Linux Ethernet Bridging - May 2009 - [Bridge] [PATCH 2/2] bridge: fix initial packet flood if !STP

Currently the bridge catches all STP packets; even if STP is turned
off.  This prevents other systems (which do have STP turned on)
from being able to detect loops in the network.

With this patch, if STP is off, then any packet sent to the STP
multicast group address is forwarded to all ports.

Based on earlier patch by Joakim Tjernlund with changes
to go through forwarding (not local chain), and optimization
that only last octet needs to be checked.

Signed-off-by: Stephen Hemminger <shemminger at vyatta.com>

---
Please put in for 2.6.30 because it is a bug fix.

--- a/net/bridge/br_input.c	2009-05-14 14:50:29.288882708 -0700
+++ b/net/bridge/br_input.c	2009-05-15 09:01:31.799417662 -0700
@@ -134,6 +134,10 @@ struct sk_buff *br_handle_frame(struct n
 		if (skb->protocol == htons(ETH_P_PAUSE))
 			goto drop;
 
+		/* If STP is turned off, then forward */
+		if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0)
+			goto forward;
+
 		if (NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
 			    NULL, br_handle_local_finish))
 			return NULL;	/* frame consumed by filter */
@@ -141,6 +145,7 @@ struct sk_buff *br_handle_frame(struct n
 			return skb;	/* continue processing */
 	}
 
+forward:
 	switch (p->state) {
 	case BR_STATE_FORWARDING:
 		rhook = rcu_dereference(br_should_route_hook);

If bridge is configured with no STP and forwarding delay of 0 (which
is typical for virtualization) then when link starts it will flood all
packets for the first 20 seconds. 

This bug was introduced by a combination of earlier changes:
  * forwarding database uses hold time of zero to indicate 
    user wants to always flood packets
  * optimzation of the case of forwarding delay of 0 avoids the initial
    timer tick

The fix is to just skip all the topology change detection code if
kernel STP is not being used.

Signed-off-by: Stephen Hemminger <shemminger at vyatta.com>

--- a/net/bridge/br_stp.c	2009-05-14 13:34:49.965908836 -0700
+++ b/net/bridge/br_stp.c	2009-05-14 14:15:11.370903917 -0700
@@ -297,6 +297,9 @@ void br_topology_change_detection(struct
 {
 	int isroot = br_is_root_bridge(br);
 
+	if (br->stp_enabled != BR_KERNEL_STP)
+		return;
+
 	pr_info("%s: topology change detected, %s\n", br->dev->name,
 		isroot ? "propagating" : "sending tcn bpdu");

From: Stephen Hemminger <shemminger at vyatta.com>
Date: Fri, 15 May 2009 09:10:13 -0700
> Currently the bridge catches all STP packets; even if STP is turned
> off.  This prevents other systems (which do have STP turned on)
> from being able to detect loops in the network.
> 
> With this patch, if STP is off, then any packet sent to the STP
> multicast group address is forwarded to all ports.
> 
> Based on earlier patch by Joakim Tjernlund with changes
> to go through forwarding (not local chain), and optimization
> that only last octet needs to be checked.
> 
> Signed-off-by: Stephen Hemminger <shemminger at vyatta.com>
Applied.

From: Stephen Hemminger <shemminger at vyatta.com>
Date: Fri, 15 May 2009 09:11:58 -0700
> If bridge is configured with no STP and forwarding delay of 0 (which
> is typical for virtualization) then when link starts it will flood all
> packets for the first 20 seconds. 
> 
> This bug was introduced by a combination of earlier changes:
>   * forwarding database uses hold time of zero to indicate 
>     user wants to always flood packets
>   * optimzation of the case of forwarding delay of 0 avoids the initial
>     timer tick
> 
> The fix is to just skip all the topology change detection code if
> kernel STP is not being used.
> 
> Signed-off-by: Stephen Hemminger <shemminger at vyatta.com>
Also applied, thanks Stephen.

To avoid confusion, I did apply these to net-2.6 since they
are fixes.

Thanks!