Loading...
1============
2Architecture
3============
4
5This document describes the **Distributed Switch Architecture (DSA)** subsystem
6design principles, limitations, interactions with other subsystems, and how to
7develop drivers for this subsystem as well as a TODO for developers interested
8in joining the effort.
9
10Design principles
11=================
12
13The Distributed Switch Architecture subsystem was primarily designed to
14support Marvell Ethernet switches (MV88E6xxx, a.k.a. Link Street product
15line) using Linux, but has since evolved to support other vendors as well.
16
17The original philosophy behind this design was to be able to use unmodified
18Linux tools such as bridge, iproute2, ifconfig to work transparently whether
19they configured/queried a switch port network device or a regular network
20device.
21
22An Ethernet switch typically comprises multiple front-panel ports and one
23or more CPU or management ports. The DSA subsystem currently relies on the
24presence of a management port connected to an Ethernet controller capable of
25receiving Ethernet frames from the switch. This is a very common setup for all
26kinds of Ethernet switches found in Small Home and Office products: routers,
27gateways, or even top-of-rack switches. This host Ethernet controller will
28be later referred to as "master" and "cpu" in DSA terminology and code.
29
30The D in DSA stands for Distributed, because the subsystem has been designed
31with the ability to configure and manage cascaded switches on top of each other
32using upstream and downstream Ethernet links between switches. These specific
33ports are referred to as "dsa" ports in DSA terminology and code. A collection
34of multiple switches connected to each other is called a "switch tree".
35
36For each front-panel port, DSA creates specialized network devices which are
37used as controlling and data-flowing endpoints for use by the Linux networking
38stack. These specialized network interfaces are referred to as "slave" network
39interfaces in DSA terminology and code.
40
41The ideal case for using DSA is when an Ethernet switch supports a "switch tag"
42which is a hardware feature making the switch insert a specific tag for each
43Ethernet frame it receives to/from specific ports to help the management
44interface figure out:
45
46- what port is this frame coming from
47- what was the reason why this frame got forwarded
48- how to send CPU originated traffic to specific ports
49
50The subsystem does support switches not capable of inserting/stripping tags, but
51the features might be slightly limited in that case (traffic separation relies
52on Port-based VLAN IDs).
53
54Note that DSA does not currently create network interfaces for the "cpu" and
55"dsa" ports because:
56
57- the "cpu" port is the Ethernet switch facing side of the management
58 controller, and as such, would create a duplication of feature, since you
59 would get two interfaces for the same conduit: master netdev, and "cpu" netdev
60
61- the "dsa" port(s) are just conduits between two or more switches, and as such
62 cannot really be used as proper network interfaces either, only the
63 downstream, or the top-most upstream interface makes sense with that model
64
65Switch tagging protocols
66------------------------
67
68DSA supports many vendor-specific tagging protocols, one software-defined
69tagging protocol, and a tag-less mode as well (``DSA_TAG_PROTO_NONE``).
70
71The exact format of the tag protocol is vendor specific, but in general, they
72all contain something which:
73
74- identifies which port the Ethernet frame came from/should be sent to
75- provides a reason why this frame was forwarded to the management interface
76
77All tagging protocols are in ``net/dsa/tag_*.c`` files and implement the
78methods of the ``struct dsa_device_ops`` structure, which are detailed below.
79
80Tagging protocols generally fall in one of three categories:
81
821. The switch-specific frame header is located before the Ethernet header,
83 shifting to the right (from the perspective of the DSA master's frame
84 parser) the MAC DA, MAC SA, EtherType and the entire L2 payload.
852. The switch-specific frame header is located before the EtherType, keeping
86 the MAC DA and MAC SA in place from the DSA master's perspective, but
87 shifting the 'real' EtherType and L2 payload to the right.
883. The switch-specific frame header is located at the tail of the packet,
89 keeping all frame headers in place and not altering the view of the packet
90 that the DSA master's frame parser has.
91
92A tagging protocol may tag all packets with switch tags of the same length, or
93the tag length might vary (for example packets with PTP timestamps might
94require an extended switch tag, or there might be one tag length on TX and a
95different one on RX). Either way, the tagging protocol driver must populate the
96``struct dsa_device_ops::needed_headroom`` and/or ``struct dsa_device_ops::needed_tailroom``
97with the length in octets of the longest switch frame header/trailer. The DSA
98framework will automatically adjust the MTU of the master interface to
99accommodate for this extra size in order for DSA user ports to support the
100standard MTU (L2 payload length) of 1500 octets. The ``needed_headroom`` and
101``needed_tailroom`` properties are also used to request from the network stack,
102on a best-effort basis, the allocation of packets with enough extra space such
103that the act of pushing the switch tag on transmission of a packet does not
104cause it to reallocate due to lack of memory.
105
106Even though applications are not expected to parse DSA-specific frame headers,
107the format on the wire of the tagging protocol represents an Application Binary
108Interface exposed by the kernel towards user space, for decoders such as
109``libpcap``. The tagging protocol driver must populate the ``proto`` member of
110``struct dsa_device_ops`` with a value that uniquely describes the
111characteristics of the interaction required between the switch hardware and the
112data path driver: the offset of each bit field within the frame header and any
113stateful processing required to deal with the frames (as may be required for
114PTP timestamping).
115
116From the perspective of the network stack, all switches within the same DSA
117switch tree use the same tagging protocol. In case of a packet transiting a
118fabric with more than one switch, the switch-specific frame header is inserted
119by the first switch in the fabric that the packet was received on. This header
120typically contains information regarding its type (whether it is a control
121frame that must be trapped to the CPU, or a data frame to be forwarded).
122Control frames should be decapsulated only by the software data path, whereas
123data frames might also be autonomously forwarded towards other user ports of
124other switches from the same fabric, and in this case, the outermost switch
125ports must decapsulate the packet.
126
127Note that in certain cases, it might be the case that the tagging format used
128by a leaf switch (not connected directly to the CPU) is not the same as what
129the network stack sees. This can be seen with Marvell switch trees, where the
130CPU port can be configured to use either the DSA or the Ethertype DSA (EDSA)
131format, but the DSA links are configured to use the shorter (without Ethertype)
132DSA frame header, in order to reduce the autonomous packet forwarding overhead.
133It still remains the case that, if the DSA switch tree is configured for the
134EDSA tagging protocol, the operating system sees EDSA-tagged packets from the
135leaf switches that tagged them with the shorter DSA header. This can be done
136because the Marvell switch connected directly to the CPU is configured to
137perform tag translation between DSA and EDSA (which is simply the operation of
138adding or removing the ``ETH_P_EDSA`` EtherType and some padding octets).
139
140It is possible to construct cascaded setups of DSA switches even if their
141tagging protocols are not compatible with one another. In this case, there are
142no DSA links in this fabric, and each switch constitutes a disjoint DSA switch
143tree. The DSA links are viewed as simply a pair of a DSA master (the out-facing
144port of the upstream DSA switch) and a CPU port (the in-facing port of the
145downstream DSA switch).
146
147The tagging protocol of the attached DSA switch tree can be viewed through the
148``dsa/tagging`` sysfs attribute of the DSA master::
149
150 cat /sys/class/net/eth0/dsa/tagging
151
152If the hardware and driver are capable, the tagging protocol of the DSA switch
153tree can be changed at runtime. This is done by writing the new tagging
154protocol name to the same sysfs device attribute as above (the DSA master and
155all attached switch ports must be down while doing this).
156
157It is desirable that all tagging protocols are testable with the ``dsa_loop``
158mockup driver, which can be attached to any network interface. The goal is that
159any network interface should be capable of transmitting the same packet in the
160same way, and the tagger should decode the same received packet in the same way
161regardless of the driver used for the switch control path, and the driver used
162for the DSA master.
163
164The transmission of a packet goes through the tagger's ``xmit`` function.
165The passed ``struct sk_buff *skb`` has ``skb->data`` pointing at
166``skb_mac_header(skb)``, i.e. at the destination MAC address, and the passed
167``struct net_device *dev`` represents the virtual DSA user network interface
168whose hardware counterpart the packet must be steered to (i.e. ``swp0``).
169The job of this method is to prepare the skb in a way that the switch will
170understand what egress port the packet is for (and not deliver it towards other
171ports). Typically this is fulfilled by pushing a frame header. Checking for
172insufficient size in the skb headroom or tailroom is unnecessary provided that
173the ``needed_headroom`` and ``needed_tailroom`` properties were filled out
174properly, because DSA ensures there is enough space before calling this method.
175
176The reception of a packet goes through the tagger's ``rcv`` function. The
177passed ``struct sk_buff *skb`` has ``skb->data`` pointing at
178``skb_mac_header(skb) + ETH_ALEN`` octets, i.e. to where the first octet after
179the EtherType would have been, were this frame not tagged. The role of this
180method is to consume the frame header, adjust ``skb->data`` to really point at
181the first octet after the EtherType, and to change ``skb->dev`` to point to the
182virtual DSA user network interface corresponding to the physical front-facing
183switch port that the packet was received on.
184
185Since tagging protocols in category 1 and 2 break software (and most often also
186hardware) packet dissection on the DSA master, features such as RPS (Receive
187Packet Steering) on the DSA master would be broken. The DSA framework deals
188with this by hooking into the flow dissector and shifting the offset at which
189the IP header is to be found in the tagged frame as seen by the DSA master.
190This behavior is automatic based on the ``overhead`` value of the tagging
191protocol. If not all packets are of equal size, the tagger can implement the
192``flow_dissect`` method of the ``struct dsa_device_ops`` and override this
193default behavior by specifying the correct offset incurred by each individual
194RX packet. Tail taggers do not cause issues to the flow dissector.
195
196Checksum offload should work with category 1 and 2 taggers when the DSA master
197driver declares NETIF_F_HW_CSUM in vlan_features and looks at csum_start and
198csum_offset. For those cases, DSA will shift the checksum start and offset by
199the tag size. If the DSA master driver still uses the legacy NETIF_F_IP_CSUM
200or NETIF_F_IPV6_CSUM in vlan_features, the offload might only work if the
201offload hardware already expects that specific tag (perhaps due to matching
202vendors). DSA slaves inherit those flags from the master port, and it is up to
203the driver to correctly fall back to software checksum when the IP header is not
204where the hardware expects. If that check is ineffective, the packets might go
205to the network without a proper checksum (the checksum field will have the
206pseudo IP header sum). For category 3, when the offload hardware does not
207already expect the switch tag in use, the checksum must be calculated before any
208tag is inserted (i.e. inside the tagger). Otherwise, the DSA master would
209include the tail tag in the (software or hardware) checksum calculation. Then,
210when the tag gets stripped by the switch during transmission, it will leave an
211incorrect IP checksum in place.
212
213Due to various reasons (most common being category 1 taggers being associated
214with DSA-unaware masters, mangling what the master perceives as MAC DA), the
215tagging protocol may require the DSA master to operate in promiscuous mode, to
216receive all frames regardless of the value of the MAC DA. This can be done by
217setting the ``promisc_on_master`` property of the ``struct dsa_device_ops``.
218Note that this assumes a DSA-unaware master driver, which is the norm.
219
220Master network devices
221----------------------
222
223Master network devices are regular, unmodified Linux network device drivers for
224the CPU/management Ethernet interface. Such a driver might occasionally need to
225know whether DSA is enabled (e.g.: to enable/disable specific offload features),
226but the DSA subsystem has been proven to work with industry standard drivers:
227``e1000e,`` ``mv643xx_eth`` etc. without having to introduce modifications to these
228drivers. Such network devices are also often referred to as conduit network
229devices since they act as a pipe between the host processor and the hardware
230Ethernet switch.
231
232Networking stack hooks
233----------------------
234
235When a master netdev is used with DSA, a small hook is placed in the
236networking stack is in order to have the DSA subsystem process the Ethernet
237switch specific tagging protocol. DSA accomplishes this by registering a
238specific (and fake) Ethernet type (later becoming ``skb->protocol``) with the
239networking stack, this is also known as a ``ptype`` or ``packet_type``. A typical
240Ethernet Frame receive sequence looks like this:
241
242Master network device (e.g.: e1000e):
243
2441. Receive interrupt fires:
245
246 - receive function is invoked
247 - basic packet processing is done: getting length, status etc.
248 - packet is prepared to be processed by the Ethernet layer by calling
249 ``eth_type_trans``
250
2512. net/ethernet/eth.c::
252
253 eth_type_trans(skb, dev)
254 if (dev->dsa_ptr != NULL)
255 -> skb->protocol = ETH_P_XDSA
256
2573. drivers/net/ethernet/\*::
258
259 netif_receive_skb(skb)
260 -> iterate over registered packet_type
261 -> invoke handler for ETH_P_XDSA, calls dsa_switch_rcv()
262
2634. net/dsa/dsa.c::
264
265 -> dsa_switch_rcv()
266 -> invoke switch tag specific protocol handler in 'net/dsa/tag_*.c'
267
2685. net/dsa/tag_*.c:
269
270 - inspect and strip switch tag protocol to determine originating port
271 - locate per-port network device
272 - invoke ``eth_type_trans()`` with the DSA slave network device
273 - invoked ``netif_receive_skb()``
274
275Past this point, the DSA slave network devices get delivered regular Ethernet
276frames that can be processed by the networking stack.
277
278Slave network devices
279---------------------
280
281Slave network devices created by DSA are stacked on top of their master network
282device, each of these network interfaces will be responsible for being a
283controlling and data-flowing end-point for each front-panel port of the switch.
284These interfaces are specialized in order to:
285
286- insert/remove the switch tag protocol (if it exists) when sending traffic
287 to/from specific switch ports
288- query the switch for ethtool operations: statistics, link state,
289 Wake-on-LAN, register dumps...
290- manage external/internal PHY: link, auto-negotiation, etc.
291
292These slave network devices have custom net_device_ops and ethtool_ops function
293pointers which allow DSA to introduce a level of layering between the networking
294stack/ethtool and the switch driver implementation.
295
296Upon frame transmission from these slave network devices, DSA will look up which
297switch tagging protocol is currently registered with these network devices and
298invoke a specific transmit routine which takes care of adding the relevant
299switch tag in the Ethernet frames.
300
301These frames are then queued for transmission using the master network device
302``ndo_start_xmit()`` function. Since they contain the appropriate switch tag, the
303Ethernet switch will be able to process these incoming frames from the
304management interface and deliver them to the physical switch port.
305
306When using multiple CPU ports, it is possible to stack a LAG (bonding/team)
307device between the DSA slave devices and the physical DSA masters. The LAG
308device is thus also a DSA master, but the LAG slave devices continue to be DSA
309masters as well (just with no user port assigned to them; this is needed for
310recovery in case the LAG DSA master disappears). Thus, the data path of the LAG
311DSA master is used asymmetrically. On RX, the ``ETH_P_XDSA`` handler, which
312calls ``dsa_switch_rcv()``, is invoked early (on the physical DSA master;
313LAG slave). Therefore, the RX data path of the LAG DSA master is not used.
314On the other hand, TX takes place linearly: ``dsa_slave_xmit`` calls
315``dsa_enqueue_skb``, which calls ``dev_queue_xmit`` towards the LAG DSA master.
316The latter calls ``dev_queue_xmit`` towards one physical DSA master or the
317other, and in both cases, the packet exits the system through a hardware path
318towards the switch.
319
320Graphical representation
321------------------------
322
323Summarized, this is basically how DSA looks like from a network device
324perspective::
325
326 Unaware application
327 opens and binds socket
328 | ^
329 | |
330 +-----------v--|--------------------+
331 |+------+ +------+ +------+ +------+|
332 || swp0 | | swp1 | | swp2 | | swp3 ||
333 |+------+-+------+-+------+-+------+|
334 | DSA switch driver |
335 +-----------------------------------+
336 | ^
337 Tag added by | | Tag consumed by
338 switch driver | | switch driver
339 v |
340 +-----------------------------------+
341 | Unmodified host interface driver | Software
342 --------+-----------------------------------+------------
343 | Host interface (eth0) | Hardware
344 +-----------------------------------+
345 | ^
346 Tag consumed by | | Tag added by
347 switch hardware | | switch hardware
348 v |
349 +-----------------------------------+
350 | Switch |
351 |+------+ +------+ +------+ +------+|
352 || swp0 | | swp1 | | swp2 | | swp3 ||
353 ++------+-+------+-+------+-+------++
354
355Slave MDIO bus
356--------------
357
358In order to be able to read to/from a switch PHY built into it, DSA creates a
359slave MDIO bus which allows a specific switch driver to divert and intercept
360MDIO reads/writes towards specific PHY addresses. In most MDIO-connected
361switches, these functions would utilize direct or indirect PHY addressing mode
362to return standard MII registers from the switch builtin PHYs, allowing the PHY
363library and/or to return link status, link partner pages, auto-negotiation
364results, etc.
365
366For Ethernet switches which have both external and internal MDIO buses, the
367slave MII bus can be utilized to mux/demux MDIO reads and writes towards either
368internal or external MDIO devices this switch might be connected to: internal
369PHYs, external PHYs, or even external switches.
370
371Data structures
372---------------
373
374DSA data structures are defined in ``include/net/dsa.h`` as well as
375``net/dsa/dsa_priv.h``:
376
377- ``dsa_chip_data``: platform data configuration for a given switch device,
378 this structure describes a switch device's parent device, its address, as
379 well as various properties of its ports: names/labels, and finally a routing
380 table indication (when cascading switches)
381
382- ``dsa_platform_data``: platform device configuration data which can reference
383 a collection of dsa_chip_data structures if multiple switches are cascaded,
384 the master network device this switch tree is attached to needs to be
385 referenced
386
387- ``dsa_switch_tree``: structure assigned to the master network device under
388 ``dsa_ptr``, this structure references a dsa_platform_data structure as well as
389 the tagging protocol supported by the switch tree, and which receive/transmit
390 function hooks should be invoked, information about the directly attached
391 switch is also provided: CPU port. Finally, a collection of dsa_switch are
392 referenced to address individual switches in the tree.
393
394- ``dsa_switch``: structure describing a switch device in the tree, referencing
395 a ``dsa_switch_tree`` as a backpointer, slave network devices, master network
396 device, and a reference to the backing``dsa_switch_ops``
397
398- ``dsa_switch_ops``: structure referencing function pointers, see below for a
399 full description.
400
401Design limitations
402==================
403
404Lack of CPU/DSA network devices
405-------------------------------
406
407DSA does not currently create slave network devices for the CPU or DSA ports, as
408described before. This might be an issue in the following cases:
409
410- inability to fetch switch CPU port statistics counters using ethtool, which
411 can make it harder to debug MDIO switch connected using xMII interfaces
412
413- inability to configure the CPU port link parameters based on the Ethernet
414 controller capabilities attached to it: http://patchwork.ozlabs.org/patch/509806/
415
416- inability to configure specific VLAN IDs / trunking VLANs between switches
417 when using a cascaded setup
418
419Common pitfalls using DSA setups
420--------------------------------
421
422Once a master network device is configured to use DSA (dev->dsa_ptr becomes
423non-NULL), and the switch behind it expects a tagging protocol, this network
424interface can only exclusively be used as a conduit interface. Sending packets
425directly through this interface (e.g.: opening a socket using this interface)
426will not make us go through the switch tagging protocol transmit function, so
427the Ethernet switch on the other end, expecting a tag will typically drop this
428frame.
429
430Interactions with other subsystems
431==================================
432
433DSA currently leverages the following subsystems:
434
435- MDIO/PHY library: ``drivers/net/phy/phy.c``, ``mdio_bus.c``
436- Switchdev:``net/switchdev/*``
437- Device Tree for various of_* functions
438- Devlink: ``net/core/devlink.c``
439
440MDIO/PHY library
441----------------
442
443Slave network devices exposed by DSA may or may not be interfacing with PHY
444devices (``struct phy_device`` as defined in ``include/linux/phy.h)``, but the DSA
445subsystem deals with all possible combinations:
446
447- internal PHY devices, built into the Ethernet switch hardware
448- external PHY devices, connected via an internal or external MDIO bus
449- internal PHY devices, connected via an internal MDIO bus
450- special, non-autonegotiated or non MDIO-managed PHY devices: SFPs, MoCA; a.k.a
451 fixed PHYs
452
453The PHY configuration is done by the ``dsa_slave_phy_setup()`` function and the
454logic basically looks like this:
455
456- if Device Tree is used, the PHY device is looked up using the standard
457 "phy-handle" property, if found, this PHY device is created and registered
458 using ``of_phy_connect()``
459
460- if Device Tree is used and the PHY device is "fixed", that is, conforms to
461 the definition of a non-MDIO managed PHY as defined in
462 ``Documentation/devicetree/bindings/net/fixed-link.txt``, the PHY is registered
463 and connected transparently using the special fixed MDIO bus driver
464
465- finally, if the PHY is built into the switch, as is very common with
466 standalone switch packages, the PHY is probed using the slave MII bus created
467 by DSA
468
469
470SWITCHDEV
471---------
472
473DSA directly utilizes SWITCHDEV when interfacing with the bridge layer, and
474more specifically with its VLAN filtering portion when configuring VLANs on top
475of per-port slave network devices. As of today, the only SWITCHDEV objects
476supported by DSA are the FDB and VLAN objects.
477
478Devlink
479-------
480
481DSA registers one devlink device per physical switch in the fabric.
482For each devlink device, every physical port (i.e. user ports, CPU ports, DSA
483links or unused ports) is exposed as a devlink port.
484
485DSA drivers can make use of the following devlink features:
486
487- Regions: debugging feature which allows user space to dump driver-defined
488 areas of hardware information in a low-level, binary format. Both global
489 regions as well as per-port regions are supported. It is possible to export
490 devlink regions even for pieces of data that are already exposed in some way
491 to the standard iproute2 user space programs (ip-link, bridge), like address
492 tables and VLAN tables. For example, this might be useful if the tables
493 contain additional hardware-specific details which are not visible through
494 the iproute2 abstraction, or it might be useful to inspect these tables on
495 the non-user ports too, which are invisible to iproute2 because no network
496 interface is registered for them.
497- Params: a feature which enables user to configure certain low-level tunable
498 knobs pertaining to the device. Drivers may implement applicable generic
499 devlink params, or may add new device-specific devlink params.
500- Resources: a monitoring feature which enables users to see the degree of
501 utilization of certain hardware tables in the device, such as FDB, VLAN, etc.
502- Shared buffers: a QoS feature for adjusting and partitioning memory and frame
503 reservations per port and per traffic class, in the ingress and egress
504 directions, such that low-priority bulk traffic does not impede the
505 processing of high-priority critical traffic.
506
507For more details, consult ``Documentation/networking/devlink/``.
508
509Device Tree
510-----------
511
512DSA features a standardized binding which is documented in
513``Documentation/devicetree/bindings/net/dsa/dsa.txt``. PHY/MDIO library helper
514functions such as ``of_get_phy_mode()``, ``of_phy_connect()`` are also used to query
515per-port PHY specific details: interface connection, MDIO bus location, etc.
516
517Driver development
518==================
519
520DSA switch drivers need to implement a ``dsa_switch_ops`` structure which will
521contain the various members described below.
522
523Probing, registration and device lifetime
524-----------------------------------------
525
526DSA switches are regular ``device`` structures on buses (be they platform, SPI,
527I2C, MDIO or otherwise). The DSA framework is not involved in their probing
528with the device core.
529
530Switch registration from the perspective of a driver means passing a valid
531``struct dsa_switch`` pointer to ``dsa_register_switch()``, usually from the
532switch driver's probing function. The following members must be valid in the
533provided structure:
534
535- ``ds->dev``: will be used to parse the switch's OF node or platform data.
536
537- ``ds->num_ports``: will be used to create the port list for this switch, and
538 to validate the port indices provided in the OF node.
539
540- ``ds->ops``: a pointer to the ``dsa_switch_ops`` structure holding the DSA
541 method implementations.
542
543- ``ds->priv``: backpointer to a driver-private data structure which can be
544 retrieved in all further DSA method callbacks.
545
546In addition, the following flags in the ``dsa_switch`` structure may optionally
547be configured to obtain driver-specific behavior from the DSA core. Their
548behavior when set is documented through comments in ``include/net/dsa.h``.
549
550- ``ds->vlan_filtering_is_global``
551
552- ``ds->needs_standalone_vlan_filtering``
553
554- ``ds->configure_vlan_while_not_filtering``
555
556- ``ds->untag_bridge_pvid``
557
558- ``ds->assisted_learning_on_cpu_port``
559
560- ``ds->mtu_enforcement_ingress``
561
562- ``ds->fdb_isolation``
563
564Internally, DSA keeps an array of switch trees (group of switches) global to
565the kernel, and attaches a ``dsa_switch`` structure to a tree on registration.
566The tree ID to which the switch is attached is determined by the first u32
567number of the ``dsa,member`` property of the switch's OF node (0 if missing).
568The switch ID within the tree is determined by the second u32 number of the
569same OF property (0 if missing). Registering multiple switches with the same
570switch ID and tree ID is illegal and will cause an error. Using platform data,
571a single switch and a single switch tree is permitted.
572
573In case of a tree with multiple switches, probing takes place asymmetrically.
574The first N-1 callers of ``dsa_register_switch()`` only add their ports to the
575port list of the tree (``dst->ports``), each port having a backpointer to its
576associated switch (``dp->ds``). Then, these switches exit their
577``dsa_register_switch()`` call early, because ``dsa_tree_setup_routing_table()``
578has determined that the tree is not yet complete (not all ports referenced by
579DSA links are present in the tree's port list). The tree becomes complete when
580the last switch calls ``dsa_register_switch()``, and this triggers the effective
581continuation of initialization (including the call to ``ds->ops->setup()``) for
582all switches within that tree, all as part of the calling context of the last
583switch's probe function.
584
585The opposite of registration takes place when calling ``dsa_unregister_switch()``,
586which removes a switch's ports from the port list of the tree. The entire tree
587is torn down when the first switch unregisters.
588
589It is mandatory for DSA switch drivers to implement the ``shutdown()`` callback
590of their respective bus, and call ``dsa_switch_shutdown()`` from it (a minimal
591version of the full teardown performed by ``dsa_unregister_switch()``).
592The reason is that DSA keeps a reference on the master net device, and if the
593driver for the master device decides to unbind on shutdown, DSA's reference
594will block that operation from finalizing.
595
596Either ``dsa_switch_shutdown()`` or ``dsa_unregister_switch()`` must be called,
597but not both, and the device driver model permits the bus' ``remove()`` method
598to be called even if ``shutdown()`` was already called. Therefore, drivers are
599expected to implement a mutual exclusion method between ``remove()`` and
600``shutdown()`` by setting their drvdata to NULL after any of these has run, and
601checking whether the drvdata is NULL before proceeding to take any action.
602
603After ``dsa_switch_shutdown()`` or ``dsa_unregister_switch()`` was called, no
604further callbacks via the provided ``dsa_switch_ops`` may take place, and the
605driver may free the data structures associated with the ``dsa_switch``.
606
607Switch configuration
608--------------------
609
610- ``get_tag_protocol``: this is to indicate what kind of tagging protocol is
611 supported, should be a valid value from the ``dsa_tag_protocol`` enum.
612 The returned information does not have to be static; the driver is passed the
613 CPU port number, as well as the tagging protocol of a possibly stacked
614 upstream switch, in case there are hardware limitations in terms of supported
615 tag formats.
616
617- ``change_tag_protocol``: when the default tagging protocol has compatibility
618 problems with the master or other issues, the driver may support changing it
619 at runtime, either through a device tree property or through sysfs. In that
620 case, further calls to ``get_tag_protocol`` should report the protocol in
621 current use.
622
623- ``setup``: setup function for the switch, this function is responsible for setting
624 up the ``dsa_switch_ops`` private structure with all it needs: register maps,
625 interrupts, mutexes, locks, etc. This function is also expected to properly
626 configure the switch to separate all network interfaces from each other, that
627 is, they should be isolated by the switch hardware itself, typically by creating
628 a Port-based VLAN ID for each port and allowing only the CPU port and the
629 specific port to be in the forwarding vector. Ports that are unused by the
630 platform should be disabled. Past this function, the switch is expected to be
631 fully configured and ready to serve any kind of request. It is recommended
632 to issue a software reset of the switch during this setup function in order to
633 avoid relying on what a previous software agent such as a bootloader/firmware
634 may have previously configured. The method responsible for undoing any
635 applicable allocations or operations done here is ``teardown``.
636
637- ``port_setup`` and ``port_teardown``: methods for initialization and
638 destruction of per-port data structures. It is mandatory for some operations
639 such as registering and unregistering devlink port regions to be done from
640 these methods, otherwise they are optional. A port will be torn down only if
641 it has been previously set up. It is possible for a port to be set up during
642 probing only to be torn down immediately afterwards, for example in case its
643 PHY cannot be found. In this case, probing of the DSA switch continues
644 without that particular port.
645
646- ``port_change_master``: method through which the affinity (association used
647 for traffic termination purposes) between a user port and a CPU port can be
648 changed. By default all user ports from a tree are assigned to the first
649 available CPU port that makes sense for them (most of the times this means
650 the user ports of a tree are all assigned to the same CPU port, except for H
651 topologies as described in commit 2c0b03258b8b). The ``port`` argument
652 represents the index of the user port, and the ``master`` argument represents
653 the new DSA master ``net_device``. The CPU port associated with the new
654 master can be retrieved by looking at ``struct dsa_port *cpu_dp =
655 master->dsa_ptr``. Additionally, the master can also be a LAG device where
656 all the slave devices are physical DSA masters. LAG DSA masters also have a
657 valid ``master->dsa_ptr`` pointer, however this is not unique, but rather a
658 duplicate of the first physical DSA master's (LAG slave) ``dsa_ptr``. In case
659 of a LAG DSA master, a further call to ``port_lag_join`` will be emitted
660 separately for the physical CPU ports associated with the physical DSA
661 masters, requesting them to create a hardware LAG associated with the LAG
662 interface.
663
664PHY devices and link management
665-------------------------------
666
667- ``get_phy_flags``: Some switches are interfaced to various kinds of Ethernet PHYs,
668 if the PHY library PHY driver needs to know about information it cannot obtain
669 on its own (e.g.: coming from switch memory mapped registers), this function
670 should return a 32-bit bitmask of "flags" that is private between the switch
671 driver and the Ethernet PHY driver in ``drivers/net/phy/\*``.
672
673- ``phy_read``: Function invoked by the DSA slave MDIO bus when attempting to read
674 the switch port MDIO registers. If unavailable, return 0xffff for each read.
675 For builtin switch Ethernet PHYs, this function should allow reading the link
676 status, auto-negotiation results, link partner pages, etc.
677
678- ``phy_write``: Function invoked by the DSA slave MDIO bus when attempting to write
679 to the switch port MDIO registers. If unavailable return a negative error
680 code.
681
682- ``adjust_link``: Function invoked by the PHY library when a slave network device
683 is attached to a PHY device. This function is responsible for appropriately
684 configuring the switch port link parameters: speed, duplex, pause based on
685 what the ``phy_device`` is providing.
686
687- ``fixed_link_update``: Function invoked by the PHY library, and specifically by
688 the fixed PHY driver asking the switch driver for link parameters that could
689 not be auto-negotiated, or obtained by reading the PHY registers through MDIO.
690 This is particularly useful for specific kinds of hardware such as QSGMII,
691 MoCA or other kinds of non-MDIO managed PHYs where out of band link
692 information is obtained
693
694Ethtool operations
695------------------
696
697- ``get_strings``: ethtool function used to query the driver's strings, will
698 typically return statistics strings, private flags strings, etc.
699
700- ``get_ethtool_stats``: ethtool function used to query per-port statistics and
701 return their values. DSA overlays slave network devices general statistics:
702 RX/TX counters from the network device, with switch driver specific statistics
703 per port
704
705- ``get_sset_count``: ethtool function used to query the number of statistics items
706
707- ``get_wol``: ethtool function used to obtain Wake-on-LAN settings per-port, this
708 function may for certain implementations also query the master network device
709 Wake-on-LAN settings if this interface needs to participate in Wake-on-LAN
710
711- ``set_wol``: ethtool function used to configure Wake-on-LAN settings per-port,
712 direct counterpart to set_wol with similar restrictions
713
714- ``set_eee``: ethtool function which is used to configure a switch port EEE (Green
715 Ethernet) settings, can optionally invoke the PHY library to enable EEE at the
716 PHY level if relevant. This function should enable EEE at the switch port MAC
717 controller and data-processing logic
718
719- ``get_eee``: ethtool function which is used to query a switch port EEE settings,
720 this function should return the EEE state of the switch port MAC controller
721 and data-processing logic as well as query the PHY for its currently configured
722 EEE settings
723
724- ``get_eeprom_len``: ethtool function returning for a given switch the EEPROM
725 length/size in bytes
726
727- ``get_eeprom``: ethtool function returning for a given switch the EEPROM contents
728
729- ``set_eeprom``: ethtool function writing specified data to a given switch EEPROM
730
731- ``get_regs_len``: ethtool function returning the register length for a given
732 switch
733
734- ``get_regs``: ethtool function returning the Ethernet switch internal register
735 contents. This function might require user-land code in ethtool to
736 pretty-print register values and registers
737
738Power management
739----------------
740
741- ``suspend``: function invoked by the DSA platform device when the system goes to
742 suspend, should quiesce all Ethernet switch activities, but keep ports
743 participating in Wake-on-LAN active as well as additional wake-up logic if
744 supported
745
746- ``resume``: function invoked by the DSA platform device when the system resumes,
747 should resume all Ethernet switch activities and re-configure the switch to be
748 in a fully active state
749
750- ``port_enable``: function invoked by the DSA slave network device ndo_open
751 function when a port is administratively brought up, this function should
752 fully enable a given switch port. DSA takes care of marking the port with
753 ``BR_STATE_BLOCKING`` if the port is a bridge member, or ``BR_STATE_FORWARDING`` if it
754 was not, and propagating these changes down to the hardware
755
756- ``port_disable``: function invoked by the DSA slave network device ndo_close
757 function when a port is administratively brought down, this function should
758 fully disable a given switch port. DSA takes care of marking the port with
759 ``BR_STATE_DISABLED`` and propagating changes to the hardware if this port is
760 disabled while being a bridge member
761
762Address databases
763-----------------
764
765Switching hardware is expected to have a table for FDB entries, however not all
766of them are active at the same time. An address database is the subset (partition)
767of FDB entries that is active (can be matched by address learning on RX, or FDB
768lookup on TX) depending on the state of the port. An address database may
769occasionally be called "FID" (Filtering ID) in this document, although the
770underlying implementation may choose whatever is available to the hardware.
771
772For example, all ports that belong to a VLAN-unaware bridge (which is
773*currently* VLAN-unaware) are expected to learn source addresses in the
774database associated by the driver with that bridge (and not with other
775VLAN-unaware bridges). During forwarding and FDB lookup, a packet received on a
776VLAN-unaware bridge port should be able to find a VLAN-unaware FDB entry having
777the same MAC DA as the packet, which is present on another port member of the
778same bridge. At the same time, the FDB lookup process must be able to not find
779an FDB entry having the same MAC DA as the packet, if that entry points towards
780a port which is a member of a different VLAN-unaware bridge (and is therefore
781associated with a different address database).
782
783Similarly, each VLAN of each offloaded VLAN-aware bridge should have an
784associated address database, which is shared by all ports which are members of
785that VLAN, but not shared by ports belonging to different bridges that are
786members of the same VID.
787
788In this context, a VLAN-unaware database means that all packets are expected to
789match on it irrespective of VLAN ID (only MAC address lookup), whereas a
790VLAN-aware database means that packets are supposed to match based on the VLAN
791ID from the classified 802.1Q header (or the pvid if untagged).
792
793At the bridge layer, VLAN-unaware FDB entries have the special VID value of 0,
794whereas VLAN-aware FDB entries have non-zero VID values. Note that a
795VLAN-unaware bridge may have VLAN-aware (non-zero VID) FDB entries, and a
796VLAN-aware bridge may have VLAN-unaware FDB entries. As in hardware, the
797software bridge keeps separate address databases, and offloads to hardware the
798FDB entries belonging to these databases, through switchdev, asynchronously
799relative to the moment when the databases become active or inactive.
800
801When a user port operates in standalone mode, its driver should configure it to
802use a separate database called a port private database. This is different from
803the databases described above, and should impede operation as standalone port
804(packet in, packet out to the CPU port) as little as possible. For example,
805on ingress, it should not attempt to learn the MAC SA of ingress traffic, since
806learning is a bridging layer service and this is a standalone port, therefore
807it would consume useless space. With no address learning, the port private
808database should be empty in a naive implementation, and in this case, all
809received packets should be trivially flooded to the CPU port.
810
811DSA (cascade) and CPU ports are also called "shared" ports because they service
812multiple address databases, and the database that a packet should be associated
813to is usually embedded in the DSA tag. This means that the CPU port may
814simultaneously transport packets coming from a standalone port (which were
815classified by hardware in one address database), and from a bridge port (which
816were classified to a different address database).
817
818Switch drivers which satisfy certain criteria are able to optimize the naive
819configuration by removing the CPU port from the flooding domain of the switch,
820and just program the hardware with FDB entries pointing towards the CPU port
821for which it is known that software is interested in those MAC addresses.
822Packets which do not match a known FDB entry will not be delivered to the CPU,
823which will save CPU cycles required for creating an skb just to drop it.
824
825DSA is able to perform host address filtering for the following kinds of
826addresses:
827
828- Primary unicast MAC addresses of ports (``dev->dev_addr``). These are
829 associated with the port private database of the respective user port,
830 and the driver is notified to install them through ``port_fdb_add`` towards
831 the CPU port.
832
833- Secondary unicast and multicast MAC addresses of ports (addresses added
834 through ``dev_uc_add()`` and ``dev_mc_add()``). These are also associated
835 with the port private database of the respective user port.
836
837- Local/permanent bridge FDB entries (``BR_FDB_LOCAL``). These are the MAC
838 addresses of the bridge ports, for which packets must be terminated locally
839 and not forwarded. They are associated with the address database for that
840 bridge.
841
842- Static bridge FDB entries installed towards foreign (non-DSA) interfaces
843 present in the same bridge as some DSA switch ports. These are also
844 associated with the address database for that bridge.
845
846- Dynamically learned FDB entries on foreign interfaces present in the same
847 bridge as some DSA switch ports, only if ``ds->assisted_learning_on_cpu_port``
848 is set to true by the driver. These are associated with the address database
849 for that bridge.
850
851For various operations detailed below, DSA provides a ``dsa_db`` structure
852which can be of the following types:
853
854- ``DSA_DB_PORT``: the FDB (or MDB) entry to be installed or deleted belongs to
855 the port private database of user port ``db->dp``.
856- ``DSA_DB_BRIDGE``: the entry belongs to one of the address databases of bridge
857 ``db->bridge``. Separation between the VLAN-unaware database and the per-VID
858 databases of this bridge is expected to be done by the driver.
859- ``DSA_DB_LAG``: the entry belongs to the address database of LAG ``db->lag``.
860 Note: ``DSA_DB_LAG`` is currently unused and may be removed in the future.
861
862The drivers which act upon the ``dsa_db`` argument in ``port_fdb_add``,
863``port_mdb_add`` etc should declare ``ds->fdb_isolation`` as true.
864
865DSA associates each offloaded bridge and each offloaded LAG with a one-based ID
866(``struct dsa_bridge :: num``, ``struct dsa_lag :: id``) for the purposes of
867refcounting addresses on shared ports. Drivers may piggyback on DSA's numbering
868scheme (the ID is readable through ``db->bridge.num`` and ``db->lag.id`` or may
869implement their own.
870
871Only the drivers which declare support for FDB isolation are notified of FDB
872entries on the CPU port belonging to ``DSA_DB_PORT`` databases.
873For compatibility/legacy reasons, ``DSA_DB_BRIDGE`` addresses are notified to
874drivers even if they do not support FDB isolation. However, ``db->bridge.num``
875and ``db->lag.id`` are always set to 0 in that case (to denote the lack of
876isolation, for refcounting purposes).
877
878Note that it is not mandatory for a switch driver to implement physically
879separate address databases for each standalone user port. Since FDB entries in
880the port private databases will always point to the CPU port, there is no risk
881for incorrect forwarding decisions. In this case, all standalone ports may
882share the same database, but the reference counting of host-filtered addresses
883(not deleting the FDB entry for a port's MAC address if it's still in use by
884another port) becomes the responsibility of the driver, because DSA is unaware
885that the port databases are in fact shared. This can be achieved by calling
886``dsa_fdb_present_in_other_db()`` and ``dsa_mdb_present_in_other_db()``.
887The down side is that the RX filtering lists of each user port are in fact
888shared, which means that user port A may accept a packet with a MAC DA it
889shouldn't have, only because that MAC address was in the RX filtering list of
890user port B. These packets will still be dropped in software, however.
891
892Bridge layer
893------------
894
895Offloading the bridge forwarding plane is optional and handled by the methods
896below. They may be absent, return -EOPNOTSUPP, or ``ds->max_num_bridges`` may
897be non-zero and exceeded, and in this case, joining a bridge port is still
898possible, but the packet forwarding will take place in software, and the ports
899under a software bridge must remain configured in the same way as for
900standalone operation, i.e. have all bridging service functions (address
901learning etc) disabled, and send all received packets to the CPU port only.
902
903Concretely, a port starts offloading the forwarding plane of a bridge once it
904returns success to the ``port_bridge_join`` method, and stops doing so after
905``port_bridge_leave`` has been called. Offloading the bridge means autonomously
906learning FDB entries in accordance with the software bridge port's state, and
907autonomously forwarding (or flooding) received packets without CPU intervention.
908This is optional even when offloading a bridge port. Tagging protocol drivers
909are expected to call ``dsa_default_offload_fwd_mark(skb)`` for packets which
910have already been autonomously forwarded in the forwarding domain of the
911ingress switch port. DSA, through ``dsa_port_devlink_setup()``, considers all
912switch ports part of the same tree ID to be part of the same bridge forwarding
913domain (capable of autonomous forwarding to each other).
914
915Offloading the TX forwarding process of a bridge is a distinct concept from
916simply offloading its forwarding plane, and refers to the ability of certain
917driver and tag protocol combinations to transmit a single skb coming from the
918bridge device's transmit function to potentially multiple egress ports (and
919thereby avoid its cloning in software).
920
921Packets for which the bridge requests this behavior are called data plane
922packets and have ``skb->offload_fwd_mark`` set to true in the tag protocol
923driver's ``xmit`` function. Data plane packets are subject to FDB lookup,
924hardware learning on the CPU port, and do not override the port STP state.
925Additionally, replication of data plane packets (multicast, flooding) is
926handled in hardware and the bridge driver will transmit a single skb for each
927packet that may or may not need replication.
928
929When the TX forwarding offload is enabled, the tag protocol driver is
930responsible to inject packets into the data plane of the hardware towards the
931correct bridging domain (FID) that the port is a part of. The port may be
932VLAN-unaware, and in this case the FID must be equal to the FID used by the
933driver for its VLAN-unaware address database associated with that bridge.
934Alternatively, the bridge may be VLAN-aware, and in that case, it is guaranteed
935that the packet is also VLAN-tagged with the VLAN ID that the bridge processed
936this packet in. It is the responsibility of the hardware to untag the VID on
937the egress-untagged ports, or keep the tag on the egress-tagged ones.
938
939- ``port_bridge_join``: bridge layer function invoked when a given switch port is
940 added to a bridge, this function should do what's necessary at the switch
941 level to permit the joining port to be added to the relevant logical
942 domain for it to ingress/egress traffic with other members of the bridge.
943 By setting the ``tx_fwd_offload`` argument to true, the TX forwarding process
944 of this bridge is also offloaded.
945
946- ``port_bridge_leave``: bridge layer function invoked when a given switch port is
947 removed from a bridge, this function should do what's necessary at the
948 switch level to deny the leaving port from ingress/egress traffic from the
949 remaining bridge members.
950
951- ``port_stp_state_set``: bridge layer function invoked when a given switch port STP
952 state is computed by the bridge layer and should be propagated to switch
953 hardware to forward/block/learn traffic.
954
955- ``port_bridge_flags``: bridge layer function invoked when a port must
956 configure its settings for e.g. flooding of unknown traffic or source address
957 learning. The switch driver is responsible for initial setup of the
958 standalone ports with address learning disabled and egress flooding of all
959 types of traffic, then the DSA core notifies of any change to the bridge port
960 flags when the port joins and leaves a bridge. DSA does not currently manage
961 the bridge port flags for the CPU port. The assumption is that address
962 learning should be statically enabled (if supported by the hardware) on the
963 CPU port, and flooding towards the CPU port should also be enabled, due to a
964 lack of an explicit address filtering mechanism in the DSA core.
965
966- ``port_fast_age``: bridge layer function invoked when flushing the
967 dynamically learned FDB entries on the port is necessary. This is called when
968 transitioning from an STP state where learning should take place to an STP
969 state where it shouldn't, or when leaving a bridge, or when address learning
970 is turned off via ``port_bridge_flags``.
971
972Bridge VLAN filtering
973---------------------
974
975- ``port_vlan_filtering``: bridge layer function invoked when the bridge gets
976 configured for turning on or off VLAN filtering. If nothing specific needs to
977 be done at the hardware level, this callback does not need to be implemented.
978 When VLAN filtering is turned on, the hardware must be programmed with
979 rejecting 802.1Q frames which have VLAN IDs outside of the programmed allowed
980 VLAN ID map/rules. If there is no PVID programmed into the switch port,
981 untagged frames must be rejected as well. When turned off the switch must
982 accept any 802.1Q frames irrespective of their VLAN ID, and untagged frames are
983 allowed.
984
985- ``port_vlan_add``: bridge layer function invoked when a VLAN is configured
986 (tagged or untagged) for the given switch port. The CPU port becomes a member
987 of a VLAN only if a foreign bridge port is also a member of it (and
988 forwarding needs to take place in software), or the VLAN is installed to the
989 VLAN group of the bridge device itself, for termination purposes
990 (``bridge vlan add dev br0 vid 100 self``). VLANs on shared ports are
991 reference counted and removed when there is no user left. Drivers do not need
992 to manually install a VLAN on the CPU port.
993
994- ``port_vlan_del``: bridge layer function invoked when a VLAN is removed from the
995 given switch port
996
997- ``port_fdb_add``: bridge layer function invoked when the bridge wants to install a
998 Forwarding Database entry, the switch hardware should be programmed with the
999 specified address in the specified VLAN Id in the forwarding database
1000 associated with this VLAN ID.
1001
1002- ``port_fdb_del``: bridge layer function invoked when the bridge wants to remove a
1003 Forwarding Database entry, the switch hardware should be programmed to delete
1004 the specified MAC address from the specified VLAN ID if it was mapped into
1005 this port forwarding database
1006
1007- ``port_fdb_dump``: bridge bypass function invoked by ``ndo_fdb_dump`` on the
1008 physical DSA port interfaces. Since DSA does not attempt to keep in sync its
1009 hardware FDB entries with the software bridge, this method is implemented as
1010 a means to view the entries visible on user ports in the hardware database.
1011 The entries reported by this function have the ``self`` flag in the output of
1012 the ``bridge fdb show`` command.
1013
1014- ``port_mdb_add``: bridge layer function invoked when the bridge wants to install
1015 a multicast database entry. The switch hardware should be programmed with the
1016 specified address in the specified VLAN ID in the forwarding database
1017 associated with this VLAN ID.
1018
1019- ``port_mdb_del``: bridge layer function invoked when the bridge wants to remove a
1020 multicast database entry, the switch hardware should be programmed to delete
1021 the specified MAC address from the specified VLAN ID if it was mapped into
1022 this port forwarding database.
1023
1024Link aggregation
1025----------------
1026
1027Link aggregation is implemented in the Linux networking stack by the bonding
1028and team drivers, which are modeled as virtual, stackable network interfaces.
1029DSA is capable of offloading a link aggregation group (LAG) to hardware that
1030supports the feature, and supports bridging between physical ports and LAGs,
1031as well as between LAGs. A bonding/team interface which holds multiple physical
1032ports constitutes a logical port, although DSA has no explicit concept of a
1033logical port at the moment. Due to this, events where a LAG joins/leaves a
1034bridge are treated as if all individual physical ports that are members of that
1035LAG join/leave the bridge. Switchdev port attributes (VLAN filtering, STP
1036state, etc) and objects (VLANs, MDB entries) offloaded to a LAG as bridge port
1037are treated similarly: DSA offloads the same switchdev object / port attribute
1038on all members of the LAG. Static bridge FDB entries on a LAG are not yet
1039supported, since the DSA driver API does not have the concept of a logical port
1040ID.
1041
1042- ``port_lag_join``: function invoked when a given switch port is added to a
1043 LAG. The driver may return ``-EOPNOTSUPP``, and in this case, DSA will fall
1044 back to a software implementation where all traffic from this port is sent to
1045 the CPU.
1046- ``port_lag_leave``: function invoked when a given switch port leaves a LAG
1047 and returns to operation as a standalone port.
1048- ``port_lag_change``: function invoked when the link state of any member of
1049 the LAG changes, and the hashing function needs rebalancing to only make use
1050 of the subset of physical LAG member ports that are up.
1051
1052Drivers that benefit from having an ID associated with each offloaded LAG
1053can optionally populate ``ds->num_lag_ids`` from the ``dsa_switch_ops::setup``
1054method. The LAG ID associated with a bonding/team interface can then be
1055retrieved by a DSA switch driver using the ``dsa_lag_id`` function.
1056
1057IEC 62439-2 (MRP)
1058-----------------
1059
1060The Media Redundancy Protocol is a topology management protocol optimized for
1061fast fault recovery time for ring networks, which has some components
1062implemented as a function of the bridge driver. MRP uses management PDUs
1063(Test, Topology, LinkDown/Up, Option) sent at a multicast destination MAC
1064address range of 01:15:4e:00:00:0x and with an EtherType of 0x88e3.
1065Depending on the node's role in the ring (MRM: Media Redundancy Manager,
1066MRC: Media Redundancy Client, MRA: Media Redundancy Automanager), certain MRP
1067PDUs might need to be terminated locally and others might need to be forwarded.
1068An MRM might also benefit from offloading to hardware the creation and
1069transmission of certain MRP PDUs (Test).
1070
1071Normally an MRP instance can be created on top of any network interface,
1072however in the case of a device with an offloaded data path such as DSA, it is
1073necessary for the hardware, even if it is not MRP-aware, to be able to extract
1074the MRP PDUs from the fabric before the driver can proceed with the software
1075implementation. DSA today has no driver which is MRP-aware, therefore it only
1076listens for the bare minimum switchdev objects required for the software assist
1077to work properly. The operations are detailed below.
1078
1079- ``port_mrp_add`` and ``port_mrp_del``: notifies driver when an MRP instance
1080 with a certain ring ID, priority, primary port and secondary port is
1081 created/deleted.
1082- ``port_mrp_add_ring_role`` and ``port_mrp_del_ring_role``: function invoked
1083 when an MRP instance changes ring roles between MRM or MRC. This affects
1084 which MRP PDUs should be trapped to software and which should be autonomously
1085 forwarded.
1086
1087IEC 62439-3 (HSR/PRP)
1088---------------------
1089
1090The Parallel Redundancy Protocol (PRP) is a network redundancy protocol which
1091works by duplicating and sequence numbering packets through two independent L2
1092networks (which are unaware of the PRP tail tags carried in the packets), and
1093eliminating the duplicates at the receiver. The High-availability Seamless
1094Redundancy (HSR) protocol is similar in concept, except all nodes that carry
1095the redundant traffic are aware of the fact that it is HSR-tagged (because HSR
1096uses a header with an EtherType of 0x892f) and are physically connected in a
1097ring topology. Both HSR and PRP use supervision frames for monitoring the
1098health of the network and for discovery of other nodes.
1099
1100In Linux, both HSR and PRP are implemented in the hsr driver, which
1101instantiates a virtual, stackable network interface with two member ports.
1102The driver only implements the basic roles of DANH (Doubly Attached Node
1103implementing HSR) and DANP (Doubly Attached Node implementing PRP); the roles
1104of RedBox and QuadBox are not implemented (therefore, bridging a hsr network
1105interface with a physical switch port does not produce the expected result).
1106
1107A driver which is able of offloading certain functions of a DANP or DANH should
1108declare the corresponding netdev features as indicated by the documentation at
1109``Documentation/networking/netdev-features.rst``. Additionally, the following
1110methods must be implemented:
1111
1112- ``port_hsr_join``: function invoked when a given switch port is added to a
1113 DANP/DANH. The driver may return ``-EOPNOTSUPP`` and in this case, DSA will
1114 fall back to a software implementation where all traffic from this port is
1115 sent to the CPU.
1116- ``port_hsr_leave``: function invoked when a given switch port leaves a
1117 DANP/DANH and returns to normal operation as a standalone port.
1118
1119TODO
1120====
1121
1122Making SWITCHDEV and DSA converge towards an unified codebase
1123-------------------------------------------------------------
1124
1125SWITCHDEV properly takes care of abstracting the networking stack with offload
1126capable hardware, but does not enforce a strict switch device driver model. On
1127the other DSA enforces a fairly strict device driver model, and deals with most
1128of the switch specific. At some point we should envision a merger between these
1129two subsystems and get the best of both worlds.
1============
2Architecture
3============
4
5This document describes the **Distributed Switch Architecture (DSA)** subsystem
6design principles, limitations, interactions with other subsystems, and how to
7develop drivers for this subsystem as well as a TODO for developers interested
8in joining the effort.
9
10Design principles
11=================
12
13The Distributed Switch Architecture subsystem was primarily designed to
14support Marvell Ethernet switches (MV88E6xxx, a.k.a. Link Street product
15line) using Linux, but has since evolved to support other vendors as well.
16
17The original philosophy behind this design was to be able to use unmodified
18Linux tools such as bridge, iproute2, ifconfig to work transparently whether
19they configured/queried a switch port network device or a regular network
20device.
21
22An Ethernet switch typically comprises multiple front-panel ports and one
23or more CPU or management ports. The DSA subsystem currently relies on the
24presence of a management port connected to an Ethernet controller capable of
25receiving Ethernet frames from the switch. This is a very common setup for all
26kinds of Ethernet switches found in Small Home and Office products: routers,
27gateways, or even top-of-rack switches. This host Ethernet controller will
28be later referred to as "conduit" and "cpu" in DSA terminology and code.
29
30The D in DSA stands for Distributed, because the subsystem has been designed
31with the ability to configure and manage cascaded switches on top of each other
32using upstream and downstream Ethernet links between switches. These specific
33ports are referred to as "dsa" ports in DSA terminology and code. A collection
34of multiple switches connected to each other is called a "switch tree".
35
36For each front-panel port, DSA creates specialized network devices which are
37used as controlling and data-flowing endpoints for use by the Linux networking
38stack. These specialized network interfaces are referred to as "user" network
39interfaces in DSA terminology and code.
40
41The ideal case for using DSA is when an Ethernet switch supports a "switch tag"
42which is a hardware feature making the switch insert a specific tag for each
43Ethernet frame it receives to/from specific ports to help the management
44interface figure out:
45
46- what port is this frame coming from
47- what was the reason why this frame got forwarded
48- how to send CPU originated traffic to specific ports
49
50The subsystem does support switches not capable of inserting/stripping tags, but
51the features might be slightly limited in that case (traffic separation relies
52on Port-based VLAN IDs).
53
54Note that DSA does not currently create network interfaces for the "cpu" and
55"dsa" ports because:
56
57- the "cpu" port is the Ethernet switch facing side of the management
58 controller, and as such, would create a duplication of feature, since you
59 would get two interfaces for the same conduit: conduit netdev, and "cpu" netdev
60
61- the "dsa" port(s) are just conduits between two or more switches, and as such
62 cannot really be used as proper network interfaces either, only the
63 downstream, or the top-most upstream interface makes sense with that model
64
65NB: for the past 15 years, the DSA subsystem had been making use of the terms
66"master" (rather than "conduit") and "slave" (rather than "user"). These terms
67have been removed from the DSA codebase and phased out of the uAPI.
68
69Switch tagging protocols
70------------------------
71
72DSA supports many vendor-specific tagging protocols, one software-defined
73tagging protocol, and a tag-less mode as well (``DSA_TAG_PROTO_NONE``).
74
75The exact format of the tag protocol is vendor specific, but in general, they
76all contain something which:
77
78- identifies which port the Ethernet frame came from/should be sent to
79- provides a reason why this frame was forwarded to the management interface
80
81All tagging protocols are in ``net/dsa/tag_*.c`` files and implement the
82methods of the ``struct dsa_device_ops`` structure, which are detailed below.
83
84Tagging protocols generally fall in one of three categories:
85
861. The switch-specific frame header is located before the Ethernet header,
87 shifting to the right (from the perspective of the DSA conduit's frame
88 parser) the MAC DA, MAC SA, EtherType and the entire L2 payload.
892. The switch-specific frame header is located before the EtherType, keeping
90 the MAC DA and MAC SA in place from the DSA conduit's perspective, but
91 shifting the 'real' EtherType and L2 payload to the right.
923. The switch-specific frame header is located at the tail of the packet,
93 keeping all frame headers in place and not altering the view of the packet
94 that the DSA conduit's frame parser has.
95
96A tagging protocol may tag all packets with switch tags of the same length, or
97the tag length might vary (for example packets with PTP timestamps might
98require an extended switch tag, or there might be one tag length on TX and a
99different one on RX). Either way, the tagging protocol driver must populate the
100``struct dsa_device_ops::needed_headroom`` and/or ``struct dsa_device_ops::needed_tailroom``
101with the length in octets of the longest switch frame header/trailer. The DSA
102framework will automatically adjust the MTU of the conduit interface to
103accommodate for this extra size in order for DSA user ports to support the
104standard MTU (L2 payload length) of 1500 octets. The ``needed_headroom`` and
105``needed_tailroom`` properties are also used to request from the network stack,
106on a best-effort basis, the allocation of packets with enough extra space such
107that the act of pushing the switch tag on transmission of a packet does not
108cause it to reallocate due to lack of memory.
109
110Even though applications are not expected to parse DSA-specific frame headers,
111the format on the wire of the tagging protocol represents an Application Binary
112Interface exposed by the kernel towards user space, for decoders such as
113``libpcap``. The tagging protocol driver must populate the ``proto`` member of
114``struct dsa_device_ops`` with a value that uniquely describes the
115characteristics of the interaction required between the switch hardware and the
116data path driver: the offset of each bit field within the frame header and any
117stateful processing required to deal with the frames (as may be required for
118PTP timestamping).
119
120From the perspective of the network stack, all switches within the same DSA
121switch tree use the same tagging protocol. In case of a packet transiting a
122fabric with more than one switch, the switch-specific frame header is inserted
123by the first switch in the fabric that the packet was received on. This header
124typically contains information regarding its type (whether it is a control
125frame that must be trapped to the CPU, or a data frame to be forwarded).
126Control frames should be decapsulated only by the software data path, whereas
127data frames might also be autonomously forwarded towards other user ports of
128other switches from the same fabric, and in this case, the outermost switch
129ports must decapsulate the packet.
130
131Note that in certain cases, it might be the case that the tagging format used
132by a leaf switch (not connected directly to the CPU) is not the same as what
133the network stack sees. This can be seen with Marvell switch trees, where the
134CPU port can be configured to use either the DSA or the Ethertype DSA (EDSA)
135format, but the DSA links are configured to use the shorter (without Ethertype)
136DSA frame header, in order to reduce the autonomous packet forwarding overhead.
137It still remains the case that, if the DSA switch tree is configured for the
138EDSA tagging protocol, the operating system sees EDSA-tagged packets from the
139leaf switches that tagged them with the shorter DSA header. This can be done
140because the Marvell switch connected directly to the CPU is configured to
141perform tag translation between DSA and EDSA (which is simply the operation of
142adding or removing the ``ETH_P_EDSA`` EtherType and some padding octets).
143
144It is possible to construct cascaded setups of DSA switches even if their
145tagging protocols are not compatible with one another. In this case, there are
146no DSA links in this fabric, and each switch constitutes a disjoint DSA switch
147tree. The DSA links are viewed as simply a pair of a DSA conduit (the out-facing
148port of the upstream DSA switch) and a CPU port (the in-facing port of the
149downstream DSA switch).
150
151The tagging protocol of the attached DSA switch tree can be viewed through the
152``dsa/tagging`` sysfs attribute of the DSA conduit::
153
154 cat /sys/class/net/eth0/dsa/tagging
155
156If the hardware and driver are capable, the tagging protocol of the DSA switch
157tree can be changed at runtime. This is done by writing the new tagging
158protocol name to the same sysfs device attribute as above (the DSA conduit and
159all attached switch ports must be down while doing this).
160
161It is desirable that all tagging protocols are testable with the ``dsa_loop``
162mockup driver, which can be attached to any network interface. The goal is that
163any network interface should be capable of transmitting the same packet in the
164same way, and the tagger should decode the same received packet in the same way
165regardless of the driver used for the switch control path, and the driver used
166for the DSA conduit.
167
168The transmission of a packet goes through the tagger's ``xmit`` function.
169The passed ``struct sk_buff *skb`` has ``skb->data`` pointing at
170``skb_mac_header(skb)``, i.e. at the destination MAC address, and the passed
171``struct net_device *dev`` represents the virtual DSA user network interface
172whose hardware counterpart the packet must be steered to (i.e. ``swp0``).
173The job of this method is to prepare the skb in a way that the switch will
174understand what egress port the packet is for (and not deliver it towards other
175ports). Typically this is fulfilled by pushing a frame header. Checking for
176insufficient size in the skb headroom or tailroom is unnecessary provided that
177the ``needed_headroom`` and ``needed_tailroom`` properties were filled out
178properly, because DSA ensures there is enough space before calling this method.
179
180The reception of a packet goes through the tagger's ``rcv`` function. The
181passed ``struct sk_buff *skb`` has ``skb->data`` pointing at
182``skb_mac_header(skb) + ETH_ALEN`` octets, i.e. to where the first octet after
183the EtherType would have been, were this frame not tagged. The role of this
184method is to consume the frame header, adjust ``skb->data`` to really point at
185the first octet after the EtherType, and to change ``skb->dev`` to point to the
186virtual DSA user network interface corresponding to the physical front-facing
187switch port that the packet was received on.
188
189Since tagging protocols in category 1 and 2 break software (and most often also
190hardware) packet dissection on the DSA conduit, features such as RPS (Receive
191Packet Steering) on the DSA conduit would be broken. The DSA framework deals
192with this by hooking into the flow dissector and shifting the offset at which
193the IP header is to be found in the tagged frame as seen by the DSA conduit.
194This behavior is automatic based on the ``overhead`` value of the tagging
195protocol. If not all packets are of equal size, the tagger can implement the
196``flow_dissect`` method of the ``struct dsa_device_ops`` and override this
197default behavior by specifying the correct offset incurred by each individual
198RX packet. Tail taggers do not cause issues to the flow dissector.
199
200Checksum offload should work with category 1 and 2 taggers when the DSA conduit
201driver declares NETIF_F_HW_CSUM in vlan_features and looks at csum_start and
202csum_offset. For those cases, DSA will shift the checksum start and offset by
203the tag size. If the DSA conduit driver still uses the legacy NETIF_F_IP_CSUM
204or NETIF_F_IPV6_CSUM in vlan_features, the offload might only work if the
205offload hardware already expects that specific tag (perhaps due to matching
206vendors). DSA user ports inherit those flags from the conduit, and it is up to
207the driver to correctly fall back to software checksum when the IP header is not
208where the hardware expects. If that check is ineffective, the packets might go
209to the network without a proper checksum (the checksum field will have the
210pseudo IP header sum). For category 3, when the offload hardware does not
211already expect the switch tag in use, the checksum must be calculated before any
212tag is inserted (i.e. inside the tagger). Otherwise, the DSA conduit would
213include the tail tag in the (software or hardware) checksum calculation. Then,
214when the tag gets stripped by the switch during transmission, it will leave an
215incorrect IP checksum in place.
216
217Due to various reasons (most common being category 1 taggers being associated
218with DSA-unaware conduits, mangling what the conduit perceives as MAC DA), the
219tagging protocol may require the DSA conduit to operate in promiscuous mode, to
220receive all frames regardless of the value of the MAC DA. This can be done by
221setting the ``promisc_on_conduit`` property of the ``struct dsa_device_ops``.
222Note that this assumes a DSA-unaware conduit driver, which is the norm.
223
224Conduit network devices
225-----------------------
226
227Conduit network devices are regular, unmodified Linux network device drivers for
228the CPU/management Ethernet interface. Such a driver might occasionally need to
229know whether DSA is enabled (e.g.: to enable/disable specific offload features),
230but the DSA subsystem has been proven to work with industry standard drivers:
231``e1000e,`` ``mv643xx_eth`` etc. without having to introduce modifications to these
232drivers. Such network devices are also often referred to as conduit network
233devices since they act as a pipe between the host processor and the hardware
234Ethernet switch.
235
236Networking stack hooks
237----------------------
238
239When a conduit netdev is used with DSA, a small hook is placed in the
240networking stack is in order to have the DSA subsystem process the Ethernet
241switch specific tagging protocol. DSA accomplishes this by registering a
242specific (and fake) Ethernet type (later becoming ``skb->protocol``) with the
243networking stack, this is also known as a ``ptype`` or ``packet_type``. A typical
244Ethernet Frame receive sequence looks like this:
245
246Conduit network device (e.g.: e1000e):
247
2481. Receive interrupt fires:
249
250 - receive function is invoked
251 - basic packet processing is done: getting length, status etc.
252 - packet is prepared to be processed by the Ethernet layer by calling
253 ``eth_type_trans``
254
2552. net/ethernet/eth.c::
256
257 eth_type_trans(skb, dev)
258 if (dev->dsa_ptr != NULL)
259 -> skb->protocol = ETH_P_XDSA
260
2613. drivers/net/ethernet/\*::
262
263 netif_receive_skb(skb)
264 -> iterate over registered packet_type
265 -> invoke handler for ETH_P_XDSA, calls dsa_switch_rcv()
266
2674. net/dsa/dsa.c::
268
269 -> dsa_switch_rcv()
270 -> invoke switch tag specific protocol handler in 'net/dsa/tag_*.c'
271
2725. net/dsa/tag_*.c:
273
274 - inspect and strip switch tag protocol to determine originating port
275 - locate per-port network device
276 - invoke ``eth_type_trans()`` with the DSA user network device
277 - invoked ``netif_receive_skb()``
278
279Past this point, the DSA user network devices get delivered regular Ethernet
280frames that can be processed by the networking stack.
281
282User network devices
283--------------------
284
285User network devices created by DSA are stacked on top of their conduit network
286device, each of these network interfaces will be responsible for being a
287controlling and data-flowing end-point for each front-panel port of the switch.
288These interfaces are specialized in order to:
289
290- insert/remove the switch tag protocol (if it exists) when sending traffic
291 to/from specific switch ports
292- query the switch for ethtool operations: statistics, link state,
293 Wake-on-LAN, register dumps...
294- manage external/internal PHY: link, auto-negotiation, etc.
295
296These user network devices have custom net_device_ops and ethtool_ops function
297pointers which allow DSA to introduce a level of layering between the networking
298stack/ethtool and the switch driver implementation.
299
300Upon frame transmission from these user network devices, DSA will look up which
301switch tagging protocol is currently registered with these network devices and
302invoke a specific transmit routine which takes care of adding the relevant
303switch tag in the Ethernet frames.
304
305These frames are then queued for transmission using the conduit network device
306``ndo_start_xmit()`` function. Since they contain the appropriate switch tag, the
307Ethernet switch will be able to process these incoming frames from the
308management interface and deliver them to the physical switch port.
309
310When using multiple CPU ports, it is possible to stack a LAG (bonding/team)
311device between the DSA user devices and the physical DSA conduits. The LAG
312device is thus also a DSA conduit, but the LAG slave devices continue to be DSA
313conduits as well (just with no user port assigned to them; this is needed for
314recovery in case the LAG DSA conduit disappears). Thus, the data path of the LAG
315DSA conduit is used asymmetrically. On RX, the ``ETH_P_XDSA`` handler, which
316calls ``dsa_switch_rcv()``, is invoked early (on the physical DSA conduit;
317LAG slave). Therefore, the RX data path of the LAG DSA conduit is not used.
318On the other hand, TX takes place linearly: ``dsa_user_xmit`` calls
319``dsa_enqueue_skb``, which calls ``dev_queue_xmit`` towards the LAG DSA conduit.
320The latter calls ``dev_queue_xmit`` towards one physical DSA conduit or the
321other, and in both cases, the packet exits the system through a hardware path
322towards the switch.
323
324Graphical representation
325------------------------
326
327Summarized, this is basically how DSA looks like from a network device
328perspective::
329
330 Unaware application
331 opens and binds socket
332 | ^
333 | |
334 +-----------v--|--------------------+
335 |+------+ +------+ +------+ +------+|
336 || swp0 | | swp1 | | swp2 | | swp3 ||
337 |+------+-+------+-+------+-+------+|
338 | DSA switch driver |
339 +-----------------------------------+
340 | ^
341 Tag added by | | Tag consumed by
342 switch driver | | switch driver
343 v |
344 +-----------------------------------+
345 | Unmodified host interface driver | Software
346 --------+-----------------------------------+------------
347 | Host interface (eth0) | Hardware
348 +-----------------------------------+
349 | ^
350 Tag consumed by | | Tag added by
351 switch hardware | | switch hardware
352 v |
353 +-----------------------------------+
354 | Switch |
355 |+------+ +------+ +------+ +------+|
356 || swp0 | | swp1 | | swp2 | | swp3 ||
357 ++------+-+------+-+------+-+------++
358
359User MDIO bus
360-------------
361
362In order to be able to read to/from a switch PHY built into it, DSA creates an
363user MDIO bus which allows a specific switch driver to divert and intercept
364MDIO reads/writes towards specific PHY addresses. In most MDIO-connected
365switches, these functions would utilize direct or indirect PHY addressing mode
366to return standard MII registers from the switch builtin PHYs, allowing the PHY
367library and/or to return link status, link partner pages, auto-negotiation
368results, etc.
369
370For Ethernet switches which have both external and internal MDIO buses, the
371user MII bus can be utilized to mux/demux MDIO reads and writes towards either
372internal or external MDIO devices this switch might be connected to: internal
373PHYs, external PHYs, or even external switches.
374
375Data structures
376---------------
377
378DSA data structures are defined in ``include/net/dsa.h`` as well as
379``net/dsa/dsa_priv.h``:
380
381- ``dsa_chip_data``: platform data configuration for a given switch device,
382 this structure describes a switch device's parent device, its address, as
383 well as various properties of its ports: names/labels, and finally a routing
384 table indication (when cascading switches)
385
386- ``dsa_platform_data``: platform device configuration data which can reference
387 a collection of dsa_chip_data structures if multiple switches are cascaded,
388 the conduit network device this switch tree is attached to needs to be
389 referenced
390
391- ``dsa_switch_tree``: structure assigned to the conduit network device under
392 ``dsa_ptr``, this structure references a dsa_platform_data structure as well as
393 the tagging protocol supported by the switch tree, and which receive/transmit
394 function hooks should be invoked, information about the directly attached
395 switch is also provided: CPU port. Finally, a collection of dsa_switch are
396 referenced to address individual switches in the tree.
397
398- ``dsa_switch``: structure describing a switch device in the tree, referencing
399 a ``dsa_switch_tree`` as a backpointer, user network devices, conduit network
400 device, and a reference to the backing``dsa_switch_ops``
401
402- ``dsa_switch_ops``: structure referencing function pointers, see below for a
403 full description.
404
405Design limitations
406==================
407
408Lack of CPU/DSA network devices
409-------------------------------
410
411DSA does not currently create user network devices for the CPU or DSA ports, as
412described before. This might be an issue in the following cases:
413
414- inability to fetch switch CPU port statistics counters using ethtool, which
415 can make it harder to debug MDIO switch connected using xMII interfaces
416
417- inability to configure the CPU port link parameters based on the Ethernet
418 controller capabilities attached to it: http://patchwork.ozlabs.org/patch/509806/
419
420- inability to configure specific VLAN IDs / trunking VLANs between switches
421 when using a cascaded setup
422
423Common pitfalls using DSA setups
424--------------------------------
425
426Once a conduit network device is configured to use DSA (dev->dsa_ptr becomes
427non-NULL), and the switch behind it expects a tagging protocol, this network
428interface can only exclusively be used as a conduit interface. Sending packets
429directly through this interface (e.g.: opening a socket using this interface)
430will not make us go through the switch tagging protocol transmit function, so
431the Ethernet switch on the other end, expecting a tag will typically drop this
432frame.
433
434Interactions with other subsystems
435==================================
436
437DSA currently leverages the following subsystems:
438
439- MDIO/PHY library: ``drivers/net/phy/phy.c``, ``mdio_bus.c``
440- Switchdev:``net/switchdev/*``
441- Device Tree for various of_* functions
442- Devlink: ``net/core/devlink.c``
443
444MDIO/PHY library
445----------------
446
447User network devices exposed by DSA may or may not be interfacing with PHY
448devices (``struct phy_device`` as defined in ``include/linux/phy.h)``, but the DSA
449subsystem deals with all possible combinations:
450
451- internal PHY devices, built into the Ethernet switch hardware
452- external PHY devices, connected via an internal or external MDIO bus
453- internal PHY devices, connected via an internal MDIO bus
454- special, non-autonegotiated or non MDIO-managed PHY devices: SFPs, MoCA; a.k.a
455 fixed PHYs
456
457The PHY configuration is done by the ``dsa_user_phy_setup()`` function and the
458logic basically looks like this:
459
460- if Device Tree is used, the PHY device is looked up using the standard
461 "phy-handle" property, if found, this PHY device is created and registered
462 using ``of_phy_connect()``
463
464- if Device Tree is used and the PHY device is "fixed", that is, conforms to
465 the definition of a non-MDIO managed PHY as defined in
466 ``Documentation/devicetree/bindings/net/fixed-link.txt``, the PHY is registered
467 and connected transparently using the special fixed MDIO bus driver
468
469- finally, if the PHY is built into the switch, as is very common with
470 standalone switch packages, the PHY is probed using the user MII bus created
471 by DSA
472
473
474SWITCHDEV
475---------
476
477DSA directly utilizes SWITCHDEV when interfacing with the bridge layer, and
478more specifically with its VLAN filtering portion when configuring VLANs on top
479of per-port user network devices. As of today, the only SWITCHDEV objects
480supported by DSA are the FDB and VLAN objects.
481
482Devlink
483-------
484
485DSA registers one devlink device per physical switch in the fabric.
486For each devlink device, every physical port (i.e. user ports, CPU ports, DSA
487links or unused ports) is exposed as a devlink port.
488
489DSA drivers can make use of the following devlink features:
490
491- Regions: debugging feature which allows user space to dump driver-defined
492 areas of hardware information in a low-level, binary format. Both global
493 regions as well as per-port regions are supported. It is possible to export
494 devlink regions even for pieces of data that are already exposed in some way
495 to the standard iproute2 user space programs (ip-link, bridge), like address
496 tables and VLAN tables. For example, this might be useful if the tables
497 contain additional hardware-specific details which are not visible through
498 the iproute2 abstraction, or it might be useful to inspect these tables on
499 the non-user ports too, which are invisible to iproute2 because no network
500 interface is registered for them.
501- Params: a feature which enables user to configure certain low-level tunable
502 knobs pertaining to the device. Drivers may implement applicable generic
503 devlink params, or may add new device-specific devlink params.
504- Resources: a monitoring feature which enables users to see the degree of
505 utilization of certain hardware tables in the device, such as FDB, VLAN, etc.
506- Shared buffers: a QoS feature for adjusting and partitioning memory and frame
507 reservations per port and per traffic class, in the ingress and egress
508 directions, such that low-priority bulk traffic does not impede the
509 processing of high-priority critical traffic.
510
511For more details, consult ``Documentation/networking/devlink/``.
512
513Device Tree
514-----------
515
516DSA features a standardized binding which is documented in
517``Documentation/devicetree/bindings/net/dsa/dsa.txt``. PHY/MDIO library helper
518functions such as ``of_get_phy_mode()``, ``of_phy_connect()`` are also used to query
519per-port PHY specific details: interface connection, MDIO bus location, etc.
520
521Driver development
522==================
523
524DSA switch drivers need to implement a ``dsa_switch_ops`` structure which will
525contain the various members described below.
526
527Probing, registration and device lifetime
528-----------------------------------------
529
530DSA switches are regular ``device`` structures on buses (be they platform, SPI,
531I2C, MDIO or otherwise). The DSA framework is not involved in their probing
532with the device core.
533
534Switch registration from the perspective of a driver means passing a valid
535``struct dsa_switch`` pointer to ``dsa_register_switch()``, usually from the
536switch driver's probing function. The following members must be valid in the
537provided structure:
538
539- ``ds->dev``: will be used to parse the switch's OF node or platform data.
540
541- ``ds->num_ports``: will be used to create the port list for this switch, and
542 to validate the port indices provided in the OF node.
543
544- ``ds->ops``: a pointer to the ``dsa_switch_ops`` structure holding the DSA
545 method implementations.
546
547- ``ds->priv``: backpointer to a driver-private data structure which can be
548 retrieved in all further DSA method callbacks.
549
550In addition, the following flags in the ``dsa_switch`` structure may optionally
551be configured to obtain driver-specific behavior from the DSA core. Their
552behavior when set is documented through comments in ``include/net/dsa.h``.
553
554- ``ds->vlan_filtering_is_global``
555
556- ``ds->needs_standalone_vlan_filtering``
557
558- ``ds->configure_vlan_while_not_filtering``
559
560- ``ds->untag_bridge_pvid``
561
562- ``ds->assisted_learning_on_cpu_port``
563
564- ``ds->mtu_enforcement_ingress``
565
566- ``ds->fdb_isolation``
567
568Internally, DSA keeps an array of switch trees (group of switches) global to
569the kernel, and attaches a ``dsa_switch`` structure to a tree on registration.
570The tree ID to which the switch is attached is determined by the first u32
571number of the ``dsa,member`` property of the switch's OF node (0 if missing).
572The switch ID within the tree is determined by the second u32 number of the
573same OF property (0 if missing). Registering multiple switches with the same
574switch ID and tree ID is illegal and will cause an error. Using platform data,
575a single switch and a single switch tree is permitted.
576
577In case of a tree with multiple switches, probing takes place asymmetrically.
578The first N-1 callers of ``dsa_register_switch()`` only add their ports to the
579port list of the tree (``dst->ports``), each port having a backpointer to its
580associated switch (``dp->ds``). Then, these switches exit their
581``dsa_register_switch()`` call early, because ``dsa_tree_setup_routing_table()``
582has determined that the tree is not yet complete (not all ports referenced by
583DSA links are present in the tree's port list). The tree becomes complete when
584the last switch calls ``dsa_register_switch()``, and this triggers the effective
585continuation of initialization (including the call to ``ds->ops->setup()``) for
586all switches within that tree, all as part of the calling context of the last
587switch's probe function.
588
589The opposite of registration takes place when calling ``dsa_unregister_switch()``,
590which removes a switch's ports from the port list of the tree. The entire tree
591is torn down when the first switch unregisters.
592
593It is mandatory for DSA switch drivers to implement the ``shutdown()`` callback
594of their respective bus, and call ``dsa_switch_shutdown()`` from it (a minimal
595version of the full teardown performed by ``dsa_unregister_switch()``).
596The reason is that DSA keeps a reference on the conduit net device, and if the
597driver for the conduit device decides to unbind on shutdown, DSA's reference
598will block that operation from finalizing.
599
600Either ``dsa_switch_shutdown()`` or ``dsa_unregister_switch()`` must be called,
601but not both, and the device driver model permits the bus' ``remove()`` method
602to be called even if ``shutdown()`` was already called. Therefore, drivers are
603expected to implement a mutual exclusion method between ``remove()`` and
604``shutdown()`` by setting their drvdata to NULL after any of these has run, and
605checking whether the drvdata is NULL before proceeding to take any action.
606
607After ``dsa_switch_shutdown()`` or ``dsa_unregister_switch()`` was called, no
608further callbacks via the provided ``dsa_switch_ops`` may take place, and the
609driver may free the data structures associated with the ``dsa_switch``.
610
611Switch configuration
612--------------------
613
614- ``get_tag_protocol``: this is to indicate what kind of tagging protocol is
615 supported, should be a valid value from the ``dsa_tag_protocol`` enum.
616 The returned information does not have to be static; the driver is passed the
617 CPU port number, as well as the tagging protocol of a possibly stacked
618 upstream switch, in case there are hardware limitations in terms of supported
619 tag formats.
620
621- ``change_tag_protocol``: when the default tagging protocol has compatibility
622 problems with the conduit or other issues, the driver may support changing it
623 at runtime, either through a device tree property or through sysfs. In that
624 case, further calls to ``get_tag_protocol`` should report the protocol in
625 current use.
626
627- ``setup``: setup function for the switch, this function is responsible for setting
628 up the ``dsa_switch_ops`` private structure with all it needs: register maps,
629 interrupts, mutexes, locks, etc. This function is also expected to properly
630 configure the switch to separate all network interfaces from each other, that
631 is, they should be isolated by the switch hardware itself, typically by creating
632 a Port-based VLAN ID for each port and allowing only the CPU port and the
633 specific port to be in the forwarding vector. Ports that are unused by the
634 platform should be disabled. Past this function, the switch is expected to be
635 fully configured and ready to serve any kind of request. It is recommended
636 to issue a software reset of the switch during this setup function in order to
637 avoid relying on what a previous software agent such as a bootloader/firmware
638 may have previously configured. The method responsible for undoing any
639 applicable allocations or operations done here is ``teardown``.
640
641- ``port_setup`` and ``port_teardown``: methods for initialization and
642 destruction of per-port data structures. It is mandatory for some operations
643 such as registering and unregistering devlink port regions to be done from
644 these methods, otherwise they are optional. A port will be torn down only if
645 it has been previously set up. It is possible for a port to be set up during
646 probing only to be torn down immediately afterwards, for example in case its
647 PHY cannot be found. In this case, probing of the DSA switch continues
648 without that particular port.
649
650- ``port_change_conduit``: method through which the affinity (association used
651 for traffic termination purposes) between a user port and a CPU port can be
652 changed. By default all user ports from a tree are assigned to the first
653 available CPU port that makes sense for them (most of the times this means
654 the user ports of a tree are all assigned to the same CPU port, except for H
655 topologies as described in commit 2c0b03258b8b). The ``port`` argument
656 represents the index of the user port, and the ``conduit`` argument represents
657 the new DSA conduit ``net_device``. The CPU port associated with the new
658 conduit can be retrieved by looking at ``struct dsa_port *cpu_dp =
659 conduit->dsa_ptr``. Additionally, the conduit can also be a LAG device where
660 all the slave devices are physical DSA conduits. LAG DSA also have a
661 valid ``conduit->dsa_ptr`` pointer, however this is not unique, but rather a
662 duplicate of the first physical DSA conduit's (LAG slave) ``dsa_ptr``. In case
663 of a LAG DSA conduit, a further call to ``port_lag_join`` will be emitted
664 separately for the physical CPU ports associated with the physical DSA
665 conduits, requesting them to create a hardware LAG associated with the LAG
666 interface.
667
668PHY devices and link management
669-------------------------------
670
671- ``get_phy_flags``: Some switches are interfaced to various kinds of Ethernet PHYs,
672 if the PHY library PHY driver needs to know about information it cannot obtain
673 on its own (e.g.: coming from switch memory mapped registers), this function
674 should return a 32-bit bitmask of "flags" that is private between the switch
675 driver and the Ethernet PHY driver in ``drivers/net/phy/\*``.
676
677- ``phy_read``: Function invoked by the DSA user MDIO bus when attempting to read
678 the switch port MDIO registers. If unavailable, return 0xffff for each read.
679 For builtin switch Ethernet PHYs, this function should allow reading the link
680 status, auto-negotiation results, link partner pages, etc.
681
682- ``phy_write``: Function invoked by the DSA user MDIO bus when attempting to write
683 to the switch port MDIO registers. If unavailable return a negative error
684 code.
685
686- ``adjust_link``: Function invoked by the PHY library when a user network device
687 is attached to a PHY device. This function is responsible for appropriately
688 configuring the switch port link parameters: speed, duplex, pause based on
689 what the ``phy_device`` is providing.
690
691- ``fixed_link_update``: Function invoked by the PHY library, and specifically by
692 the fixed PHY driver asking the switch driver for link parameters that could
693 not be auto-negotiated, or obtained by reading the PHY registers through MDIO.
694 This is particularly useful for specific kinds of hardware such as QSGMII,
695 MoCA or other kinds of non-MDIO managed PHYs where out of band link
696 information is obtained
697
698Ethtool operations
699------------------
700
701- ``get_strings``: ethtool function used to query the driver's strings, will
702 typically return statistics strings, private flags strings, etc.
703
704- ``get_ethtool_stats``: ethtool function used to query per-port statistics and
705 return their values. DSA overlays user network devices general statistics:
706 RX/TX counters from the network device, with switch driver specific statistics
707 per port
708
709- ``get_sset_count``: ethtool function used to query the number of statistics items
710
711- ``get_wol``: ethtool function used to obtain Wake-on-LAN settings per-port, this
712 function may for certain implementations also query the conduit network device
713 Wake-on-LAN settings if this interface needs to participate in Wake-on-LAN
714
715- ``set_wol``: ethtool function used to configure Wake-on-LAN settings per-port,
716 direct counterpart to set_wol with similar restrictions
717
718- ``set_eee``: ethtool function which is used to configure a switch port EEE (Green
719 Ethernet) settings, can optionally invoke the PHY library to enable EEE at the
720 PHY level if relevant. This function should enable EEE at the switch port MAC
721 controller and data-processing logic
722
723- ``get_eee``: ethtool function which is used to query a switch port EEE settings,
724 this function should return the EEE state of the switch port MAC controller
725 and data-processing logic as well as query the PHY for its currently configured
726 EEE settings
727
728- ``get_eeprom_len``: ethtool function returning for a given switch the EEPROM
729 length/size in bytes
730
731- ``get_eeprom``: ethtool function returning for a given switch the EEPROM contents
732
733- ``set_eeprom``: ethtool function writing specified data to a given switch EEPROM
734
735- ``get_regs_len``: ethtool function returning the register length for a given
736 switch
737
738- ``get_regs``: ethtool function returning the Ethernet switch internal register
739 contents. This function might require user-land code in ethtool to
740 pretty-print register values and registers
741
742Power management
743----------------
744
745- ``suspend``: function invoked by the DSA platform device when the system goes to
746 suspend, should quiesce all Ethernet switch activities, but keep ports
747 participating in Wake-on-LAN active as well as additional wake-up logic if
748 supported
749
750- ``resume``: function invoked by the DSA platform device when the system resumes,
751 should resume all Ethernet switch activities and re-configure the switch to be
752 in a fully active state
753
754- ``port_enable``: function invoked by the DSA user network device ndo_open
755 function when a port is administratively brought up, this function should
756 fully enable a given switch port. DSA takes care of marking the port with
757 ``BR_STATE_BLOCKING`` if the port is a bridge member, or ``BR_STATE_FORWARDING`` if it
758 was not, and propagating these changes down to the hardware
759
760- ``port_disable``: function invoked by the DSA user network device ndo_close
761 function when a port is administratively brought down, this function should
762 fully disable a given switch port. DSA takes care of marking the port with
763 ``BR_STATE_DISABLED`` and propagating changes to the hardware if this port is
764 disabled while being a bridge member
765
766Address databases
767-----------------
768
769Switching hardware is expected to have a table for FDB entries, however not all
770of them are active at the same time. An address database is the subset (partition)
771of FDB entries that is active (can be matched by address learning on RX, or FDB
772lookup on TX) depending on the state of the port. An address database may
773occasionally be called "FID" (Filtering ID) in this document, although the
774underlying implementation may choose whatever is available to the hardware.
775
776For example, all ports that belong to a VLAN-unaware bridge (which is
777*currently* VLAN-unaware) are expected to learn source addresses in the
778database associated by the driver with that bridge (and not with other
779VLAN-unaware bridges). During forwarding and FDB lookup, a packet received on a
780VLAN-unaware bridge port should be able to find a VLAN-unaware FDB entry having
781the same MAC DA as the packet, which is present on another port member of the
782same bridge. At the same time, the FDB lookup process must be able to not find
783an FDB entry having the same MAC DA as the packet, if that entry points towards
784a port which is a member of a different VLAN-unaware bridge (and is therefore
785associated with a different address database).
786
787Similarly, each VLAN of each offloaded VLAN-aware bridge should have an
788associated address database, which is shared by all ports which are members of
789that VLAN, but not shared by ports belonging to different bridges that are
790members of the same VID.
791
792In this context, a VLAN-unaware database means that all packets are expected to
793match on it irrespective of VLAN ID (only MAC address lookup), whereas a
794VLAN-aware database means that packets are supposed to match based on the VLAN
795ID from the classified 802.1Q header (or the pvid if untagged).
796
797At the bridge layer, VLAN-unaware FDB entries have the special VID value of 0,
798whereas VLAN-aware FDB entries have non-zero VID values. Note that a
799VLAN-unaware bridge may have VLAN-aware (non-zero VID) FDB entries, and a
800VLAN-aware bridge may have VLAN-unaware FDB entries. As in hardware, the
801software bridge keeps separate address databases, and offloads to hardware the
802FDB entries belonging to these databases, through switchdev, asynchronously
803relative to the moment when the databases become active or inactive.
804
805When a user port operates in standalone mode, its driver should configure it to
806use a separate database called a port private database. This is different from
807the databases described above, and should impede operation as standalone port
808(packet in, packet out to the CPU port) as little as possible. For example,
809on ingress, it should not attempt to learn the MAC SA of ingress traffic, since
810learning is a bridging layer service and this is a standalone port, therefore
811it would consume useless space. With no address learning, the port private
812database should be empty in a naive implementation, and in this case, all
813received packets should be trivially flooded to the CPU port.
814
815DSA (cascade) and CPU ports are also called "shared" ports because they service
816multiple address databases, and the database that a packet should be associated
817to is usually embedded in the DSA tag. This means that the CPU port may
818simultaneously transport packets coming from a standalone port (which were
819classified by hardware in one address database), and from a bridge port (which
820were classified to a different address database).
821
822Switch drivers which satisfy certain criteria are able to optimize the naive
823configuration by removing the CPU port from the flooding domain of the switch,
824and just program the hardware with FDB entries pointing towards the CPU port
825for which it is known that software is interested in those MAC addresses.
826Packets which do not match a known FDB entry will not be delivered to the CPU,
827which will save CPU cycles required for creating an skb just to drop it.
828
829DSA is able to perform host address filtering for the following kinds of
830addresses:
831
832- Primary unicast MAC addresses of ports (``dev->dev_addr``). These are
833 associated with the port private database of the respective user port,
834 and the driver is notified to install them through ``port_fdb_add`` towards
835 the CPU port.
836
837- Secondary unicast and multicast MAC addresses of ports (addresses added
838 through ``dev_uc_add()`` and ``dev_mc_add()``). These are also associated
839 with the port private database of the respective user port.
840
841- Local/permanent bridge FDB entries (``BR_FDB_LOCAL``). These are the MAC
842 addresses of the bridge ports, for which packets must be terminated locally
843 and not forwarded. They are associated with the address database for that
844 bridge.
845
846- Static bridge FDB entries installed towards foreign (non-DSA) interfaces
847 present in the same bridge as some DSA switch ports. These are also
848 associated with the address database for that bridge.
849
850- Dynamically learned FDB entries on foreign interfaces present in the same
851 bridge as some DSA switch ports, only if ``ds->assisted_learning_on_cpu_port``
852 is set to true by the driver. These are associated with the address database
853 for that bridge.
854
855For various operations detailed below, DSA provides a ``dsa_db`` structure
856which can be of the following types:
857
858- ``DSA_DB_PORT``: the FDB (or MDB) entry to be installed or deleted belongs to
859 the port private database of user port ``db->dp``.
860- ``DSA_DB_BRIDGE``: the entry belongs to one of the address databases of bridge
861 ``db->bridge``. Separation between the VLAN-unaware database and the per-VID
862 databases of this bridge is expected to be done by the driver.
863- ``DSA_DB_LAG``: the entry belongs to the address database of LAG ``db->lag``.
864 Note: ``DSA_DB_LAG`` is currently unused and may be removed in the future.
865
866The drivers which act upon the ``dsa_db`` argument in ``port_fdb_add``,
867``port_mdb_add`` etc should declare ``ds->fdb_isolation`` as true.
868
869DSA associates each offloaded bridge and each offloaded LAG with a one-based ID
870(``struct dsa_bridge :: num``, ``struct dsa_lag :: id``) for the purposes of
871refcounting addresses on shared ports. Drivers may piggyback on DSA's numbering
872scheme (the ID is readable through ``db->bridge.num`` and ``db->lag.id`` or may
873implement their own.
874
875Only the drivers which declare support for FDB isolation are notified of FDB
876entries on the CPU port belonging to ``DSA_DB_PORT`` databases.
877For compatibility/legacy reasons, ``DSA_DB_BRIDGE`` addresses are notified to
878drivers even if they do not support FDB isolation. However, ``db->bridge.num``
879and ``db->lag.id`` are always set to 0 in that case (to denote the lack of
880isolation, for refcounting purposes).
881
882Note that it is not mandatory for a switch driver to implement physically
883separate address databases for each standalone user port. Since FDB entries in
884the port private databases will always point to the CPU port, there is no risk
885for incorrect forwarding decisions. In this case, all standalone ports may
886share the same database, but the reference counting of host-filtered addresses
887(not deleting the FDB entry for a port's MAC address if it's still in use by
888another port) becomes the responsibility of the driver, because DSA is unaware
889that the port databases are in fact shared. This can be achieved by calling
890``dsa_fdb_present_in_other_db()`` and ``dsa_mdb_present_in_other_db()``.
891The down side is that the RX filtering lists of each user port are in fact
892shared, which means that user port A may accept a packet with a MAC DA it
893shouldn't have, only because that MAC address was in the RX filtering list of
894user port B. These packets will still be dropped in software, however.
895
896Bridge layer
897------------
898
899Offloading the bridge forwarding plane is optional and handled by the methods
900below. They may be absent, return -EOPNOTSUPP, or ``ds->max_num_bridges`` may
901be non-zero and exceeded, and in this case, joining a bridge port is still
902possible, but the packet forwarding will take place in software, and the ports
903under a software bridge must remain configured in the same way as for
904standalone operation, i.e. have all bridging service functions (address
905learning etc) disabled, and send all received packets to the CPU port only.
906
907Concretely, a port starts offloading the forwarding plane of a bridge once it
908returns success to the ``port_bridge_join`` method, and stops doing so after
909``port_bridge_leave`` has been called. Offloading the bridge means autonomously
910learning FDB entries in accordance with the software bridge port's state, and
911autonomously forwarding (or flooding) received packets without CPU intervention.
912This is optional even when offloading a bridge port. Tagging protocol drivers
913are expected to call ``dsa_default_offload_fwd_mark(skb)`` for packets which
914have already been autonomously forwarded in the forwarding domain of the
915ingress switch port. DSA, through ``dsa_port_devlink_setup()``, considers all
916switch ports part of the same tree ID to be part of the same bridge forwarding
917domain (capable of autonomous forwarding to each other).
918
919Offloading the TX forwarding process of a bridge is a distinct concept from
920simply offloading its forwarding plane, and refers to the ability of certain
921driver and tag protocol combinations to transmit a single skb coming from the
922bridge device's transmit function to potentially multiple egress ports (and
923thereby avoid its cloning in software).
924
925Packets for which the bridge requests this behavior are called data plane
926packets and have ``skb->offload_fwd_mark`` set to true in the tag protocol
927driver's ``xmit`` function. Data plane packets are subject to FDB lookup,
928hardware learning on the CPU port, and do not override the port STP state.
929Additionally, replication of data plane packets (multicast, flooding) is
930handled in hardware and the bridge driver will transmit a single skb for each
931packet that may or may not need replication.
932
933When the TX forwarding offload is enabled, the tag protocol driver is
934responsible to inject packets into the data plane of the hardware towards the
935correct bridging domain (FID) that the port is a part of. The port may be
936VLAN-unaware, and in this case the FID must be equal to the FID used by the
937driver for its VLAN-unaware address database associated with that bridge.
938Alternatively, the bridge may be VLAN-aware, and in that case, it is guaranteed
939that the packet is also VLAN-tagged with the VLAN ID that the bridge processed
940this packet in. It is the responsibility of the hardware to untag the VID on
941the egress-untagged ports, or keep the tag on the egress-tagged ones.
942
943- ``port_bridge_join``: bridge layer function invoked when a given switch port is
944 added to a bridge, this function should do what's necessary at the switch
945 level to permit the joining port to be added to the relevant logical
946 domain for it to ingress/egress traffic with other members of the bridge.
947 By setting the ``tx_fwd_offload`` argument to true, the TX forwarding process
948 of this bridge is also offloaded.
949
950- ``port_bridge_leave``: bridge layer function invoked when a given switch port is
951 removed from a bridge, this function should do what's necessary at the
952 switch level to deny the leaving port from ingress/egress traffic from the
953 remaining bridge members.
954
955- ``port_stp_state_set``: bridge layer function invoked when a given switch port STP
956 state is computed by the bridge layer and should be propagated to switch
957 hardware to forward/block/learn traffic.
958
959- ``port_bridge_flags``: bridge layer function invoked when a port must
960 configure its settings for e.g. flooding of unknown traffic or source address
961 learning. The switch driver is responsible for initial setup of the
962 standalone ports with address learning disabled and egress flooding of all
963 types of traffic, then the DSA core notifies of any change to the bridge port
964 flags when the port joins and leaves a bridge. DSA does not currently manage
965 the bridge port flags for the CPU port. The assumption is that address
966 learning should be statically enabled (if supported by the hardware) on the
967 CPU port, and flooding towards the CPU port should also be enabled, due to a
968 lack of an explicit address filtering mechanism in the DSA core.
969
970- ``port_fast_age``: bridge layer function invoked when flushing the
971 dynamically learned FDB entries on the port is necessary. This is called when
972 transitioning from an STP state where learning should take place to an STP
973 state where it shouldn't, or when leaving a bridge, or when address learning
974 is turned off via ``port_bridge_flags``.
975
976Bridge VLAN filtering
977---------------------
978
979- ``port_vlan_filtering``: bridge layer function invoked when the bridge gets
980 configured for turning on or off VLAN filtering. If nothing specific needs to
981 be done at the hardware level, this callback does not need to be implemented.
982 When VLAN filtering is turned on, the hardware must be programmed with
983 rejecting 802.1Q frames which have VLAN IDs outside of the programmed allowed
984 VLAN ID map/rules. If there is no PVID programmed into the switch port,
985 untagged frames must be rejected as well. When turned off the switch must
986 accept any 802.1Q frames irrespective of their VLAN ID, and untagged frames are
987 allowed.
988
989- ``port_vlan_add``: bridge layer function invoked when a VLAN is configured
990 (tagged or untagged) for the given switch port. The CPU port becomes a member
991 of a VLAN only if a foreign bridge port is also a member of it (and
992 forwarding needs to take place in software), or the VLAN is installed to the
993 VLAN group of the bridge device itself, for termination purposes
994 (``bridge vlan add dev br0 vid 100 self``). VLANs on shared ports are
995 reference counted and removed when there is no user left. Drivers do not need
996 to manually install a VLAN on the CPU port.
997
998- ``port_vlan_del``: bridge layer function invoked when a VLAN is removed from the
999 given switch port
1000
1001- ``port_fdb_add``: bridge layer function invoked when the bridge wants to install a
1002 Forwarding Database entry, the switch hardware should be programmed with the
1003 specified address in the specified VLAN Id in the forwarding database
1004 associated with this VLAN ID.
1005
1006- ``port_fdb_del``: bridge layer function invoked when the bridge wants to remove a
1007 Forwarding Database entry, the switch hardware should be programmed to delete
1008 the specified MAC address from the specified VLAN ID if it was mapped into
1009 this port forwarding database
1010
1011- ``port_fdb_dump``: bridge bypass function invoked by ``ndo_fdb_dump`` on the
1012 physical DSA port interfaces. Since DSA does not attempt to keep in sync its
1013 hardware FDB entries with the software bridge, this method is implemented as
1014 a means to view the entries visible on user ports in the hardware database.
1015 The entries reported by this function have the ``self`` flag in the output of
1016 the ``bridge fdb show`` command.
1017
1018- ``port_mdb_add``: bridge layer function invoked when the bridge wants to install
1019 a multicast database entry. The switch hardware should be programmed with the
1020 specified address in the specified VLAN ID in the forwarding database
1021 associated with this VLAN ID.
1022
1023- ``port_mdb_del``: bridge layer function invoked when the bridge wants to remove a
1024 multicast database entry, the switch hardware should be programmed to delete
1025 the specified MAC address from the specified VLAN ID if it was mapped into
1026 this port forwarding database.
1027
1028Link aggregation
1029----------------
1030
1031Link aggregation is implemented in the Linux networking stack by the bonding
1032and team drivers, which are modeled as virtual, stackable network interfaces.
1033DSA is capable of offloading a link aggregation group (LAG) to hardware that
1034supports the feature, and supports bridging between physical ports and LAGs,
1035as well as between LAGs. A bonding/team interface which holds multiple physical
1036ports constitutes a logical port, although DSA has no explicit concept of a
1037logical port at the moment. Due to this, events where a LAG joins/leaves a
1038bridge are treated as if all individual physical ports that are members of that
1039LAG join/leave the bridge. Switchdev port attributes (VLAN filtering, STP
1040state, etc) and objects (VLANs, MDB entries) offloaded to a LAG as bridge port
1041are treated similarly: DSA offloads the same switchdev object / port attribute
1042on all members of the LAG. Static bridge FDB entries on a LAG are not yet
1043supported, since the DSA driver API does not have the concept of a logical port
1044ID.
1045
1046- ``port_lag_join``: function invoked when a given switch port is added to a
1047 LAG. The driver may return ``-EOPNOTSUPP``, and in this case, DSA will fall
1048 back to a software implementation where all traffic from this port is sent to
1049 the CPU.
1050- ``port_lag_leave``: function invoked when a given switch port leaves a LAG
1051 and returns to operation as a standalone port.
1052- ``port_lag_change``: function invoked when the link state of any member of
1053 the LAG changes, and the hashing function needs rebalancing to only make use
1054 of the subset of physical LAG member ports that are up.
1055
1056Drivers that benefit from having an ID associated with each offloaded LAG
1057can optionally populate ``ds->num_lag_ids`` from the ``dsa_switch_ops::setup``
1058method. The LAG ID associated with a bonding/team interface can then be
1059retrieved by a DSA switch driver using the ``dsa_lag_id`` function.
1060
1061IEC 62439-2 (MRP)
1062-----------------
1063
1064The Media Redundancy Protocol is a topology management protocol optimized for
1065fast fault recovery time for ring networks, which has some components
1066implemented as a function of the bridge driver. MRP uses management PDUs
1067(Test, Topology, LinkDown/Up, Option) sent at a multicast destination MAC
1068address range of 01:15:4e:00:00:0x and with an EtherType of 0x88e3.
1069Depending on the node's role in the ring (MRM: Media Redundancy Manager,
1070MRC: Media Redundancy Client, MRA: Media Redundancy Automanager), certain MRP
1071PDUs might need to be terminated locally and others might need to be forwarded.
1072An MRM might also benefit from offloading to hardware the creation and
1073transmission of certain MRP PDUs (Test).
1074
1075Normally an MRP instance can be created on top of any network interface,
1076however in the case of a device with an offloaded data path such as DSA, it is
1077necessary for the hardware, even if it is not MRP-aware, to be able to extract
1078the MRP PDUs from the fabric before the driver can proceed with the software
1079implementation. DSA today has no driver which is MRP-aware, therefore it only
1080listens for the bare minimum switchdev objects required for the software assist
1081to work properly. The operations are detailed below.
1082
1083- ``port_mrp_add`` and ``port_mrp_del``: notifies driver when an MRP instance
1084 with a certain ring ID, priority, primary port and secondary port is
1085 created/deleted.
1086- ``port_mrp_add_ring_role`` and ``port_mrp_del_ring_role``: function invoked
1087 when an MRP instance changes ring roles between MRM or MRC. This affects
1088 which MRP PDUs should be trapped to software and which should be autonomously
1089 forwarded.
1090
1091IEC 62439-3 (HSR/PRP)
1092---------------------
1093
1094The Parallel Redundancy Protocol (PRP) is a network redundancy protocol which
1095works by duplicating and sequence numbering packets through two independent L2
1096networks (which are unaware of the PRP tail tags carried in the packets), and
1097eliminating the duplicates at the receiver. The High-availability Seamless
1098Redundancy (HSR) protocol is similar in concept, except all nodes that carry
1099the redundant traffic are aware of the fact that it is HSR-tagged (because HSR
1100uses a header with an EtherType of 0x892f) and are physically connected in a
1101ring topology. Both HSR and PRP use supervision frames for monitoring the
1102health of the network and for discovery of other nodes.
1103
1104In Linux, both HSR and PRP are implemented in the hsr driver, which
1105instantiates a virtual, stackable network interface with two member ports.
1106The driver only implements the basic roles of DANH (Doubly Attached Node
1107implementing HSR) and DANP (Doubly Attached Node implementing PRP); the roles
1108of RedBox and QuadBox are not implemented (therefore, bridging a hsr network
1109interface with a physical switch port does not produce the expected result).
1110
1111A driver which is able of offloading certain functions of a DANP or DANH should
1112declare the corresponding netdev features as indicated by the documentation at
1113``Documentation/networking/netdev-features.rst``. Additionally, the following
1114methods must be implemented:
1115
1116- ``port_hsr_join``: function invoked when a given switch port is added to a
1117 DANP/DANH. The driver may return ``-EOPNOTSUPP`` and in this case, DSA will
1118 fall back to a software implementation where all traffic from this port is
1119 sent to the CPU.
1120- ``port_hsr_leave``: function invoked when a given switch port leaves a
1121 DANP/DANH and returns to normal operation as a standalone port.
1122
1123TODO
1124====
1125
1126Making SWITCHDEV and DSA converge towards an unified codebase
1127-------------------------------------------------------------
1128
1129SWITCHDEV properly takes care of abstracting the networking stack with offload
1130capable hardware, but does not enforce a strict switch device driver model. On
1131the other DSA enforces a fairly strict device driver model, and deals with most
1132of the switch specific. At some point we should envision a merger between these
1133two subsystems and get the best of both worlds.