. given switch port
  812. - ``port_fdb_add``: bridge layer function invoked when the bridge wants to install a
  813. Forwarding Database entry, the switch hardware should be programmed with the
  814. specified address in the specified VLAN Id in the forwarding database
  815. associated with this VLAN ID.
  816. - ``port_fdb_del``: bridge layer function invoked when the bridge wants to remove a
  817. Forwarding Database entry, the switch hardware should be programmed to delete
  818. the specified MAC address from the specified VLAN ID if it was mapped into
  819. this port forwarding database
  820. - ``port_fdb_dump``: bridge bypass function invoked by ``ndo_fdb_dump`` on the
  821. physical DSA port interfaces. Since DSA does not attempt to keep in sync its
  822. hardware FDB entries with the software bridge, this method is implemented as
  823. a means to view the entries visible on user ports in the hardware database.
  824. The entries reported by this function have the ``self`` flag in the output of
  825. the ``bridge fdb show`` command.
  826. - ``port_mdb_add``: bridge layer function invoked when the bridge wants to install
  827. a multicast database entry. The switch hardware should be programmed with the
  828. specified address in the specified VLAN ID in the forwarding database
  829. associated with this VLAN ID.
  830. - ``port_mdb_del``: bridge layer function invoked when the bridge wants to remove a
  831. multicast database entry, the switch hardware should be programmed to delete
  832. the specified MAC address from the specified VLAN ID if it was mapped into
  833. this port forwarding database.
  834. Link aggregation
  835. ----------------
  836. Link aggregation is implemented in the Linux networking stack by the bonding
  837. and team drivers, which are modeled as virtual, stackable network interfaces.
  838. DSA is capable of offloading a link aggregation group (LAG) to hardware that
  839. supports the feature, and supports bridging between physical ports and LAGs,
  840. as well as between LAGs. A bonding/team interface which holds multiple physical
  841. ports constitutes a logical port, although DSA has no explicit concept of a
  842. logical port at the moment. Due to this, events where a LAG joins/leaves a
  843. bridge are treated as if all individual physical ports that are members of that
  844. LAG join/leave the bridge. Switchdev port attributes (VLAN filtering, STP
  845. state, etc) and objects (VLANs, MDB entries) offloaded to a LAG as bridge port
  846. are treated similarly: DSA offloads the same switchdev object / port attribute
  847. on all members of the LAG. Static bridge FDB entries on a LAG are not yet
  848. supported, since the DSA driver API does not have the concept of a logical port
  849. ID.
  850. - ``port_lag_join``: function invoked when a given switch port is added to a
  851. LAG. The driver may return ``-EOPNOTSUPP``, and in this case, DSA will fall
  852. back to a software implementation where all traffic from this port is sent to
  853. the CPU.
  854. - ``port_lag_leave``: function invoked when a given switch port leaves a LAG
  855. and returns to operation as a standalone port.
  856. - ``port_lag_change``: function invoked when the link state of any member of
  857. the LAG changes, and the hashing function needs rebalancing to only make use
  858. of the subset of physical LAG member ports that are up.
  859. Drivers that benefit from having an ID associated with each offloaded LAG
  860. can optionally populate ``ds->num_lag_ids`` from the ``dsa_switch_ops::setup``
  861. method. The LAG ID associated with a bonding/team interface can then be
  862. retrieved by a DSA switch driver using the ``dsa_lag_id`` function.
  863. IEC 62439-2 (MRP)
  864. -----------------
  865. The Media Redundancy Protocol is a topology management protocol optimized for
  866. fast fault recovery time for ring networks, which has some components
  867. implemented as a function of the bridge driver. MRP uses management PDUs
  868. (Test, Topology, LinkDown/Up, Option) sent at a multicast destination MAC
  869. address range of 01:15:4e:00:00:0x and with an EtherType of 0x88e3.
  870. Depending on the node's role in the ring (MRM: Media Redundancy Manager,
  871. MRC: Media Redundancy Client, MRA: Media Redundancy Automanager), certain MRP
  872. PDUs might need to be terminated locally and others might need to be forwarded.
  873. An MRM might also benefit from offloading to hardware the creation and
  874. transmission of certain MRP PDUs (Test).
  875. Normally an MRP instance can be created on top of any network interface,
  876. however in the case of a device with an offloaded data path such as DSA, it is
  877. necessary for the hardware, even if it is not MRP-aware, to be able to extract
  878. the MRP PDUs from the fabric before the driver can proceed with the software
  879. implementation. DSA today has no driver which is MRP-aware, therefore it only
  880. listens for the bare minimum switchdev objects required for the software assist
  881. to work properly. The operations are detailed below.
  882. - ``port_mrp_add`` and ``port_mrp_del``: notifies driver when an MRP instance
  883. with a certain ring ID, priority, primary port and secondary port is
  884. created/deleted.
  885. - ``port_mrp_add_ring_role`` and ``port_mrp_del_ring_role``: function invoked
  886. when an MRP instance changes ring roles between MRM or MRC. This affects
  887. which MRP PDUs should be trapped to software and which should be autonomously
  888. forwarded.
  889. IEC 62439-3 (HSR/PRP)
  890. ---------------------
  891. The Parallel Redundancy Protocol (PRP) is a network redundancy protocol which
  892. works by duplicating and sequence numbering packets through two independent L2
  893. networks (which are unaware of the PRP tail tags carried in the packets), and
  894. eliminating the duplicates at the receiver. The High-availability Seamless
  895. Redundancy (HSR) protocol is similar in concept, except all nodes that carry
  896. the redundant traffic are aware of the fact that it is HSR-tagged (because HSR
  897. uses a header with an EtherType of 0x892f) and are physically connected in a
  898. ring topology. Both HSR and PRP use supervision frames for monitoring the
  899. health of the network and for discovery of other nodes.
  900. In Linux, both HSR and PRP are implemented in the hsr driver, which
  901. instantiates a virtual, stackable network interface with two member ports.
  902. The driver only implements the basic roles of DANH (Doubly Attached Node
  903. implementing HSR), DANP (Doubly Attached Node implementing PRP) and RedBox
  904. (allows non-HSR devices to connect to the ring via Interlink ports).
  905. A driver which is able of offloading certain functions should declare the
  906. corresponding netdev features as indicated by the documentation at
  907. ``Documentation/networking/netdev-features.rst``. Additionally, the following
  908. methods must be implemented:
  909. - ``port_hsr_join``: function invoked when a given switch port is added to a
  910. DANP/DANH. The driver may return ``-EOPNOTSUPP`` and in this case, DSA will
  911. fall back to a software implementation where all traffic from this port is
  912. sent to the CPU.
  913. - ``port_hsr_leave``: function invoked when a given switch port leaves a
  914. DANP/DANH and returns to normal operation as a standalone port.
  915. Note that the ``NETIF_F_HW_HSR_DUP`` feature relies on transmission towards
  916. multiple ports, which is generally available whenever the tagging protocol uses
  917. the ``dsa_xmit_port_mask()`` helper function. If the helper is used, the HSR
  918. offload feature should also be set. The ``dsa_port_simple_hsr_join()`` and
  919. ``dsa_port_simple_hsr_leave()`` methods can be used as generic implementations
  920. of ``port_hsr_join`` and ``port_hsr_leave``, if this is the only supported
  921. offload feature.
  922. TODO
  923. ====
  924. Making SWITCHDEV and DSA converge towards an unified codebase
  925. -------------------------------------------------------------
  926. SWITCHDEV properly takes care of abstracting the networking stack with offload
  927. capable hardware, but does not enforce a strict switch device driver model. On
  928. the other DSA enforces a fairly strict device driver model, and deals with most
  929. of the switch specific. At some point we should envision a merger between these
  930. two subsystems and get the best of both worlds.