5 This document describes the **Distributed Switch Architecture (DSA)** subsystem
6 design principles, limitations, interactions with other subsystems, and how to
7 develop drivers for this subsystem as well as a TODO for developers interested
13 The Distributed Switch Architecture subsystem was primarily designed to
14 support Marvell Ethernet switches (MV88E6xxx, a.k.a. Link Street product
15 line) using Linux, but has since evolved to support other vendors as well.
17 The original philosophy behind this design was to be able to use unmodified
18 Linux tools such as bridge, iproute2, ifconfig to work transparently whether
19 they configured/queried a switch port network device or a regular network
22 An Ethernet switch typically comprises multiple front-panel ports and one
23 or more CPU or management ports. The DSA subsystem currently relies on the
24 presence of a management port connected to an Ethernet controller capable of
25 receiving Ethernet frames from the switch. This is a very common setup for all
26 kinds of Ethernet switches found in Small Home and Office products: routers,
27 gateways, or even top-of-rack switches. This host Ethernet controller will
28 be later referred to as "master" and "cpu" in DSA terminology and code.
30 The D in DSA stands for Distributed, because the subsystem has been designed
31 with the ability to configure and manage cascaded switches on top of each other
32 using upstream and downstream Ethernet links between switches. These specific
33 ports are referred to as "dsa" ports in DSA terminology and code. A collection
34 of multiple switches connected to each other is called a "switch tree".
36 For each front-panel port, DSA creates specialized network devices which are
37 used as controlling and data-flowing endpoints for use by the Linux networking
38 stack. These specialized network interfaces are referred to as "slave" network
39 interfaces in DSA terminology and code.
41 The ideal case for using DSA is when an Ethernet switch supports a "switch tag"
42 which is a hardware feature making the switch insert a specific tag for each
43 Ethernet frame it receives to/from specific ports to help the management
46 - what port is this frame coming from
47 - what was the reason why this frame got forwarded
48 - how to send CPU originated traffic to specific ports
50 The subsystem does support switches not capable of inserting/stripping tags, but
51 the features might be slightly limited in that case (traffic separation relies
52 on Port-based VLAN IDs).
54 Note that DSA does not currently create network interfaces for the "cpu" and
57 - the "cpu" port is the Ethernet switch facing side of the management
58 controller, and as such, would create a duplication of feature, since you
59 would get two interfaces for the same conduit: master netdev, and "cpu" netdev
61 - the "dsa" port(s) are just conduits between two or more switches, and as such
62 cannot really be used as proper network interfaces either, only the
63 downstream, or the top-most upstream interface makes sense with that model
65 Switch tagging protocols
66 ------------------------
68 DSA supports many vendor-specific tagging protocols, one software-defined
69 tagging protocol, and a tag-less mode as well (``DSA_TAG_PROTO_NONE``).
71 The exact format of the tag protocol is vendor specific, but in general, they
72 all contain something which:
74 - identifies which port the Ethernet frame came from/should be sent to
75 - provides a reason why this frame was forwarded to the management interface
77 All tagging protocols are in ``net/dsa/tag_*.c`` files and implement the
78 methods of the ``struct dsa_device_ops`` structure, which are detailed below.
80 Tagging protocols generally fall in one of three categories:
82 1. The switch-specific frame header is located before the Ethernet header,
83 shifting to the right (from the perspective of the DSA master's frame
84 parser) the MAC DA, MAC SA, EtherType and the entire L2 payload.
85 2. The switch-specific frame header is located before the EtherType, keeping
86 the MAC DA and MAC SA in place from the DSA master's perspective, but
87 shifting the 'real' EtherType and L2 payload to the right.
88 3. The switch-specific frame header is located at the tail of the packet,
89 keeping all frame headers in place and not altering the view of the packet
90 that the DSA master's frame parser has.
92 A tagging protocol may tag all packets with switch tags of the same length, or
93 the tag length might vary (for example packets with PTP timestamps might
94 require an extended switch tag, or there might be one tag length on TX and a
95 different one on RX). Either way, the tagging protocol driver must populate the
96 ``struct dsa_device_ops::needed_headroom`` and/or ``struct dsa_device_ops::needed_tailroom``
97 with the length in octets of the longest switch frame header/trailer. The DSA
98 framework will automatically adjust the MTU of the master interface to
99 accommodate for this extra size in order for DSA user ports to support the
100 standard MTU (L2 payload length) of 1500 octets. The ``needed_headroom`` and
101 ``needed_tailroom`` properties are also used to request from the network stack,
102 on a best-effort basis, the allocation of packets with enough extra space such
103 that the act of pushing the switch tag on transmission of a packet does not
104 cause it to reallocate due to lack of memory.
106 Even though applications are not expected to parse DSA-specific frame headers,
107 the format on the wire of the tagging protocol represents an Application Binary
108 Interface exposed by the kernel towards user space, for decoders such as
109 ``libpcap``. The tagging protocol driver must populate the ``proto`` member of
110 ``struct dsa_device_ops`` with a value that uniquely describes the
111 characteristics of the interaction required between the switch hardware and the
112 data path driver: the offset of each bit field within the frame header and any
113 stateful processing required to deal with the frames (as may be required for
116 From the perspective of the network stack, all switches within the same DSA
117 switch tree use the same tagging protocol. In case of a packet transiting a
118 fabric with more than one switch, the switch-specific frame header is inserted
119 by the first switch in the fabric that the packet was received on. This header
120 typically contains information regarding its type (whether it is a control
121 frame that must be trapped to the CPU, or a data frame to be forwarded).
122 Control frames should be decapsulated only by the software data path, whereas
123 data frames might also be autonomously forwarded towards other user ports of
124 other switches from the same fabric, and in this case, the outermost switch
125 ports must decapsulate the packet.
127 Note that in certain cases, it might be the case that the tagging format used
128 by a leaf switch (not connected directly to the CPU) is not the same as what
129 the network stack sees. This can be seen with Marvell switch trees, where the
130 CPU port can be configured to use either the DSA or the Ethertype DSA (EDSA)
131 format, but the DSA links are configured to use the shorter (without Ethertype)
132 DSA frame header, in order to reduce the autonomous packet forwarding overhead.
133 It still remains the case that, if the DSA switch tree is configured for the
134 EDSA tagging protocol, the operating system sees EDSA-tagged packets from the
135 leaf switches that tagged them with the shorter DSA header. This can be done
136 because the Marvell switch connected directly to the CPU is configured to
137 perform tag translation between DSA and EDSA (which is simply the operation of
138 adding or removing the ``ETH_P_EDSA`` EtherType and some padding octets).
140 It is possible to construct cascaded setups of DSA switches even if their
141 tagging protocols are not compatible with one another. In this case, there are
142 no DSA links in this fabric, and each switch constitutes a disjoint DSA switch
143 tree. The DSA links are viewed as simply a pair of a DSA master (the out-facing
144 port of the upstream DSA switch) and a CPU port (the in-facing port of the
145 downstream DSA switch).
147 The tagging protocol of the attached DSA switch tree can be viewed through the
148 ``dsa/tagging`` sysfs attribute of the DSA master::
150 cat /sys/class/net/eth0/dsa/tagging
152 If the hardware and driver are capable, the tagging protocol of the DSA switch
153 tree can be changed at runtime. This is done by writing the new tagging
154 protocol name to the same sysfs device attribute as above (the DSA master and
155 all attached switch ports must be down while doing this).
157 It is desirable that all tagging protocols are testable with the ``dsa_loop``
158 mockup driver, which can be attached to any network interface. The goal is that
159 any network interface should be capable of transmitting the same packet in the
160 same way, and the tagger should decode the same received packet in the same way
161 regardless of the driver used for the switch control path, and the driver used
164 The transmission of a packet goes through the tagger's ``xmit`` function.
165 The passed ``struct sk_buff *skb`` has ``skb->data`` pointing at
166 ``skb_mac_header(skb)``, i.e. at the destination MAC address, and the passed
167 ``struct net_device *dev`` represents the virtual DSA user network interface
168 whose hardware counterpart the packet must be steered to (i.e. ``swp0``).
169 The job of this method is to prepare the skb in a way that the switch will
170 understand what egress port the packet is for (and not deliver it towards other
171 ports). Typically this is fulfilled by pushing a frame header. Checking for
172 insufficient size in the skb headroom or tailroom is unnecessary provided that
173 the ``needed_headroom`` and ``needed_tailroom`` properties were filled out
174 properly, because DSA ensures there is enough space before calling this method.
176 The reception of a packet goes through the tagger's ``rcv`` function. The
177 passed ``struct sk_buff *skb`` has ``skb->data`` pointing at
178 ``skb_mac_header(skb) + ETH_ALEN`` octets, i.e. to where the first octet after
179 the EtherType would have been, were this frame not tagged. The role of this
180 method is to consume the frame header, adjust ``skb->data`` to really point at
181 the first octet after the EtherType, and to change ``skb->dev`` to point to the
182 virtual DSA user network interface corresponding to the physical front-facing
183 switch port that the packet was received on.
185 Since tagging protocols in category 1 and 2 break software (and most often also
186 hardware) packet dissection on the DSA master, features such as RPS (Receive
187 Packet Steering) on the DSA master would be broken. The DSA framework deals
188 with this by hooking into the flow dissector and shifting the offset at which
189 the IP header is to be found in the tagged frame as seen by the DSA master.
190 This behavior is automatic based on the ``overhead`` value of the tagging
191 protocol. If not all packets are of equal size, the tagger can implement the
192 ``flow_dissect`` method of the ``struct dsa_device_ops`` and override this
193 default behavior by specifying the correct offset incurred by each individual
194 RX packet. Tail taggers do not cause issues to the flow dissector.
196 Checksum offload should work with category 1 and 2 taggers when the DSA master
197 driver declares NETIF_F_HW_CSUM in vlan_features and looks at csum_start and
198 csum_offset. For those cases, DSA will shift the checksum start and offset by
199 the tag size. If the DSA master driver still uses the legacy NETIF_F_IP_CSUM
200 or NETIF_F_IPV6_CSUM in vlan_features, the offload might only work if the
201 offload hardware already expects that specific tag (perhaps due to matching
202 vendors). DSA slaves inherit those flags from the master port, and it is up to
203 the driver to correctly fall back to software checksum when the IP header is not
204 where the hardware expects. If that check is ineffective, the packets might go
205 to the network without a proper checksum (the checksum field will have the
206 pseudo IP header sum). For category 3, when the offload hardware does not
207 already expect the switch tag in use, the checksum must be calculated before any
208 tag is inserted (i.e. inside the tagger). Otherwise, the DSA master would
209 include the tail tag in the (software or hardware) checksum calculation. Then,
210 when the tag gets stripped by the switch during transmission, it will leave an
211 incorrect IP checksum in place.
213 Due to various reasons (most common being category 1 taggers being associated
214 with DSA-unaware masters, mangling what the master perceives as MAC DA), the
215 tagging protocol may require the DSA master to operate in promiscuous mode, to
216 receive all frames regardless of the value of the MAC DA. This can be done by
217 setting the ``promisc_on_master`` property of the ``struct dsa_device_ops``.
218 Note that this assumes a DSA-unaware master driver, which is the norm.
220 Master network devices
221 ----------------------
223 Master network devices are regular, unmodified Linux network device drivers for
224 the CPU/management Ethernet interface. Such a driver might occasionally need to
225 know whether DSA is enabled (e.g.: to enable/disable specific offload features),
226 but the DSA subsystem has been proven to work with industry standard drivers:
227 ``e1000e,`` ``mv643xx_eth`` etc. without having to introduce modifications to these
228 drivers. Such network devices are also often referred to as conduit network
229 devices since they act as a pipe between the host processor and the hardware
232 Networking stack hooks
233 ----------------------
235 When a master netdev is used with DSA, a small hook is placed in the
236 networking stack is in order to have the DSA subsystem process the Ethernet
237 switch specific tagging protocol. DSA accomplishes this by registering a
238 specific (and fake) Ethernet type (later becoming ``skb->protocol``) with the
239 networking stack, this is also known as a ``ptype`` or ``packet_type``. A typical
240 Ethernet Frame receive sequence looks like this:
242 Master network device (e.g.: e1000e):
244 1. Receive interrupt fires:
246 - receive function is invoked
247 - basic packet processing is done: getting length, status etc.
248 - packet is prepared to be processed by the Ethernet layer by calling
251 2. net/ethernet/eth.c::
253 eth_type_trans(skb, dev)
254 if (dev->dsa_ptr != NULL)
255 -> skb->protocol = ETH_P_XDSA
257 3. drivers/net/ethernet/\*::
259 netif_receive_skb(skb)
260 -> iterate over registered packet_type
261 -> invoke handler for ETH_P_XDSA, calls dsa_switch_rcv()
266 -> invoke switch tag specific protocol handler in 'net/dsa/tag_*.c'
270 - inspect and strip switch tag protocol to determine originating port
271 - locate per-port network device
272 - invoke ``eth_type_trans()`` with the DSA slave network device
273 - invoked ``netif_receive_skb()``
275 Past this point, the DSA slave network devices get delivered regular Ethernet
276 frames that can be processed by the networking stack.
278 Slave network devices
279 ---------------------
281 Slave network devices created by DSA are stacked on top of their master network
282 device, each of these network interfaces will be responsible for being a
283 controlling and data-flowing end-point for each front-panel port of the switch.
284 These interfaces are specialized in order to:
286 - insert/remove the switch tag protocol (if it exists) when sending traffic
287 to/from specific switch ports
288 - query the switch for ethtool operations: statistics, link state,
289 Wake-on-LAN, register dumps...
290 - manage external/internal PHY: link, auto-negotiation, etc.
292 These slave network devices have custom net_device_ops and ethtool_ops function
293 pointers which allow DSA to introduce a level of layering between the networking
294 stack/ethtool and the switch driver implementation.
296 Upon frame transmission from these slave network devices, DSA will look up which
297 switch tagging protocol is currently registered with these network devices and
298 invoke a specific transmit routine which takes care of adding the relevant
299 switch tag in the Ethernet frames.
301 These frames are then queued for transmission using the master network device
302 ``ndo_start_xmit()`` function. Since they contain the appropriate switch tag, the
303 Ethernet switch will be able to process these incoming frames from the
304 management interface and deliver them to the physical switch port.
306 Graphical representation
307 ------------------------
309 Summarized, this is basically how DSA looks like from a network device
313 opens and binds socket
316 +-----------v--|--------------------+
317 |+------+ +------+ +------+ +------+|
318 || swp0 | | swp1 | | swp2 | | swp3 ||
319 |+------+-+------+-+------+-+------+|
320 | DSA switch driver |
321 +-----------------------------------+
323 Tag added by | | Tag consumed by
324 switch driver | | switch driver
326 +-----------------------------------+
327 | Unmodified host interface driver | Software
328 --------+-----------------------------------+------------
329 | Host interface (eth0) | Hardware
330 +-----------------------------------+
332 Tag consumed by | | Tag added by
333 switch hardware | | switch hardware
335 +-----------------------------------+
337 |+------+ +------+ +------+ +------+|
338 || swp0 | | swp1 | | swp2 | | swp3 ||
339 ++------+-+------+-+------+-+------++
344 In order to be able to read to/from a switch PHY built into it, DSA creates a
345 slave MDIO bus which allows a specific switch driver to divert and intercept
346 MDIO reads/writes towards specific PHY addresses. In most MDIO-connected
347 switches, these functions would utilize direct or indirect PHY addressing mode
348 to return standard MII registers from the switch builtin PHYs, allowing the PHY
349 library and/or to return link status, link partner pages, auto-negotiation
352 For Ethernet switches which have both external and internal MDIO buses, the
353 slave MII bus can be utilized to mux/demux MDIO reads and writes towards either
354 internal or external MDIO devices this switch might be connected to: internal
355 PHYs, external PHYs, or even external switches.
360 DSA data structures are defined in ``include/net/dsa.h`` as well as
361 ``net/dsa/dsa_priv.h``:
363 - ``dsa_chip_data``: platform data configuration for a given switch device,
364 this structure describes a switch device's parent device, its address, as
365 well as various properties of its ports: names/labels, and finally a routing
366 table indication (when cascading switches)
368 - ``dsa_platform_data``: platform device configuration data which can reference
369 a collection of dsa_chip_data structures if multiple switches are cascaded,
370 the master network device this switch tree is attached to needs to be
373 - ``dsa_switch_tree``: structure assigned to the master network device under
374 ``dsa_ptr``, this structure references a dsa_platform_data structure as well as
375 the tagging protocol supported by the switch tree, and which receive/transmit
376 function hooks should be invoked, information about the directly attached
377 switch is also provided: CPU port. Finally, a collection of dsa_switch are
378 referenced to address individual switches in the tree.
380 - ``dsa_switch``: structure describing a switch device in the tree, referencing
381 a ``dsa_switch_tree`` as a backpointer, slave network devices, master network
382 device, and a reference to the backing``dsa_switch_ops``
384 - ``dsa_switch_ops``: structure referencing function pointers, see below for a
390 Lack of CPU/DSA network devices
391 -------------------------------
393 DSA does not currently create slave network devices for the CPU or DSA ports, as
394 described before. This might be an issue in the following cases:
396 - inability to fetch switch CPU port statistics counters using ethtool, which
397 can make it harder to debug MDIO switch connected using xMII interfaces
399 - inability to configure the CPU port link parameters based on the Ethernet
400 controller capabilities attached to it: http://patchwork.ozlabs.org/patch/509806/
402 - inability to configure specific VLAN IDs / trunking VLANs between switches
403 when using a cascaded setup
405 Common pitfalls using DSA setups
406 --------------------------------
408 Once a master network device is configured to use DSA (dev->dsa_ptr becomes
409 non-NULL), and the switch behind it expects a tagging protocol, this network
410 interface can only exclusively be used as a conduit interface. Sending packets
411 directly through this interface (e.g.: opening a socket using this interface)
412 will not make us go through the switch tagging protocol transmit function, so
413 the Ethernet switch on the other end, expecting a tag will typically drop this
416 Interactions with other subsystems
417 ==================================
419 DSA currently leverages the following subsystems:
421 - MDIO/PHY library: ``drivers/net/phy/phy.c``, ``mdio_bus.c``
422 - Switchdev:``net/switchdev/*``
423 - Device Tree for various of_* functions
424 - Devlink: ``net/core/devlink.c``
429 Slave network devices exposed by DSA may or may not be interfacing with PHY
430 devices (``struct phy_device`` as defined in ``include/linux/phy.h)``, but the DSA
431 subsystem deals with all possible combinations:
433 - internal PHY devices, built into the Ethernet switch hardware
434 - external PHY devices, connected via an internal or external MDIO bus
435 - internal PHY devices, connected via an internal MDIO bus
436 - special, non-autonegotiated or non MDIO-managed PHY devices: SFPs, MoCA; a.k.a
439 The PHY configuration is done by the ``dsa_slave_phy_setup()`` function and the
440 logic basically looks like this:
442 - if Device Tree is used, the PHY device is looked up using the standard
443 "phy-handle" property, if found, this PHY device is created and registered
444 using ``of_phy_connect()``
446 - if Device Tree is used and the PHY device is "fixed", that is, conforms to
447 the definition of a non-MDIO managed PHY as defined in
448 ``Documentation/devicetree/bindings/net/fixed-link.txt``, the PHY is registered
449 and connected transparently using the special fixed MDIO bus driver
451 - finally, if the PHY is built into the switch, as is very common with
452 standalone switch packages, the PHY is probed using the slave MII bus created
459 DSA directly utilizes SWITCHDEV when interfacing with the bridge layer, and
460 more specifically with its VLAN filtering portion when configuring VLANs on top
461 of per-port slave network devices. As of today, the only SWITCHDEV objects
462 supported by DSA are the FDB and VLAN objects.
467 DSA registers one devlink device per physical switch in the fabric.
468 For each devlink device, every physical port (i.e. user ports, CPU ports, DSA
469 links or unused ports) is exposed as a devlink port.
471 DSA drivers can make use of the following devlink features:
473 - Regions: debugging feature which allows user space to dump driver-defined
474 areas of hardware information in a low-level, binary format. Both global
475 regions as well as per-port regions are supported. It is possible to export
476 devlink regions even for pieces of data that are already exposed in some way
477 to the standard iproute2 user space programs (ip-link, bridge), like address
478 tables and VLAN tables. For example, this might be useful if the tables
479 contain additional hardware-specific details which are not visible through
480 the iproute2 abstraction, or it might be useful to inspect these tables on
481 the non-user ports too, which are invisible to iproute2 because no network
482 interface is registered for them.
483 - Params: a feature which enables user to configure certain low-level tunable
484 knobs pertaining to the device. Drivers may implement applicable generic
485 devlink params, or may add new device-specific devlink params.
486 - Resources: a monitoring feature which enables users to see the degree of
487 utilization of certain hardware tables in the device, such as FDB, VLAN, etc.
488 - Shared buffers: a QoS feature for adjusting and partitioning memory and frame
489 reservations per port and per traffic class, in the ingress and egress
490 directions, such that low-priority bulk traffic does not impede the
491 processing of high-priority critical traffic.
493 For more details, consult ``Documentation/networking/devlink/``.
498 DSA features a standardized binding which is documented in
499 ``Documentation/devicetree/bindings/net/dsa/dsa.txt``. PHY/MDIO library helper
500 functions such as ``of_get_phy_mode()``, ``of_phy_connect()`` are also used to query
501 per-port PHY specific details: interface connection, MDIO bus location, etc.
506 DSA switch drivers need to implement a dsa_switch_ops structure which will
507 contain the various members described below.
509 ``register_switch_driver()`` registers this dsa_switch_ops in its internal list
510 of drivers to probe for. ``unregister_switch_driver()`` does the exact opposite.
512 Unless requested differently by setting the priv_size member accordingly, DSA
513 does not allocate any driver private context space.
518 - ``tag_protocol``: this is to indicate what kind of tagging protocol is supported,
519 should be a valid value from the ``dsa_tag_protocol`` enum
521 - ``probe``: probe routine which will be invoked by the DSA platform device upon
522 registration to test for the presence/absence of a switch device. For MDIO
523 devices, it is recommended to issue a read towards internal registers using
524 the switch pseudo-PHY and return whether this is a supported device. For other
525 buses, return a non-NULL string
527 - ``setup``: setup function for the switch, this function is responsible for setting
528 up the ``dsa_switch_ops`` private structure with all it needs: register maps,
529 interrupts, mutexes, locks, etc. This function is also expected to properly
530 configure the switch to separate all network interfaces from each other, that
531 is, they should be isolated by the switch hardware itself, typically by creating
532 a Port-based VLAN ID for each port and allowing only the CPU port and the
533 specific port to be in the forwarding vector. Ports that are unused by the
534 platform should be disabled. Past this function, the switch is expected to be
535 fully configured and ready to serve any kind of request. It is recommended
536 to issue a software reset of the switch during this setup function in order to
537 avoid relying on what a previous software agent such as a bootloader/firmware
538 may have previously configured.
540 PHY devices and link management
541 -------------------------------
543 - ``get_phy_flags``: Some switches are interfaced to various kinds of Ethernet PHYs,
544 if the PHY library PHY driver needs to know about information it cannot obtain
545 on its own (e.g.: coming from switch memory mapped registers), this function
546 should return a 32-bit bitmask of "flags" that is private between the switch
547 driver and the Ethernet PHY driver in ``drivers/net/phy/\*``.
549 - ``phy_read``: Function invoked by the DSA slave MDIO bus when attempting to read
550 the switch port MDIO registers. If unavailable, return 0xffff for each read.
551 For builtin switch Ethernet PHYs, this function should allow reading the link
552 status, auto-negotiation results, link partner pages, etc.
554 - ``phy_write``: Function invoked by the DSA slave MDIO bus when attempting to write
555 to the switch port MDIO registers. If unavailable return a negative error
558 - ``adjust_link``: Function invoked by the PHY library when a slave network device
559 is attached to a PHY device. This function is responsible for appropriately
560 configuring the switch port link parameters: speed, duplex, pause based on
561 what the ``phy_device`` is providing.
563 - ``fixed_link_update``: Function invoked by the PHY library, and specifically by
564 the fixed PHY driver asking the switch driver for link parameters that could
565 not be auto-negotiated, or obtained by reading the PHY registers through MDIO.
566 This is particularly useful for specific kinds of hardware such as QSGMII,
567 MoCA or other kinds of non-MDIO managed PHYs where out of band link
568 information is obtained
573 - ``get_strings``: ethtool function used to query the driver's strings, will
574 typically return statistics strings, private flags strings, etc.
576 - ``get_ethtool_stats``: ethtool function used to query per-port statistics and
577 return their values. DSA overlays slave network devices general statistics:
578 RX/TX counters from the network device, with switch driver specific statistics
581 - ``get_sset_count``: ethtool function used to query the number of statistics items
583 - ``get_wol``: ethtool function used to obtain Wake-on-LAN settings per-port, this
584 function may for certain implementations also query the master network device
585 Wake-on-LAN settings if this interface needs to participate in Wake-on-LAN
587 - ``set_wol``: ethtool function used to configure Wake-on-LAN settings per-port,
588 direct counterpart to set_wol with similar restrictions
590 - ``set_eee``: ethtool function which is used to configure a switch port EEE (Green
591 Ethernet) settings, can optionally invoke the PHY library to enable EEE at the
592 PHY level if relevant. This function should enable EEE at the switch port MAC
593 controller and data-processing logic
595 - ``get_eee``: ethtool function which is used to query a switch port EEE settings,
596 this function should return the EEE state of the switch port MAC controller
597 and data-processing logic as well as query the PHY for its currently configured
600 - ``get_eeprom_len``: ethtool function returning for a given switch the EEPROM
603 - ``get_eeprom``: ethtool function returning for a given switch the EEPROM contents
605 - ``set_eeprom``: ethtool function writing specified data to a given switch EEPROM
607 - ``get_regs_len``: ethtool function returning the register length for a given
610 - ``get_regs``: ethtool function returning the Ethernet switch internal register
611 contents. This function might require user-land code in ethtool to
612 pretty-print register values and registers
617 - ``suspend``: function invoked by the DSA platform device when the system goes to
618 suspend, should quiesce all Ethernet switch activities, but keep ports
619 participating in Wake-on-LAN active as well as additional wake-up logic if
622 - ``resume``: function invoked by the DSA platform device when the system resumes,
623 should resume all Ethernet switch activities and re-configure the switch to be
624 in a fully active state
626 - ``port_enable``: function invoked by the DSA slave network device ndo_open
627 function when a port is administratively brought up, this function should
628 fully enable a given switch port. DSA takes care of marking the port with
629 ``BR_STATE_BLOCKING`` if the port is a bridge member, or ``BR_STATE_FORWARDING`` if it
630 was not, and propagating these changes down to the hardware
632 - ``port_disable``: function invoked by the DSA slave network device ndo_close
633 function when a port is administratively brought down, this function should
634 fully disable a given switch port. DSA takes care of marking the port with
635 ``BR_STATE_DISABLED`` and propagating changes to the hardware if this port is
636 disabled while being a bridge member
641 - ``port_bridge_join``: bridge layer function invoked when a given switch port is
642 added to a bridge, this function should do what's necessary at the switch
643 level to permit the joining port to be added to the relevant logical
644 domain for it to ingress/egress traffic with other members of the bridge.
646 - ``port_bridge_leave``: bridge layer function invoked when a given switch port is
647 removed from a bridge, this function should do what's necessary at the
648 switch level to deny the leaving port from ingress/egress traffic from the
649 remaining bridge members. When the port leaves the bridge, it should be aged
650 out at the switch hardware for the switch to (re) learn MAC addresses behind
653 - ``port_stp_state_set``: bridge layer function invoked when a given switch port STP
654 state is computed by the bridge layer and should be propagated to switch
655 hardware to forward/block/learn traffic. The switch driver is responsible for
656 computing a STP state change based on current and asked parameters and perform
657 the relevant ageing based on the intersection results
659 - ``port_bridge_flags``: bridge layer function invoked when a port must
660 configure its settings for e.g. flooding of unknown traffic or source address
661 learning. The switch driver is responsible for initial setup of the
662 standalone ports with address learning disabled and egress flooding of all
663 types of traffic, then the DSA core notifies of any change to the bridge port
664 flags when the port joins and leaves a bridge. DSA does not currently manage
665 the bridge port flags for the CPU port. The assumption is that address
666 learning should be statically enabled (if supported by the hardware) on the
667 CPU port, and flooding towards the CPU port should also be enabled, due to a
668 lack of an explicit address filtering mechanism in the DSA core.
670 - ``port_bridge_tx_fwd_offload``: bridge layer function invoked after
671 ``port_bridge_join`` when a driver sets ``ds->num_fwd_offloading_bridges`` to
672 a non-zero value. Returning success in this function activates the TX
673 forwarding offload bridge feature for this port, which enables the tagging
674 protocol driver to inject data plane packets towards the bridging domain that
675 the port is a part of. Data plane packets are subject to FDB lookup, hardware
676 learning on the CPU port, and do not override the port STP state.
677 Additionally, replication of data plane packets (multicast, flooding) is
678 handled in hardware and the bridge driver will transmit a single skb for each
679 packet that needs replication. The method is provided as a configuration
680 point for drivers that need to configure the hardware for enabling this
683 - ``port_bridge_tx_fwd_unoffload``: bridge layer function invoked when a driver
684 leaves a bridge port which had the TX forwarding offload feature enabled.
686 Bridge VLAN filtering
687 ---------------------
689 - ``port_vlan_filtering``: bridge layer function invoked when the bridge gets
690 configured for turning on or off VLAN filtering. If nothing specific needs to
691 be done at the hardware level, this callback does not need to be implemented.
692 When VLAN filtering is turned on, the hardware must be programmed with
693 rejecting 802.1Q frames which have VLAN IDs outside of the programmed allowed
694 VLAN ID map/rules. If there is no PVID programmed into the switch port,
695 untagged frames must be rejected as well. When turned off the switch must
696 accept any 802.1Q frames irrespective of their VLAN ID, and untagged frames are
699 - ``port_vlan_add``: bridge layer function invoked when a VLAN is configured
700 (tagged or untagged) for the given switch port. If the operation is not
701 supported by the hardware, this function should return ``-EOPNOTSUPP`` to
702 inform the bridge code to fallback to a software implementation.
704 - ``port_vlan_del``: bridge layer function invoked when a VLAN is removed from the
707 - ``port_vlan_dump``: bridge layer function invoked with a switchdev callback
708 function that the driver has to call for each VLAN the given port is a member
709 of. A switchdev object is used to carry the VID and bridge flags.
711 - ``port_fdb_add``: bridge layer function invoked when the bridge wants to install a
712 Forwarding Database entry, the switch hardware should be programmed with the
713 specified address in the specified VLAN Id in the forwarding database
714 associated with this VLAN ID. If the operation is not supported, this
715 function should return ``-EOPNOTSUPP`` to inform the bridge code to fallback to
716 a software implementation.
718 .. note:: VLAN ID 0 corresponds to the port private database, which, in the context
719 of DSA, would be its port-based VLAN, used by the associated bridge device.
721 - ``port_fdb_del``: bridge layer function invoked when the bridge wants to remove a
722 Forwarding Database entry, the switch hardware should be programmed to delete
723 the specified MAC address from the specified VLAN ID if it was mapped into
724 this port forwarding database
726 - ``port_fdb_dump``: bridge layer function invoked with a switchdev callback
727 function that the driver has to call for each MAC address known to be behind
728 the given port. A switchdev object is used to carry the VID and FDB info.
730 - ``port_mdb_add``: bridge layer function invoked when the bridge wants to install
731 a multicast database entry. If the operation is not supported, this function
732 should return ``-EOPNOTSUPP`` to inform the bridge code to fallback to a
733 software implementation. The switch hardware should be programmed with the
734 specified address in the specified VLAN ID in the forwarding database
735 associated with this VLAN ID.
737 .. note:: VLAN ID 0 corresponds to the port private database, which, in the context
738 of DSA, would be its port-based VLAN, used by the associated bridge device.
740 - ``port_mdb_del``: bridge layer function invoked when the bridge wants to remove a
741 multicast database entry, the switch hardware should be programmed to delete
742 the specified MAC address from the specified VLAN ID if it was mapped into
743 this port forwarding database.
745 - ``port_mdb_dump``: bridge layer function invoked with a switchdev callback
746 function that the driver has to call for each MAC address known to be behind
747 the given port. A switchdev object is used to carry the VID and MDB info.
752 Link aggregation is implemented in the Linux networking stack by the bonding
753 and team drivers, which are modeled as virtual, stackable network interfaces.
754 DSA is capable of offloading a link aggregation group (LAG) to hardware that
755 supports the feature, and supports bridging between physical ports and LAGs,
756 as well as between LAGs. A bonding/team interface which holds multiple physical
757 ports constitutes a logical port, although DSA has no explicit concept of a
758 logical port at the moment. Due to this, events where a LAG joins/leaves a
759 bridge are treated as if all individual physical ports that are members of that
760 LAG join/leave the bridge. Switchdev port attributes (VLAN filtering, STP
761 state, etc) and objects (VLANs, MDB entries) offloaded to a LAG as bridge port
762 are treated similarly: DSA offloads the same switchdev object / port attribute
763 on all members of the LAG. Static bridge FDB entries on a LAG are not yet
764 supported, since the DSA driver API does not have the concept of a logical port
767 - ``port_lag_join``: function invoked when a given switch port is added to a
768 LAG. The driver may return ``-EOPNOTSUPP``, and in this case, DSA will fall
769 back to a software implementation where all traffic from this port is sent to
771 - ``port_lag_leave``: function invoked when a given switch port leaves a LAG
772 and returns to operation as a standalone port.
773 - ``port_lag_change``: function invoked when the link state of any member of
774 the LAG changes, and the hashing function needs rebalancing to only make use
775 of the subset of physical LAG member ports that are up.
777 Drivers that benefit from having an ID associated with each offloaded LAG
778 can optionally populate ``ds->num_lag_ids`` from the ``dsa_switch_ops::setup``
779 method. The LAG ID associated with a bonding/team interface can then be
780 retrieved by a DSA switch driver using the ``dsa_lag_id`` function.
785 The Media Redundancy Protocol is a topology management protocol optimized for
786 fast fault recovery time for ring networks, which has some components
787 implemented as a function of the bridge driver. MRP uses management PDUs
788 (Test, Topology, LinkDown/Up, Option) sent at a multicast destination MAC
789 address range of 01:15:4e:00:00:0x and with an EtherType of 0x88e3.
790 Depending on the node's role in the ring (MRM: Media Redundancy Manager,
791 MRC: Media Redundancy Client, MRA: Media Redundancy Automanager), certain MRP
792 PDUs might need to be terminated locally and others might need to be forwarded.
793 An MRM might also benefit from offloading to hardware the creation and
794 transmission of certain MRP PDUs (Test).
796 Normally an MRP instance can be created on top of any network interface,
797 however in the case of a device with an offloaded data path such as DSA, it is
798 necessary for the hardware, even if it is not MRP-aware, to be able to extract
799 the MRP PDUs from the fabric before the driver can proceed with the software
800 implementation. DSA today has no driver which is MRP-aware, therefore it only
801 listens for the bare minimum switchdev objects required for the software assist
802 to work properly. The operations are detailed below.
804 - ``port_mrp_add`` and ``port_mrp_del``: notifies driver when an MRP instance
805 with a certain ring ID, priority, primary port and secondary port is
807 - ``port_mrp_add_ring_role`` and ``port_mrp_del_ring_role``: function invoked
808 when an MRP instance changes ring roles between MRM or MRC. This affects
809 which MRP PDUs should be trapped to software and which should be autonomously
812 IEC 62439-3 (HSR/PRP)
813 ---------------------
815 The Parallel Redundancy Protocol (PRP) is a network redundancy protocol which
816 works by duplicating and sequence numbering packets through two independent L2
817 networks (which are unaware of the PRP tail tags carried in the packets), and
818 eliminating the duplicates at the receiver. The High-availability Seamless
819 Redundancy (HSR) protocol is similar in concept, except all nodes that carry
820 the redundant traffic are aware of the fact that it is HSR-tagged (because HSR
821 uses a header with an EtherType of 0x892f) and are physically connected in a
822 ring topology. Both HSR and PRP use supervision frames for monitoring the
823 health of the network and for discovery of other nodes.
825 In Linux, both HSR and PRP are implemented in the hsr driver, which
826 instantiates a virtual, stackable network interface with two member ports.
827 The driver only implements the basic roles of DANH (Doubly Attached Node
828 implementing HSR) and DANP (Doubly Attached Node implementing PRP); the roles
829 of RedBox and QuadBox are not implemented (therefore, bridging a hsr network
830 interface with a physical switch port does not produce the expected result).
832 A driver which is able of offloading certain functions of a DANP or DANH should
833 declare the corresponding netdev features as indicated by the documentation at
834 ``Documentation/networking/netdev-features.rst``. Additionally, the following
835 methods must be implemented:
837 - ``port_hsr_join``: function invoked when a given switch port is added to a
838 DANP/DANH. The driver may return ``-EOPNOTSUPP`` and in this case, DSA will
839 fall back to a software implementation where all traffic from this port is
841 - ``port_hsr_leave``: function invoked when a given switch port leaves a
842 DANP/DANH and returns to normal operation as a standalone port.
847 Making SWITCHDEV and DSA converge towards an unified codebase
848 -------------------------------------------------------------
850 SWITCHDEV properly takes care of abstracting the networking stack with offload
851 capable hardware, but does not enforce a strict switch device driver model. On
852 the other DSA enforces a fairly strict device driver model, and deals with most
853 of the switch specific. At some point we should envision a merger between these
854 two subsystems and get the best of both worlds.
859 - allowing more than one CPU/management interface:
860 http://comments.gmane.org/gmane.linux.network/365657