On Fri, Mar 25, 2022 at 02:48:36PM +0100, Hans Schultz wrote:
If you'd cache the locked ATU entry in the mv88e6xxx driver, and you'd notify switchdev only if the entry is new to the cache, then you'd actually still achieve something major. Yes, the bridge FDB will contain locked FDB entries that aren't in the ATU. But that's because your printer has been silent for X seconds. The policy for the printer still hasn't changed, as far as the mv88e6xxx, or bridge, software drivers are concerned. If the unauthorized printer says something again after the locked ATU entry expires, the mv88e6xxx driver will find its MAC SA in the cache of denied addresses, and reload the ATU. What this achieves
The driver will in this case just trigger a new miss violation and add the entry again I think. The problem with all this is that a malicious attack that spams the switch with random mac addresses will be able to DOS the device as any handling of the fdb will be too resource demanding. That is why it is needed to remove those fdb entries after a time out, which dynamic entries would serve.
An attacker sweeping through the 2^47 source MAC address range is a problem regardless of the implementations proposed so far, no? If unlimited growth of the mv88e6xxx locked ATU entry cache is a concern (which it is), we could limit its size, and when we purge a cached entry in software is also when we could emit a SWITCHDEV_FDB_DEL_TO_BRIDGE for it, right?