ESP32-WROOM and KSZ8863RLL device questions on IP and sending packets

[MikeMyhre]

I have a board I have designed that uses the KSZ8863RLL switch from microchip. I am using the Two Ports mode from this example:
https://github.com/espressif/esp-eth-dr ... ports_mode
This chip is a three port switch with SPI interface. One port goes to the ESP32 and the other two connect to ethernet jacks to provide a dual ethernet solution. The driver uses 'tail tagging' to preserve which port traffic passes through.
I have it working to the point where I see broadcast packets sent out and have set the MAC address of the two ports.
The example uses the open("/dev/net/tap") function to return a file handle. Then uses ioctl() function to bind the ETH_0 and ETH_1 port interface. FInally, the packet is written using the write(fd,...) funciton.
This seems to be a pretty primitive way to send a packet. I was expecting that I would be able to use the bound netif handle and the traditional socket() function and all the sendto(sock, ... ) functions that I have used before.
Also the interfaces are not requesting a DHCP IP request like they did when I used the 'simple switch' configuration or single ethernet like using the W5500 chip.
While I am pleased I have the chip working hardware wise, I don't see how to go forward with typical ESP32 ethernet development.
I should add that it is important in this design to have two isolated ports. One port should not be able to reach the other port but instead must flow through the ESP32 where packets will be authorized and possibly modified.

[ESP_ondrej]

IP traffic at each port should work see https://github.com/espressif/esp-eth-dr ... ports_mode

Could you please provide more information about your setup? What IDF version do you use? What's your network setup?

[MikeMyhre]

I am using framework idf-v5.2.1
I have one port connected to my LAN and another port connected to a PC.
I would like to be able to disable the ability for the PC to connect to my LAN unless the packets are allowed by the ESP32 code. That is why I chose the two port mode. I thought since storm control was not an issue, I would get two ports with their own MAC address and their own IP addresses and everything would be routed through the ESP32 which could forward the packets that it wanted.

At this point, none of my three interfaces (or ports on the switch) have an IP address, but they all have different MAC addresses.

When I tried the Simple Switch option, I had a single IP on the ESP32 port. Not sure why that went away with the two port mode.

[MikeMyhre]

I found this document that explains the reasoning behind the L2 Tap control and read() write() file options:
https://docs.espressif.com/projects/esp ... light=bind

I still don't understand why I am not getting an IP address on any of the three switch nodes, each of which has their own MAC address and I have done an esp_eth_start() on each of them. They show Link Up but no IP level activity.

Code: Select all

I (492) eth_init: Initializing SPI Ethernet chip.
I (492) eth_init: Initializing Ethernet config.
I (502) eth_init: External Clock setting...
I (502) eth_init: Hardware Reset
W (512) ksz8863_eth: SW reset resets all Global, MAC and PHY registers!
I (512) eth_init: Init Complete.
I (532) eth_init: Initializing P1 Interface.
I (542) eth_init: Initializing P2 Interface.
I (552) esp_eth.netif.netif_glue: 8c:4b:14:0a:14:00
I (552) esp_eth.netif.netif_glue: ethernet attached to netif
I (552) esp_eth.netif.netif_glue: 8c:4b:14:0a:14:01
I (552) esp_eth.netif.netif_glue: ethernet attached to netif
I (562) net: Event Handlers Loaded
I (572) tunnel_brick: Ethernet Started
E (572) esp_eth: esp_eth_ioctl(496): unknown io command: 4109
I (582) tunnel_brick: Ethernet Link Up
I (582) tunnel_brick: Ethernet HW Addr 94:e6:86:49:e7:af
I (2492) tunnel_brick: Ethernet Started
I (2492) tunnel_brick: Ethernet Link Up Port 1
I (2492) tunnel_brick: Ethernet HW Addr 8c:4b:14:0a:14:00
I (6492) tunnel_brick: Ethernet Started

Any hints would be greatly appreciated.

Thanks!

[ESP_ondrej]

I tried it on my test board and "two_ports_mode" example works as expected. I got IP address at both ports. Do you use exact version of "two_ports_mode"? Or do you use some modified version of yours?

[MikeMyhre]

I tried it on my test board and "two_ports_mode" example works as expected. I got IP address at both ports. Do you use exact version of "two_ports_mode"? Or do you use some modified version of yours?

Thanks for the update. I started with the 'simple switch' which did do a DHCP on one port. Then I modified the project comparing to the 'two port' mode. I have compared several times. Now knowing that the example works for you, I will check again and if that doesn't work use the example directly.
Thanks!

[MikeMyhre]

I found the issue. I had missed one line .pmac_mode = KSZ8863_PORT_MODE.
It was still in switch mode.
Thanks for the confirmation!
I have two IPs now.

[ESP_ondrej]

Great to hear you found the issue.

One point regarding

I would like to be able to disable the ability for the PC to connect to my LAN unless the packets are allowed by the ESP32 code.

I'm not sure if "two port mode" is feasible for this use case. This mode is intended to provide your device two independent Ethernet ports. Therefore, if you wanted to pass traffic through the ports (allow it by ESP code as you mentioned), you would have to do it at SW layer of the ESP. It would be either IP forwarding (L3) or bridging (L2). However, performance would be much lower than switching performed by KSZ8863.

I think you should use one of the switch modes and properly configure the MAC tables or ports to switch traffic between the ports per your needs. The driver has configuration options for it, see `ksz8863_eth_io_cmd_t`. Also consult with KSZ8863 datasheet.

[MikeMyhre]

Great to hear you found the issue.

One point regarding

I would like to be able to disable the ability for the PC to connect to my LAN unless the packets are allowed by the ESP32 code.

I'm not sure if "two port mode" is feasible for this use case. This mode is intended to provide your device two independent Ethernet ports. Therefore, if you wanted to pass traffic through the ports (allow it by ESP code as you mentioned), you would have to do it at SW layer of the ESP. It would be either IP forwarding (L3) or bridging (L2). However, performance would be much lower than switching performed by KSZ8863.

I think you should use one of the switch modes and properly configure the MAC tables or ports to switch traffic between the ports per your needs. The driver has configuration options for it, see `ksz8863_eth_io_cmd_t`. Also consult with KSZ8863 datasheet.

I realize the performance hit with this mode to pass packets. I also have come to realize the capabilities of the switch in filtering traffic. This product will have multiple modes depending on the use. Some with very little bandwidth requirements but requiring total isolation and specifics on packet inspections and others with high bandwidth and very little filtering.
I feel good about the capabilities of this part.
Thanks again!