On Thu, Aug 10, 2023 at 12:56:50AM +0200, Linus Lüssing wrote:
> [...]
> When setting a bridge's "multicast_mld_version" to 2 it looks to me like
> there is quite a bit of redundancy in both "bridge mdb show"
> and "bridge monitor mdb" output. And additi
On Mon, Aug 07, 2023 at 06:20:51PM -0700, Stephen Hemminger wrote:
> Same issue as dumping routing table which routing daemons deal with.
> Most applications end up with two netlink sockets, one for monitor
> and one for dumping.
>
> You really can't do it from the bridge utility, need to build
Hi,
Is there a recommended way to get and monitor the MDB state from
userspace, without potential synchronization races?
I can use "bridge monitor mdb" to get changes or "bridge mdb show"
to get the current state (as well as use the underlying netlink
calls from my own application without the
Hi,
I know that there are implementations for IGMP/MLD proxies between
two interfaces to "pseudo bridge" IGMP/MLD and multicast data
(both itnerfaces have distinct broadcast domains and are routing
unicast packets on layer 3, the IGMP/MLD proxy carries IGMP/MLD
and multicast data over). Like the
On Tue, Apr 05, 2022 at 04:51:15PM -0700, Kevin Mitchell via Bridge wrote:
> This is v2 of https://lkml.org/lkml/2022/1/14/1060
>
> That patch was discovered to cause problems with UDP tunnels as
> described here:
>
>
idge *br)
> +static inline bool br_multicast_is_router(struct net_bridge *br,
> + struct sk_buff *skb)
> {
> return false;
> }
> --
> 2.30.2
>
Acked-by: Linus Lüssing
-#if IS_ENABLED(CONFIG_IPV6)
> static void br_ip6_multicast_add_router(struct net_bridge *br,
> struct net_bridge_port *port);
> +#if IS_ENABLED(CONFIG_IPV6)
> static void br_ip6_multicast_leave_group(struct net_bridge *br,
> struct net_bridge_port *port,
>const struct in6_addr *group,
> --
> 2.31.1
>
Acked-by: Linus Lüssing
On Thu, May 13, 2021 at 03:02:13PM +0300, Nikolay Aleksandrov wrote:
> Nice work overall, thank you. I hope it was tested well. :)
> It'd be great if later you could add some selftests.
>
> Cheers,
> Nik
Hi Nikolay,
I think I found a way now to better deal with the protocol
specific
include a multicast router timeout for both IPv4 and IPv6.
Signed-off-by: Linus Lüssing
---
net/bridge/br_mdb.c | 10 +++
net/bridge/br_multicast.c | 134 --
net/bridge/br_private.h | 14 +++-
3 files changed, 151 insertions(+), 7 deletions(-)
diff --git
of
the bridge.
Signed-off-by: Linus Lüssing
---
include/linux/if_bridge.h | 8 ++
net/bridge/br_multicast.c | 55 +++
2 files changed, 63 insertions(+)
diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h
index 2cc3503..12e9a32 100644
--- a/include
Now that we have split the multicast router state into two, one for IPv4
and one for IPv6, also add individual timers to the mdb netlink router
port dump. Leaving the old timer attribute for backwards compatibility.
Signed-off-by: Linus Lüssing
---
include/uapi/linux/if_bridge.h | 2 ++
net
to be able put one router port entry with both the IPv4 and IPv6
multicast router info later.
Signed-off-by: Linus Lüssing
---
net/bridge/br_mdb.c | 39 ++-
1 file changed, 34 insertions(+), 5 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index
to
ip6_mc_router_timer later when the split is performed.
While at it also renames the "1" and "2" constants in
br_multicast_is_router() to the MDB_RTR_TYPE_TEMP_QUERY and
MDB_RTR_TYPE_PERM enums.
Signed-off-by: Linus Lüssing
---
net/bridge/br_input.c | 2 +-
net/bridge/br_multicast.c |
Hi,
The following patches are splitting the so far combined multicast router
state in the Linux bridge into two ones, one for IPv4 and one for IPv6,
for a more fine-grained detection of multicast routers. This avoids
sending IPv4 multicast packets to an IPv6-only multicast router and
avoids
to avoid sending one for IPv4 and one for IPv6. For that the
split is needed.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 40 ++-
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants move the protocol specific router list
and timer access to ip4 wrapper functions.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 121 +++---
1 file
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants move the protocol specific timer access to
an ip4 wrapper function.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 31 ++-
1 file changed, 22 insertions
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants and as the br_multicast_mark_router() will
be split for that remove the select querier wrapper and instead add
ip4 and ip6 variants for br_multicast_query_received().
Signed-off-by: Linus Lüssing
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants, rename the affected variable to the IPv4
version first to avoid some renames in later commits.
Signed-off-by: Linus Lüssing
---
net/bridge/br_forward.c | 4 ++--
net/bridge/br_mdb.c | 6
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants and to avoid IPv6 #ifdef clutter later add
two wrapper functions for router node retrieval in the payload
forwarding code.
Signed-off-by: Linus Lüssing
---
net/bridge/br_forward.c | 5 +++--
net
Now that we have split the multicast router state into two, one for IPv4
and one for IPv6, also add individual timers to the mdb netlink router
port dump. Leaving the old timer attribute for backwards compatibility.
Signed-off-by: Linus Lüssing
---
include/uapi/linux/if_bridge.h | 2 ++
net
include a multicast router timeout for both IPv4 and IPv6.
Signed-off-by: Linus Lüssing
---
net/bridge/br_mdb.c | 10 ++
net/bridge/br_multicast.c | 197 ++
net/bridge/br_private.h | 14 ++-
3 files changed, 201 insertions(+), 20 deletions(-)
diff --git
of
the bridge.
Signed-off-by: Linus Lüssing
---
include/linux/if_bridge.h | 8 ++
net/bridge/br_multicast.c | 55 +++
2 files changed, 63 insertions(+)
diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h
index 2cc3503..12e9a32 100644
--- a/include
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants move the protocol specific router list
access to an ip4 wrapper function.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 59 +++
1 file changed, 41
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants move the protocol specific timer access to
an ip4 wrapper function.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 31 ++-
1 file changed, 22 insertions
to
ip6_mc_router_timer later when the split is performed.
While at it also renames the "1" and "2" constants in
br_multicast_is_router() to the MDB_RTR_TYPE_TEMP_QUERY and
MDB_RTR_TYPE_PERM enums.
Signed-off-by: Linus Lüssing
---
net/bridge/br_input.c | 2 +-
net/bridge/br_multicast.c |
to avoid sending one for IPv4 and one for IPv6. For that the
split is needed.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 40 ++-
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants and as the br_multicast_mark_router() will
be split for that remove the select querier wrapper and instead add
ip4 and ip6 variants for br_multicast_query_received().
Signed-off-by: Linus Lüssing
to be able put one router port entry with both the IPv4 and IPv6
multicast router info later.
Signed-off-by: Linus Lüssing
---
net/bridge/br_mdb.c | 39 ++-
1 file changed, 34 insertions(+), 5 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants and to avoid IPv6 #ifdef clutter later add
two wrapper functions for router node retrieval in the payload
forwarding code.
Signed-off-by: Linus Lüssing
---
net/bridge/br_forward.c | 5 +++--
net
Hi,
The following patches are splitting the so far combined multicast router
state in the Linux bridge into two ones, one for IPv4 and one for IPv6,
for a more fine-grained detection of multicast routers. This avoids
sending IPv4 multicast packets to an IPv6-only multicast router and
avoids
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants, rename the affected variable to the IPv4
version first to avoid some renames in later commits.
Signed-off-by: Linus Lüssing
---
net/bridge/br_forward.c | 4 ++--
net/bridge/br_mdb.c | 6
On Tue, May 11, 2021 at 12:29:41PM +0300, Nikolay Aleksandrov wrote:
> [...]
> > -static void br_multicast_mark_router(struct net_bridge *br,
> > -struct net_bridge_port *port)
> > +#if IS_ENABLED(CONFIG_IPV6)
> > +struct hlist_node *
> >
include a multicast router timeout for both IPv4 and IPv6.
Signed-off-by: Linus Lüssing
---
net/bridge/br_forward.c | 8 ++
net/bridge/br_mdb.c | 10 ++
net/bridge/br_multicast.c | 197 ++
net/bridge/br_private.h | 6 +-
4 files changed, 201
of
the bridge.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 58 +++
1 file changed, 58 insertions(+)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index b625fd6..e963de5 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge
Now that we have split the multicast router state into two, one for IPv4
and one for IPv6, also add individual timers to the mdb netlink router
port dump. Leaving the old timer attribute for backwards compatibility.
Signed-off-by: Linus Lüssing
---
include/uapi/linux/if_bridge.h | 2 ++
net
to avoid sending one for IPv4 and one for IPv6. For that the
split is needed.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 40 ++-
1 file changed, 31 insertions(+), 9 deletions(-)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants move the protocol specific router list
access to an ip4 wrapper function.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 59 +++
1 file changed, 41
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants, rename the affected variable to the IPv4
version first to avoid some renames in later commits.
Signed-off-by: Linus Lüssing
---
net/bridge/br_forward.c | 2 +-
net/bridge/br_mdb.c | 6
to
ip6_mc_router_timer later when the split is performed.
While at it also renames the "1" and "2" constants in
br_multicast_is_router() to the MDB_RTR_TYPE_TEMP_QUERY and
MDB_RTR_TYPE_PERM enums.
Signed-off-by: Linus Lüssing
---
net/bridge/br_input.c | 2 +-
net/bridge/br_multicast.c |
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants move the protocol specific timer access to
an ip4 wrapper function.
Signed-off-by: Linus Lüssing
---
net/bridge/br_multicast.c | 31 ++-
1 file changed, 22 insertions
Hi,
The following patches are splitting the so far combined multicast router
state in the Linux bridge into two ones, one for IPv4 and one for IPv6,
for a more fine-grained detection of multicast routers. This avoids
sending IPv4 multicast packets to an IPv6-only multicast router and
avoids
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants and as the br_multicast_mark_router() will
be split for that remove the select querier wrapper and instead add
ip4 and ip6 variants for br_multicast_query_received().
Signed-off-by: Linus Lüssing
to be able put one router port entry with both the IPv4 and IPv6
multicast router info later.
Signed-off-by: Linus Lüssing
---
net/bridge/br_mdb.c | 39 ++-
1 file changed, 34 insertions(+), 5 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index
In preparation for the upcoming split of multicast router state into
their IPv4 and IPv6 variants and to avoid IPv6 #ifdef clutter later add
two wrapper functions for router node retrieval in the payload
forwarding code.
Signed-off-by: Linus Lüssing
---
net/bridge/br_forward.c | 15
Hi,
The following are two patches for the Linux bridge regarding multicast
routers. They are rebased on top of the following fix:
"net: bridge: mcast: fix broken length + header check for MRDv6 Adv." [0]
And should be applied afterwards.
The first one splits the so far combined multicast router
of
the bridge.
Signed-off-by: Linus Lüssing
---
include/linux/if_bridge.h | 8 ++
net/bridge/br_multicast.c | 58 +++
2 files changed, 66 insertions(+)
diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h
index 2cc35038a8ca..12e9a32dbca0 100644
include a multicast router timeout for both IPv4 and IPv6.
Signed-off-by: Linus Lüssing
---
include/uapi/linux/if_bridge.h | 2 +
net/bridge/br_forward.c| 22 ++-
net/bridge/br_input.c | 2 +-
net/bridge/br_mdb.c| 38 +++-
net/bridge/br_multicast.c | 341
Hi,
The following are two patches for the Linux bridge regarding multicast
routers. They are rebased on top of the following fix:
"net: bridge: mcast: fix broken length + header check for MRDv6 Adv." [0]
And should be applied afterwards.
The first one splits the so far combined multicast router
elp of the mrdisc tool
(https://github.com/troglobit/mrdisc).
Fixes: 4b3087c7e37f ("bridge: Snoop Multicast Router Advertisements")
Signed-off-by: Linus Lüssing
---
include/net/addrconf.h| 1 -
net/bridge/br_multicast.c | 33 -
net/ipv6/mcast_sn
Hi,
I wanted to add the remaining pieces for batman-adv to support
IPv4 multicast groups in bridged setups, next to the IPv6 support
already in place. For which we'd need MRD support. So once more
I'd tap into the bridge for this information from batman-adv.
Then I realized again that the bridge
On Tue, Sep 22, 2020 at 07:51:19PM +0200, Linus Lüssing wrote:
> I don't see a "src" in br_ip in net-next/master at the moment. Or
> is that supposed to be added with your IGMPv3 implementation in
> the future?
Ah, sorry, found the according patch (*) it in my other inbox.
Neve
On Tue, Sep 22, 2020 at 10:30:17AM +0300, Nikolay Aleksandrov wrote:
> From: Nikolay Aleksandrov
>
> Since now we have src in br_ip, u no longer makes sense so rename
> it to dst. No functional changes.
>
> v2: fix build with CONFIG_BATMAN_ADV_MCAST
Hi Nikolay,
I don't see a "src" in br_ip in
On Sun, Aug 16, 2020 at 03:08:13PM -0700, Stephen Hemminger wrote:
> Rather than adding yet another feature to the bridge, could this hack be done
> by
> having a BPF hook? or netfilter module?
Hi Stephen,
Thanks for the constructive feedback and suggestions!
The netfilter approach sounds
the specific host(s).
Link: https://issuetracker.google.com/issues/149630944
Link: https://github.com/freifunk-gluon/gluon/issues/1832
Signed-off-by: Linus Lüssing
---
A version of this patch rebased to Linux 4.14 is currently applied on a
400 nodes mesh network (Freifunk Vogtland).
I'm aware that
On Sun, Jul 05, 2020 at 11:18:36PM +0300, Nikolay Aleksandrov wrote:
> > > By the way, I can't verify at the moment, but I think we can drop that
> > > whole
> > > hunk altogether since skb_header_pointer() is used and it will simply
> > > return
> > > an error if there isn't enough data for
On Sun, Jul 05, 2020 at 10:11:39PM +0300, Nikolay Aleksandrov wrote:
> On 7/5/20 10:08 PM, Linus Lüssing wrote:
> > On Sun, Jul 05, 2020 at 09:33:13PM +0300, Nikolay Aleksandrov wrote:
> > > On 05/07/2020 21:22, Linus Lüssing wrote:
> > > > Commit e57f61858b7c ("
mber of
Sources" field in the "Multicast Address Record" before reading it.
And not the size of a pointer to this field.
Fixes: e57f61858b7c ("net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2
report handling")
Acked-by: Nikolay Aleksandrov
Signed-off-by: Linus Lüs
On Sun, Jul 05, 2020 at 09:33:13PM +0300, Nikolay Aleksandrov wrote:
> On 05/07/2020 21:22, Linus Lüssing wrote:
> > Commit e57f61858b7c ("net: bridge: mcast: fix stale nsrcs pointer in
> > igmp3/mld2 report handling") introduced a small bug which would potentially
>
he "Number of
Sources" field in the "Multicast Address Record" before reading it.
And not the size of a pointer to this field.
Fixes: e57f61858b7c ("net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2
report handling")
Signed-off-by: Linus Lüssing
---
net/bridge/
Lüssing -
Date: Tue, 24 Mar 2020 21:54:02 +0100
From: Linus Lüssing
To: mcast-w...@ietf.org, p...@ietf.org
Subject: [Mcast-wifi] Issues with MLD and Android powersaving / sleep mode...
Hi,
With Freifunk [0] we lately came across an annoying issue with Android
devices... which I'm not really
Is there anyone on the list who would like to fill out this
questionnaire on behave of the Linux bridge implementation?
Or maybe someone already did?
https://tools.ietf.org/html/draft-eckert-pim-igmp-mld-questionnaire-02
-> "Questionnaire for Vendors or Host Implementors"
I got an email that the
On Wed, Aug 14, 2019 at 05:40:58PM +0100, Patrick Ruddy wrote:
> The group is being joined by MLD at the L3 level but the packets are
> not being passed up to the l3 interface becasue there is a MLD querier
> on the network
>
> snippet from /proc/net/igmp6
> ...
> 40 sw1
On Wed, Aug 14, 2019 at 12:58:58PM -0400, David Miller wrote:
> From: Stefano Brivio
> Date: Tue, 13 Aug 2019 00:46:01 +0200
>
> > Commit ba5ea614622d ("bridge: simplify ip_mc_check_igmp() and
> > ipv6_mc_check_mld() calls") replaces direct calls to pskb_may_pull()
> > in
Hi Ido,
> Do you differentiate between IPv4 and IPv6 in batman-adv?
For most things, yes: The querier state is kept separately for
IPv4 and IPv6. And we do have something like a "router node"
flag to signalize that a node needs all multicast traffic, which
is split into IPv4 and IPv6.
The "MDB"
On Sat, Jun 29, 2019 at 07:29:45PM +0300, Ido Schimmel wrote:
> I would like to avoid having drivers take the querier state into account
> as it will only complicate things further.
I absolutely share your pain. Initially in the early prototypes of
multicast awareness in batman-adv we did not
On Tue, Feb 19, 2019 at 03:31:42PM +0200, Nikolay Aleksandrov wrote:
> On 19/02/2019 11:21, Linus Lüssing wrote:
> > On Tue, Feb 19, 2019 at 09:57:16AM +0100, Linus Lüssing wrote:
> >> On Mon, Feb 18, 2019 at 02:21:07PM +0200, Nikolay Aleksandrov wrote:
> >>> This is
On Mon, Feb 18, 2019 at 02:21:07PM +0200, Nikolay Aleksandrov wrote:
> This is v2 of the RFC patch which aims to forward packets to known
> mdsts' ports only (the no querier case). After v1 I've kept
> the previous behaviour when it comes to unregistered traffic or when
> a querier is present. All
On Sat, Feb 16, 2019 at 09:27:26PM +0200, niko...@cumulusnetworks.com wrote:
> >>The no querier condition is not currently reflected via switchdev, so
> >>the behavior you're proposing in your patch is what actually happens
> >in
> >>the data plane.
> >>
> >>We already hit the problem Linus
Hi Nik, hi Ido,
By the way speaking about the IGMP/MLD querier mechanism. Not sure if
you are subscribed to the p...@ietf.org or mcast-w...@ietf.org mailing lists.
There was a call for volunteers to progress IGMP/MLD to standards
track not that long ago:
"[pim] Volunteers needed for work on
On Fri, Feb 15, 2019 at 03:04:27PM +0200, Nikolay Aleksandrov wrote:
> Every user would expect to have traffic forwarded only to the configured
> mdb destination when snooping is enabled, instead now to get that one
> needs to enable both snooping and querier. Enabling querier on all
> switches
ssing adds such routers to the internal
multicast router list.
Signed-off-by: Linus Lüssing
---
include/linux/in.h | 5 +
include/net/addrconf.h | 15 +
include/uapi/linux/icmpv6.h | 2 ++
include/uapi/linux/igmp.h | 1 +
net/bridge/br_multicas
Otherwise other snooping switches might refrain from forwarding these
advertisements to us.
Signed-off-by: Linus Lüssing
---
include/uapi/linux/in.h | 9 +++---
net/bridge/br_multicast.c | 72 ++-
net/ipv6/mcast.c | 2 ++
3 files c
ify that length
checks are performed properly.
Signed-off-by: Linus Lüssing
---
net/ipv4/igmp.c| 51 ++---
net/ipv6/mcast_snoop.c | 62 --
2 files changed, 52 insertions(+), 61 deletions(-)
diff --git a/net/i
and potentially trimmed skb to
verfiy. However, there is no need to propagate it to the caller.
For the second and third case explicit IP packet length checks were
added.
This hopefully makes ip_mc_check_igmp() and ipv6_mc_check_mld() easier
to read and verfiy, as well as easier to use.
Signed-off-by: Linus
Hi,
This patchset adds initial Multicast Router Discovery support to
the Linux bridge (RFC4286). With MRD it is possible to detect multicast
routers and mark bridge ports and forward multicast packets to such routers
accordingly.
So far, multicast routers are detected via IGMP/MLD queries and
Hi and thanks for your reply!
On Fri, Dec 14, 2018 at 10:32:16AM +0800, Ying Xu wrote:
> I think the scenario mentioned above is abnormal.
Can we agree, that this scenario, if switch A and B were using the
current bridge code, has issues right now which it did
not have before that patch?
I
Even though RFC4541 recommends this, I'm not quite sure whether
this works... even for IGMP.
I think this would lead to multicast packet loss in a scenario
like this:
--
[Switch A] -- [Switch B]
/ /
/ /
e behavior to "xtables-nft-multi ebtables" which uses
nft_limit instead of ebt_limit. In tests nft_limit did not suffer from
this issue and rate limited to 650 just fine.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Linus Lüssing
---
Changelog v2:
- Adjusted commit messa
On Tue, Feb 27, 2018 at 11:08:20AM +0100, Rafał Miłecki wrote:
> I've problem when using OpenWrt/LEDE on a home router with Broadcom's
> FullMAC WiFi chipset.
Hi Rafał,
Thanks for reporting this issue!
> Can you see any solution for this problem? Is that an option to stop
> multicast-to-unicast
On Fri, Dec 08, 2017 at 06:46:06AM +0100, Linus Lüssing wrote:
> Extending the usersize to include info->prev would probably be too
> hackish/ugly, right?
And wouldn't be enough anyway, since
info->{credit,credit_cap,cost} would still be zeroed... Hm.
On Thu, Dec 07, 2017 at 01:26:19AM +0100, Pablo Neira Ayuso wrote:
> > I also had a quick look at a 4.15-rc1 kernel in a VM now. I still
> > end up in ebt_limit_mt_check() with the variables being reset
> > when editing the table somewhere.
>
> My question is if your fix would work with 4.15-rc1.
On Mon, Dec 04, 2017 at 05:53:35AM +0100, Linus Lüssing wrote:
> And so, no I do not have this patch. I looked at it now, but it
> does not seem to have any relation with .matchinfo, does it?
Relation between .usersize and .checkentry I ment, not
.usersize and .matchinfo.
Hi Pablo,
Thanks for your reply!
On Tue, Nov 28, 2017 at 12:30:08AM +0100, Pablo Neira Ayuso wrote:
> [...]
> > diff --git a/net/bridge/netfilter/ebt_limit.c
> > b/net/bridge/netfilter/ebt_limit.c
> > index 61a9f1be1263..f74b48633feb 100644
> > --- a/net/bridge/netfilter/ebt_limit.c
> > +++
sending packets every 250ms for 600s, with a
"--limit 1/sec --limit-burst 50" rule and a command like this
in the background:
$ ebtables -N VOIDCHAIN
$ while true; do ebtables -F VOIDCHAIN; sleep 30; done
The results are:
Before: ~1600 packets
After: 650 packets
Signed-off-by: Lin
of ip_input.c/ip_rcv() as the dnat target left
the skb->pkt_type as PACKET_OTHERHOST.
Fixing this by resetting skb->pkt_type to an appropriate type after
dnat'ing.
Signed-off-by: Linus Lüssing <linus.luess...@c0d3.blue>
---
Changelog v3:
- moved pkt_type fixup into ebtable dnat cod
On Tue, Mar 21, 2017 at 04:32:45PM -0700, Stephen Hemminger wrote:
> On Tue, 21 Mar 2017 23:28:45 +0100
> Linus Lüssing <linus.luess...@c0d3.blue> wrote:
>
> > However, the IP code drops it in the beginning of ip_input.c/ip_rcv()
> > as the dnat target did not update
ERHOST to PACKET_HOST, too.
Signed-off-by: Linus Lüssing <linus.luess...@c0d3.blue>
---
Changelog v2:
* refrain from altering pkt_type for multicast packets
with a unicast destination MAC
---
net/bridge/br_input.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git
On Sun, Mar 19, 2017 at 05:55:06PM +0100, Linus Lüssing wrote:
> On Fri, Mar 17, 2017 at 02:10:44PM +0100, Pablo Neira Ayuso wrote:
> > Wait.
> >
> > May this break local multicast listener that are bound to the bridge
> > interface? Assuming the bridge
On Wed, Mar 15, 2017 at 07:15:39PM +0100, Pablo Neira Ayuso wrote:
> Could you update ebtables dnat to check if the ethernet address
> matches the one of the input bridge interface, so we mangle the
> ->pkt_type accordingly from there, instead of doing this from the
> core?
Actually, that was the
On Wed, Mar 15, 2017 at 11:42:11AM +0100, Pablo Neira Ayuso wrote:
> I'm missing then why redirect is not then just enough for Linus usecase.
For my usecase, the MAC address is configured by the user from a
Web-UI. It may or may not be the one from the bridge device.
Besides, found it counter
ERHOST to PACKET_HOST, too.
Signed-off-by: Linus Lüssing <linus.luess...@c0d3.blue>
---
net/bridge/br_input.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 013f2290b..ec83175 100644
--- a/net/bridge/br_input.c
+++
tch fixes this by always resending MLD reports when an interface
change happens, for instance from NO-CARRIER to CARRIER state.
Signed-off-by: Linus Lüssing <linus.luess...@c0d3.blue>
---
Initial problem report was sent to the bridge mailing list a while ago:
- https://lists.linuxfounda
kau <n...@nbd.name>
[linus.luess...@c0d3.blue: various bug + style fixes, commit message]
Signed-off-by: Linus Lüssing <linus.luess...@c0d3.blue>
---
This feature is used and enabled by default in OpenWRT and LEDE for AP
interfaces for more than a year now to allow both a more robust
kau <n...@nbd.name>
[linus.luess...@c0d3.blue: various bug + style fixes, commit message]
Signed-off-by: Linus Lüssing <linus.luess...@c0d3.blue>
---
This feature is used and enabled by default in OpenWRT and LEDE for AP
interfaces for more than a year now to allow both a more robust
.@c0d3.blue: various bug + style fixes, commit message]
Signed-off-by: Linus Lüssing <linus.luess...@c0d3.blue>
---
This feature is used and enabled by default in OpenWRT and LEDE for AP
interfaces for more than a year now to allow both a more robust multicast
delivery and multicast at highe
kau <n...@nbd.name>
[linus.luess...@c0d3.blue: various bug + style fixes, commit message]
Signed-off-by: Linus Lüssing <linus.luess...@c0d3.blue>
---
This feature is used and enabled by default in OpenWRT and LEDE for AP
interfaces for more than a year now to allow both a more robust
On Mon, Jan 09, 2017 at 01:30:32PM -0800, Stephen Hemminger wrote:
> I wonder if MAC80211 should be doing IGMP snooping and not bridge
> in this environment.
In the long term, yes. For now, not quite sure.
I personally like to go for simple solutions first :).
On Mon, Jan 09, 2017 at 10:42:46PM +0100, Johannes Berg wrote:
> On Mon, 2017-01-09 at 22:33 +0100, Linus Lüssing wrote:
> > On Mon, Jan 09, 2017 at 01:44:03PM +0100, Johannes Berg wrote:
> > >
> > > > > A host SHOULD silently discard a datagr
On Mon, Jan 09, 2017 at 12:44:19PM +0100, M. Braun wrote:
> Am 09.01.2017 um 09:08 schrieb Johannes Berg:
> > Does it make sense to implement the two in separate layers though?
> >
> > Clearly, this part needs to be implemented in the bridge layer due to
> > the snooping knowledge, but the code
1 - 100 of 203 matches
Mail list logo