• Vladimir Oltean's avatar
    net: dsa: sja1105: fix leakage of flooded frames outside bridging domain · 7f7ccdea
    Vladimir Oltean authored
    Quite embarrasingly, I managed to fool myself into thinking that the
    flooding domain of sja1105 source ports is restricted by the forwarding
    domain, which it isn't. Frames which match an FDB entry are forwarded
    towards that entry's DESTPORTS restricted by REACH_PORT[SRC_PORT], while
    frames that don't match any FDB entry are forwarded towards
    FL_DOMAIN[SRC_PORT] or BC_DOMAIN[SRC_PORT].
    
    This means we can't get away with doing the simple thing, and we must
    manage the flooding domain ourselves such that it is restricted by the
    forwarding domain. This new function must be called from the
    .port_bridge_join and .port_bridge_leave methods too, not just from
    .port_bridge_flags as we did before.
    
    Fixes: 4d942354 ("net: dsa: sja1105: offload bridge port flags to device")
    Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    7f7ccdea
sja1105_main.c 104 KB