a limit on entries
created by user space.
Signed-off-by: Ido Schimmel
---
Notes:
v1:
* Use an array instead of a list to store source entries.
net/bridge/br_mdb.c | 128 +++-
net/bridge/br_private.h | 7 +++
2 files changed, 132 insertions(+), 3
) corresponds to a source or not.
The field will be set in a subsequent patch where br_mdb_add_group_sg()
is called in order to create a (S, G) entry for each user provided
source.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 2 +-
net/bridge/br_private.h | 1 +
2 files changed, 2
entries are
created in response to user requests.
Signed-off-by: Ido Schimmel
---
net/bridge/br_multicast.c | 3 ++-
net/bridge/br_private.h | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 8432b4ea7f28..48170bd3785e
to install a corresponding forwarding
entry.
Signed-off-by: Ido Schimmel
---
Notes:
v1:
* New patch.
net/bridge/br_multicast.c | 11 ---
net/bridge/br_private.h | 1 +
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/bridge/br_multicast.c b/net/bridge
code (i.e., br_mdb.c) that handles
RTM_NEWMDB messages.
Signed-off-by: Ido Schimmel
---
net/bridge/br_multicast.c | 2 +-
net/bridge/br_private.h | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index db4c3900ae95
where the
memory will be freed.
Note that br_mdb_del() already has one error path and therefore does not
require any changes.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge
functions.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index e3bd2122d559..fcdd464cf997 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -663,6 +663,12
between both entry types,
handle the addition of each entry type in a different function, thereby
avoiding the creation of one complex function.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 145 +---
1 file changed, 96 insertions(+), 49 deletions
filter mode.
Subsequent patches will allow user space to set the filter mode of (*,
G) entries, making the current assumption incorrect.
As a preparation, remove the current assumption and instead determine
the entry type from its key, which is a more direct way.
Signed-off-by: Ido Schimmel
251
[8] https://datatracker.ietf.org/doc/html/rfc9251#section-9.1
[9] https://github.com/idosch/iproute2/commits/submit/mdb_v1
[10] https://lore.kernel.org/netdev/20221018120420.561846-1-ido...@nvidia.com/
Ido Schimmel (14):
bridge: mcast: Do not derive entry type from its filter mode
b
The 'group' argument is not modified, so mark it as 'const'. It will
allow us to constify arguments of the callers of this function in future
patches.
Signed-off-by: Ido Schimmel
---
Notes:
v2:
* New patch.
net/bridge/br_multicast.c | 2 +-
net/bridge/br_private.h | 3 ++-
2 files
Drop the first three arguments and instead extract them from the MDB
configuration structure.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_mdb.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_mdb.c | 36 ++--
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index d0e018628f5d..d954d8f7cb0a 100644
--- a/net/bridge/br_mdb.c
+++ b/net
The parsing of the netlink messages and the validity checks are now
performed in br_mdb_config_init() so we can remove br_mdb_parse().
This finally allows us to stop passing netlink attributes deep in the
MDB control path and only use the MDB configuration structure.
Signed-off-by: Ido Schimmel
-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
Notes:
v2:
* Pass 'cfg' as 'const'.
net/bridge/br_mdb.c | 15 +++
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 6017bff8316a..b459886af675 100644
--- a/net/bridge
As an intermediate step towards only using the new MDB configuration
structure, pass it further in the control path instead of passing
individual attributes.
No functional changes intended.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
Notes:
v2:
* Pass 'cfg' as 'const
.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_mdb.c | 34 +++---
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index c8d78e4ec94e..080516a3ee9c 100644
--- a/net/bridge/br_mdb.c
These checks are now redundant as they are performed by
br_mdb_config_init() while parsing the RTM_{NEW,DEL}MDB messages.
Remove them.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_mdb.c | 63 +++--
1 file changed, 9
#1: Mark 'nlh' argument as 'const'.
* Patch #4: Pass 'cfg' as 'const'.
* Patch #5: Pass 'cfg' as 'const'.
* Patch #9: New patch.
[1] https://lore.kernel.org/netdev/20221018120420.561846-1-ido...@nvidia.com/
[2] https://github.com/idosch/linux/commits/submit/mdb_v1
Ido Schimmel (9):
bridge: mcast
, such as
routes and nexthops.
Signed-off-by: Ido Schimmel
---
Notes:
v2:
* Remove 'skb' argument from br_mdb_config_init()
* Mark 'nlh' argument as 'const'.
net/bridge/br_mdb.c | 120
net/bridge/br_private.h | 7 +++
2 files changed, 127
On Mon, Dec 05, 2022 at 01:55:05PM +0200, Nikolay Aleksandrov wrote:
> One thought (not a big deal) but it would've been ideal if we could
> initialize the config
> struct once when parsing and then pass it around as a const argument. I know
> that its
> arguments are currently passed to
On Mon, Dec 05, 2022 at 01:34:08PM +0200, Nikolay Aleksandrov wrote:
> I just noticed the skb argument is unused. Does it get used in a future
> change?
Nope :)
> Also a minor nit - I think nlh can be a const, nlmsg_parse_deprecated already
> uses a const nlh.
Removed the 'skb' argument and
Drop the first three arguments and instead extract them from the MDB
configuration structure.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index aa5faccf09f8
-by: Ido Schimmel
---
net/bridge/br_mdb.c | 36 ++--
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 67b6bc7272d3..aa5faccf09f8 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -805,24 +805,6
The parsing of the netlink messages and the validity checks are now
performed in br_mdb_config_init() so we can remove br_mdb_parse().
This finally allows us to stop passing netlink attributes deep in the
MDB control path and only use the MDB configuration structure.
Signed-off-by: Ido Schimmel
-by: Ido Schimmel
---
net/bridge/br_mdb.c | 15 +++
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 2f9b192500a3..cb4fd27f118f 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -855,20 +855,19
.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 34 +++---
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 68fd34161a40..cdc71516a51b 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
As an intermediate step towards only using the new MDB configuration
structure, pass it further in the control path instead of passing
individual attributes.
No functional changes intended.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 24 +++-
1 file changed, 11
These checks are now redundant as they are performed by
br_mdb_config_init() while parsing the RTM_{NEW,DEL}MDB messages.
Remove them.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 63 +++--
1 file changed, 9 insertions(+), 54 deletions(-)
diff
, such as
routes and nexthops.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 120
net/bridge/br_private.h | 7 +++
2 files changed, 127 insertions(+)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 321be94c445a..c53050e47a0f 100644
/20221018120420.561846-1-ido...@nvidia.com/
[2] https://github.com/idosch/linux/commits/submit/mdb_v1
Ido Schimmel (8):
bridge: mcast: Centralize netlink attribute parsing
bridge: mcast: Remove redundant checks
bridge: mcast: Use MDB configuration structure where possible
bridge: mcast: Propagate
frame+0x46/0xb0
Fixes: 279737939a81 ("net: bridge: Fix VLANs memory leak")
Reported-by: Vlad Buslov
Tested-by: Vlad Buslov
Signed-off-by: Ido Schimmel
---
net/bridge/br_vlan.c | 17 ++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/net/bridge/br_vla
No changes in generated code.
Reported-by: Petr Machata
Reviewed-by: Petr Machata
Signed-off-by: Ido Schimmel
---
net/bridge/br_input.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index d04d2205ad4e..3027e8f6be15 100644
On Tue, Nov 08, 2022 at 04:59:29PM +0200, Vladimir Oltean wrote:
> Can't really figure out from the patch, sorry. Port security works with
> LAG offload?
Yes. It's just that port security needs to be enabled on each of the
member ports. FDB entries that point to a LAG are programmed with a
+ Vladimir
You weren't copied on the patches by mistake. They are available here:
https://lore.kernel.org/netdev/cover.1667902754.git.pe...@nvidia.com/
On Tue, Nov 08, 2022 at 11:47:06AM +0100, Petr Machata wrote:
> Ido Schimmel writes:
>
> This patchset adds 802.1X [1] and MAB [2
On Sun, Nov 06, 2022 at 01:04:36PM +0100, net...@kapio-technology.com wrote:
> On 2022-10-25 12:00, Ido Schimmel wrote:
> > Merge plan
> > ==
> >
> > We need to agree on a merge plan that allows us to start submitting
> > patches for inclusion and
On Thu, Nov 03, 2022 at 10:31:52PM +, Vladimir Oltean wrote:
> Hi Ido,
>
> On Mon, Oct 31, 2022 at 10:32:10AM +0200, Vladimir Oltean wrote:
> > On Sun, Oct 30, 2022 at 10:23:07AM +0200, Ido Schimmel wrote:
> > > Right. I'm quite reluctant to add the MAB flag to
> &
On Wed, Oct 19, 2022 at 04:28:23PM +0300, Nikolay Aleksandrov wrote:
> On 18/10/2022 15:04, Ido Schimmel wrote:
> > +static int br_mdb_config_src_list_init(struct nlattr *src_list,
> > + struct br_mdb_config *cfg,
> > +
flushed from a port when MAB is
disabled.
Signed-off-by: Hans J. Schultz
Signed-off-by: Ido Schimmel
---
Notes:
v1:
* Adjust commit message.
* Add FDB flushing test case.
Changes made by me:
* Reword commit message.
* Remove blackhole tests as they are not rele
re pure 802.1X
deployments that are not interested in notifications about locked FDB
entries.
Signed-off-by: Hans J. Schultz
Signed-off-by: Ido Schimmel
---
Notes:
v1:
* Extend commit message.
* Adjust extack message.
* Flush locked FDB entries when MAB is disabled.
* Refresh locked FDB ent
Patch #1 adds MAB support in the bridge driver. See the commit message
for motivation, design choices and implementation details.
Patch #2 adds corresponding test cases.
Follow-up patchsets will add offload support in mlxsw and mv88e6xxx.
Hans J. Schultz (2):
bridge: Add MAC Authentication
:00:00:00:01 self permanent
01:00:5e:00:00:01 self permanent
Fixes: 1f78ee14eeac ("net: bridge: fdb: add support for fine-grained flushing")
Signed-off-by: Ido Schimmel
---
net/bridge/br_netlink.c | 2 +-
net/bridge/br_sysfs_br.c | 2 +-
2 files changed, 2 insertions(+), 2 deletion
On Sun, Oct 30, 2022 at 11:09:31PM +0100, net...@kapio-technology.com wrote:
> On 2022-10-25 12:00, Ido Schimmel wrote:
> > @@ -943,6 +946,14 @@ static int br_setport(struct net_bridge_port *p,
> > struct nlattr *tb[],
> > br_set_port_flag(p, tb, IFLA_
On Thu, Oct 27, 2022 at 11:27:48PM +, Vladimir Oltean wrote:
> On Tue, Oct 25, 2022 at 01:00:12PM +0300, Ido Schimmel wrote:
> > From: "Hans J. Schultz"
> >
> > When the bridge is offloaded to hardware, FDB entries are learned and
> > aged-out by the hard
On Fri, Oct 28, 2022 at 09:45:52AM +0200, net...@kapio-technology.com wrote:
> On 2022-10-28 00:58, Vladimir Oltean wrote:
>
> > I was going to ask if we should bother to add code to prohibit packets
> > from being forwarded to an FDB entry that was learned as LOCKED, since
> > that FDB entry is
On Thu, Oct 27, 2022 at 10:58:32PM +, Vladimir Oltean wrote:
> Hi Ido,
>
> Thanks for the commit message. It is very good.
>
> On Tue, Oct 25, 2022 at 01:00:09PM +0300, Ido Schimmel wrote:
> > From: "Hans J. Schultz"
> >
> > Hosts that support 802
On Thu, Oct 27, 2022 at 11:10:41PM +, Vladimir Oltean wrote:
> On Tue, Oct 25, 2022 at 01:00:11PM +0300, Ido Schimmel wrote:
> > Currently, FDB entries that are notified to the bridge via
> > 'SWITCHDEV_FDB_ADD_TO_BRIDGE' are always marked as offloaded. With
On Thu, Oct 27, 2022 at 11:39:40PM +, Vladimir Oltean wrote:
> On Tue, Oct 25, 2022 at 01:00:18PM +0300, Ido Schimmel wrote:
> > In Spectrum, learning happens in parallel to the security checks.
> > Therefore, regardless of the result of the security checks, a learning
&
On Tue, Oct 25, 2022 at 04:09:07PM +0200, net...@kapio-technology.com wrote:
> On 2022-10-25 12:00, Ido Schimmel wrote:
> >
> > Future work
> > ===
> >
> > The hostapd fork by Westermo is using dynamic FDB entries to authorize
> > hosts [3]. Cha
On Tue, Oct 18, 2022 at 12:21:12PM -0700, Jakub Kicinski wrote:
> On Tue, 18 Oct 2022 15:04:01 +0300 Ido Schimmel wrote:
> > [ MDBE_ATTR_SRC_LIST ] // new
> > [ MDBE_SRC_LIST_ENTRY ]
> > [ MDBE_SRCATTR_ADDRESS ]
> >
Test that locked bridge port configurations that are not supported by
mlxsw are rejected.
Signed-off-by: Ido Schimmel
---
.../selftests/drivers/net/mlxsw/rtnetlink.sh | 31 +++
1 file changed, 31 insertions(+)
diff --git a/tools/testing/selftests/drivers/net/mlxsw/rtnetlink.sh
Test that packets received via a locked bridge port whose {SMAC, VID}
does not appear in the bridge's FDB or appears with a different port,
trigger the "locked_port" packet trap.
Signed-off-by: Ido Schimmel
---
.../net/mlxsw/devlink_trap_l2_drops.sh| 105
Test that packets with a destination MAC of 01:80:C2:00:00:03 trigger
the "eapol" packet trap.
Signed-off-by: Ido Schimmel
---
.../drivers/net/mlxsw/devlink_trap_control.sh | 22 +++
1 file changed, 22 insertions(+)
diff --git a/tools/testing/selftests/drivers
Merely checking whether a trap counter incremented or not without
logging a test result is useful on its own. Split this functionality to
a helper which will be used by subsequent patches.
Signed-off-by: Ido Schimmel
---
.../selftests/net/forwarding/devlink_lib.sh | 19 ---
1
bridge port that has
VLAN uppers.
# bridge link set dev swp1 locked on
# ip link add link swp1 name swp1.10 type vlan id 10
Error: mlxsw_spectrum: VLAN uppers are not supported on a locked port.
Signed-off-by: Ido Schimmel
---
.../net/ethernet/mellanox/mlxsw/spectrum.c| 4
.
Signed-off-by: Ido Schimmel
---
.../net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
index
is enabled. User
space can then decide to authorize the host by clearing the "locked"
flag, which will cause the entry to be programmed to the device.
Signed-off-by: Ido Schimmel
---
.../net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 12
1 file changed, 12 insertion
Subsequent patches will need to report locked FDB entries to the bridge
driver. Prepare for that by adding a 'locked' argument to
mlxsw_sp_fdb_call_notifiers() according to which the 'locked' bit is set
in the FDB notification info. For now, always pass 'false'.
Signed-off-by: Ido Schimmel
Add an API to enable or disable security checks on a local port. It will
be used by subsequent patches when the 'BR_PORT_LOCKED' flag is toggled.
Signed-off-by: Ido Schimmel
---
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 18 ++
drivers/net/ethernet/mellanox/mlxsw
Add the Switch Port FDB Security Register (SPFSR) that allows enabling
and disabling security checks on a given local port. In Linux terms, it
allows locking / unlocking a port.
Signed-off-by: Ido Schimmel
---
drivers/net/ethernet/mellanox/mlxsw/reg.h | 34 +++
1 file
ck failure.
Signed-off-by: Ido Schimmel
---
drivers/net/ethernet/mellanox/mlxsw/reg.h | 1 +
.../ethernet/mellanox/mlxsw/spectrum_trap.c | 25 +++
drivers/net/ethernet/mellanox/mlxsw/trap.h| 2 ++
3 files changed, 28 insertions(+)
diff --git a/drivers/net/ethernet/mell
e
locked bridge port check.
Signed-off-by: Ido Schimmel
---
Documentation/networking/devlink/devlink-trap.rst | 13 +
include/net/devlink.h | 9 +
net/core/devlink.c| 3 +++
3 files changed, 25 insertions(+)
diff -
tics are implemented in the software
data path.
Signed-off-by: Hans J. Schultz
Signed-off-by: Ido Schimmel
---
Notes:
Changes made by me:
* Reword commit message.
* Forbid locked entries when MAB is not enabled.
* Forbid roaming of locked entries.
* Avoid setting 'locked
authorization, but it does not mean that
these entries are necessarily programmed in the underlying hardware.
Solve this by determining the offload indication based of the
'offloaded' bit in the FDB notification.
Signed-off-by: Ido Schimmel
---
Notes:
Needs auditing to see which device drivers
eby
authenticating the host and allowing it to communicate via the bridge.
* Test that an entry cannot roam to a locked port, but that it can roam
to an unlocked port.
* Test that MAB can only be enabled on a port that is both locked and
has learning enabled.
Signed-off-by: Hans J. Schultz
h locked and has learning
enabled. A new option is added because there are pure 802.1X deployments
that are not interested in notifications about "locked" FDB entries.
Signed-off-by: Hans J. Schultz
Signed-off-by: Ido Schimmel
---
Notes:
Changes made by me:
* Rewo
selftests: forwarding: Add MAC Authentication Bypass (MAB) test cases
bridge: switchdev: Allow device drivers to install locked FDB entries
Ido Schimmel (13):
bridge: switchdev: Let device drivers determine FDB offload indication
devlink: Add packet traps for 802.1X operation
mlxsw
On Sat, Oct 22, 2022 at 05:49:51PM +0300, Vladimir Oltean wrote:
> On Sat, Oct 22, 2022 at 04:49:50PM +0300, Ido Schimmel wrote:
> > In the above scenario, learning does not need to be on for the bridge to
> > populate its FDB, but rather for the bridge to refresh the dynamic
On Fri, Oct 21, 2022 at 09:14:11PM +0300, Vladimir Oltean wrote:
> On Fri, Oct 21, 2022 at 07:39:34PM +0200, net...@kapio-technology.com wrote:
> > Well, with this change, to have MAB working, the bridge would need learning
> > on
> > of course, but how things work with the bridge according to
On Thu, Oct 20, 2022 at 05:11:04PM +0300, Vladimir Oltean wrote:
> On Thu, Oct 20, 2022 at 04:57:35PM +0300, Ido Schimmel wrote:
> > > Right now this packet isn't generated, right?
> >
> > Right. We don't support BR_PORT_LOCKED so these checks are not currently
On Thu, Oct 20, 2022 at 05:04:00PM +0300, Vladimir Oltean wrote:
> On Thu, Oct 20, 2022 at 04:57:35PM +0300, Ido Schimmel wrote:
> > On Thu, Oct 20, 2022 at 04:35:06PM +0300, Vladimir Oltean wrote:
> > > On Thu, Oct 20, 2022 at 04:24:16PM +0300, Ido Schimmel wrote:
> >
On Thu, Oct 20, 2022 at 04:35:06PM +0300, Vladimir Oltean wrote:
> On Thu, Oct 20, 2022 at 04:24:16PM +0300, Ido Schimmel wrote:
> > On Thu, Oct 20, 2022 at 04:02:24PM +0300, Vladimir Oltean wrote:
> > > On Tue, Oct 18, 2022 at 06:56:12PM +0200, Hans J. Schultz wrote:
> >
On Thu, Oct 20, 2022 at 04:02:24PM +0300, Vladimir Oltean wrote:
> On Tue, Oct 18, 2022 at 06:56:12PM +0200, Hans J. Schultz wrote:
> > @@ -3315,6 +3316,7 @@ static int dsa_slave_fdb_event(struct net_device *dev,
> > struct dsa_port *dp = dsa_slave_to_port(dev);
> > bool host_addr =
;
> Thus the command will be alike to:
> bridge fdb add MAC dev br0 local blackhole
>
> Signed-off-by: Hans J. Schultz
Looks OK to me. See one comment below.
Reviewed-by: Ido Schimmel
[...]
> @@ -1140,7 +1148,7 @@ static int __br_fdb_add(struct ndmsg *ndm, struct
&
lag and remove it by replacing or deleting the FDB entry.
>
> Locked entries will age out with the set bridge ageing time.
>
> Signed-off-by: Hans J. Schultz
Overall looks OK to me. See one comment below.
Reviewed-by: Ido Schimmel
[...]
> @@ -1178,6 +1192,14 @@ int br
cannot roam from an unlocked port to a locked port.
>
> Add test of blackhole fdb entries, verifying that there is no forwarding
> to a blackhole entry from any port, and that the blackhole entry can be
> replaced.
>
> Signed-off-by: Hans J. Schultz
Reviewed-by: Ido Schimmel
Tested-by: Ido Schimmel
On Wed, Oct 19, 2022 at 11:58:09AM -0700, Jakub Kicinski wrote:
> FWIW half of this posting got stuck on the "email pipes" for a day..
> somehow. Let's give Ido and others a chance to have a look but you'll
> need to repost even if it's flawless because the build bots can't deal
> with a delay
grp 239.1.1.1 temp filter_mode include source_list
192.0.2.4/259.44,192.0.2.3/259.44 proto bgp 0.00
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 103 ++--
net/bridge/br_private.h | 1 +
2 files changed, 99 insertions(+), 5 deletions
grp 239.1.1.1 src 192.0.2.1 permanent filter_mode include
proto zebra
dev br0 port dummy10 grp 239.1.1.1 permanent filter_mode exclude proto static
Signed-off-by: Ido Schimmel
---
include/uapi/linux/if_bridge.h | 1 +
net/bridge/br_mdb.c| 10 --
net/bridge/br_private.h
Signed-off-by: Ido Schimmel
---
include/uapi/linux/if_bridge.h | 20 +
net/bridge/br_mdb.c| 132 +
2 files changed, 152 insertions(+)
diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
index a86a7e7b811f..0d9fe73fc48c 100644
a limit on entries
created by user space. For example, by adding a new argument to
br_multicast_new_group_src().
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 130 +++-
net/bridge/br_private.h | 7 +++
2 files changed, 134 insertions(+), 3
) corresponds to a source or not.
The field will be set in a subsequent patch where br_mdb_add_group_sg()
is called in order to create a (S, G) entry for each user provided
source.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 2 +-
net/bridge/br_private.h | 1 +
2 files changed, 2
entries are
created in response to user requests.
Signed-off-by: Ido Schimmel
---
net/bridge/br_multicast.c | 3 ++-
net/bridge/br_private.h | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 14f72d11f4a2..5d2dd114c54c
code (i.e., br_mdb.c) that handles
RTM_NEWMDB messages.
Signed-off-by: Ido Schimmel
---
net/bridge/br_multicast.c | 2 +-
net/bridge/br_private.h | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 09140bc8c15e
where the
memory will be freed.
Note that br_mdb_del() already has one error path and therefore does not
require any changes.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge
functions.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index a48eef866974..26740df62fd6 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -663,6 +663,12
between both entry types,
handle the addition of each entry type in a different function, thereby
avoiding the creation of one complex function.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 145 +---
1 file changed, 96 insertions(+), 49 deletions
filter mode.
Subsequent patches will allow user space to set the filter mode of (*,
G) entries, making the current assumption incorrect.
As a preparation, remove the current assumption and instead determine
the entry type from its key, which is a more direct way.
Signed-off-by: Ido Schimmel
Drop the first three arguments and instead extract them from the MDB
configuration structure.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index aa5faccf09f8
The parsing of the netlink messages and the validity checks are now
performed in br_mdb_config_init() so we can remove br_mdb_parse().
This finally allows us to stop passing netlink attributes deep in the
MDB control path and only use the MDB configuration structure.
Signed-off-by: Ido Schimmel
-by: Ido Schimmel
---
net/bridge/br_mdb.c | 36 ++--
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 67b6bc7272d3..aa5faccf09f8 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -805,24 +805,6
-by: Ido Schimmel
---
net/bridge/br_mdb.c | 15 +++
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 2f9b192500a3..cb4fd27f118f 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -855,20 +855,19
As an intermediate step towards only using the new MDB configuration
structure, pass it further in the control path instead of passing
individual attributes.
No functional changes intended.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 24 +++-
1 file changed, 11
.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 34 +++---
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 68fd34161a40..cdc71516a51b 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
These checks are now redundant as they are performed by
br_mdb_config_init() while parsing the RTM_{NEW,DEL}MDB messages.
Remove them.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 63 +++--
1 file changed, 9 insertions(+), 54 deletions(-)
diff
, such as
routes and nexthops.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 120
net/bridge/br_private.h | 7 +++
2 files changed, 127 insertions(+)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 321be94c445a..c53050e47a0f 100644
ttps://datatracker.ietf.org/doc/html/rfc9251#section-9.1
[9] https://github.com/idosch/iproute2/commits/submit/mdb_rfc_v1
Ido Schimmel (19):
bridge: mcast: Centralize netlink attribute parsing
bridge: mcast: Remove redundant checks
bridge: mcast: Use MDB configuration structure where pos
Before creating a new MDB entry, br_multicast_new_group() will call
br_mdb_ip_get() to see if one exists and return it if so.
Therefore, simply call br_multicast_new_group() and omit the call to
br_mdb_ip_get().
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 11 +++
1 file
IGMPv3 / MLDv2 Membership Reports are only processed from the data path
with softIRQ disabled, so there is no need to call spin_lock_bh(). Use
spin_lock() instead.
This is consistent with how other IGMP / MLD packets are processed.
Signed-off-by: Ido Schimmel
---
net/bridge/br_multicast.c | 8
cleanup.
Signed-off-by: Ido Schimmel
---
tools/testing/selftests/net/forwarding/bridge_vlan_mcast.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/testing/selftests/net/forwarding/bridge_vlan_mcast.sh
b/tools/testing/selftests/net/forwarding/bridge_vlan_mcast.sh
index 8748d1b1d95b
201 - 300 of 647 matches
Mail list logo