search for: br_fdb

...user early in the process. This is in preparation to adding limits in fdb_create that should not apply to user created fdb entries. Signed-off-by: Johannes Nixdorf <jnixdorf-oss at avm.de> --- Changes since v1: - Added this change to ensure user added entries are not limited. net/bridge/br_fdb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index e69a872bfc1d..ac1dc8723b9c 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -1056,7 +1056,7 @@ static int fdb_add_entry(struct net_bridge *br, struct net_bridge_p...

This patch checks kmem_cache_create() error and aborts loading module on failure. Cc: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> --- net/bridge/br.c | 7 ++++++- net/bridge/br_fdb.c | 4 +++- net/bridge/br_private.h | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) Index: 2.6-mm/net/bridge/br.c =================================================================== --- 2.6-mm.orig/net/bridge/br.c +++ 2.6-mm/net/bridge/br.c @@ -37,7 +37,9 @@ static int __init b...

From: Wei Yongjun <yongjun_wei at trendmicro.com.cn> Using for_each_set_bit_from() to simplify the code. Signed-off-by: Wei Yongjun <yongjun_wei at trendmicro.com.cn> --- net/bridge/br_fdb.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index b0812c9..48fe761 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -161,9 +161,7 @@ void br_fdb_change_mac_address(struct net_bridge *br, const u8 *newaddr) if (!pv...

...hey are stored in to 2^31. Each entry is of the type struct net_bridge_fdb_entry, which is currently 128 bytes big. This means the maximum amount of memory allocated for FDB entries is 2^31 * 128B = 256GiB, which is too much for most computers. Mitigate this by adding a bridge netlink setting IFLA_BR_FDB_MAX_ENTRIES, which, if nonzero, limits the amount of entries to a user specified maximum. For backwards compatibility the default setting of 0 disables the limit. All changes to fdb_n_entries are under br->hash_lock, which means we do not need additional locking. The call paths are (? denotes...

...kernel config default is disabling the limit (0). Without any limit a malicious actor may OOM a kernel by spamming packets with changing MAC addresses on their bridge port, so allow the bridge creator to limit the number of entries. Currently the manual entries are identified by the bridge flags BR_FDB_LOCAL or BR_FDB_ADDED_BY_USER, and changes to those flags are protected under a lock. This means the limit also applies to entries created with BR_FDB_ADDED_BY_EXT_LEARN but none of the other two, e.g. ones added by SWITCHDEV_FDB_ADD_TO_BRIDGE. v1: https://lore.kernel.org/netdev/20230515085046.445...

Replace the existing mac hash in the bridge code with the nice inline jenkins hash. This should provide better distribution across hash buckets and compiles to code that is similar in complexity. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> diff -Nru a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c --- a/net/bridge/br_fdb.c 2005-03-10 15:05:11 -08:00 +++ b/net/bridge/br_fdb.c 2005-03-10 15:05:11 -08:00 @@ -19,6 +19,7 @@ #include <linux/times.h> #include <linux/netdevice.h> #include <linux/etherdevice.h> +#include <linux/jhash.h> #include &lt...

.... Each entry is of the type struct > net_bridge_fdb_entry, which is currently 128 bytes big. This means the > maximum amount of memory allocated for FDB entries is 2^31 * 128B = > 256GiB, which is too much for most computers. > > Mitigate this by adding a bridge netlink setting IFLA_BR_FDB_MAX_ENTRIES, > which, if nonzero, limits the amount of entries to a user specified > maximum. > > For backwards compatibility the default setting of 0 disables the limit. > > All changes to fdb_n_entries are under br->hash_lock, which means we do > not need additional lock...

...hey are stored in to 2^31. Each entry is of the type struct net_bridge_fdb_entry, which is currently 128 bytes big. This means the maximum amount of memory allocated for FDB entries is 2^31 * 128B = 256GiB, which is too much for most computers. Mitigate this by adding a bridge netlink setting IFLA_BR_FDB_MAX_LEARNED_ENTRIES, which, if nonzero, limits the amount of learned entries to a user specified maximum. For backwards compatibility the default setting of 0 disables the limit. User-added entries by netlink or from bridge or bridge port addresses are never blocked and do not count towards that...

Just did a quick scan for that error message in the kernel source. Turns out it''s triggered in net/bridge/br_fdb.c:289. if (!is_valid_ether_addr(addr)) return -EADDRNOTAVAIL; Interestingly enough, it''s claiming that the mac addy isn''t any good! 8-( I''ll go add a printk line to that to see if I can determine what kind of data it''s getting to fdb_i...

...hould be able to notice exactly the behavior change I am talking about. In your own commit message, it says: Author: Hans J. Schultz <netdev at kapio-technology.com> net: bridge: ensure FDB offloaded flag is handled as needed Since user added entries in the bridge FDB will get the BR_FDB_OFFLOADED ~~~~~~~~~~~~~~~~~~~~ flag set, we do not want the bridge to age those entries and we want the ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ entries to be deleted in the bridge upon an SWITCHDEV_FDB_DEL_TO_BRIDG...

...__KERNEL__ */ diff -Nru a/net/bridge/br_device.c b/net/bridge/br_device.c --- a/net/bridge/br_device.c 2004-07-28 15:30:04 -07:00 +++ b/net/bridge/br_device.c 2004-07-28 15:30:04 -07:00 @@ -43,10 +43,9 @@ rcu_read_lock(); if (dest[0] & 1) br_flood_deliver(br, skb, 0); - else if ((dst = br_fdb_get(br, dest)) != NULL) { + else if ((dst = __br_fdb_get(br, dest)) != NULL) br_deliver(dst->dst, skb); - br_fdb_put(dst); - } else + else br_flood_deliver(br, skb, 0); rcu_read_unlock(); diff -Nru a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c --- a/net/bridge/br_fdb.c 2004-07-28 15:30:...

On Mon, Mar 27, 2023 at 14:52, Vladimir Oltean <olteanv at gmail.com> wrote: > > By the way, there is a behavior change here. > > Before: > > $ ip link add br0 type bridge && ip link set br0 up > $ ip link set swp0 master br0 && ip link set swp0 up > $ bridge fdb add dev swp0 00:01:02:03:04:05 master dynamic > [ 70.010181] mscc_felix 0000:00:00.5:

...additional information on VEPA here: http://tech.groups.yahoo.com/group/evb/ http://www.ieee802.org/1/files/public/docs2009/new-hudson-vepa_seminar-20090514d.pdf Signed-off-by: Paul Congdon <paul.congdon at hp.com> Signed-off-by: Anna Fischer <anna.fischer at hp.com> --- net/bridge/br_fdb.c | 22 ++++++++++++++ net/bridge/br_forward.c | 24 ++++++++++++++- net/bridge/br_if.c | 3 ++ net/bridge/br_input.c | 9 ++++++ net/bridge/br_private.h | 12 ++++++++ net/bridge/br_sysfs_br.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++ net/bridge/br_sysfs_if...

...additional information on VEPA here: http://tech.groups.yahoo.com/group/evb/ http://www.ieee802.org/1/files/public/docs2009/new-hudson-vepa_seminar-20090514d.pdf Signed-off-by: Paul Congdon <paul.congdon at hp.com> Signed-off-by: Anna Fischer <anna.fischer at hp.com> --- net/bridge/br_fdb.c | 22 ++++++++++++++ net/bridge/br_forward.c | 24 ++++++++++++++- net/bridge/br_if.c | 3 ++ net/bridge/br_input.c | 9 ++++++ net/bridge/br_private.h | 12 ++++++++ net/bridge/br_sysfs_br.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++ net/bridge/br_sysfs_if...

...additional information on VEPA here: http://tech.groups.yahoo.com/group/evb/ http://www.ieee802.org/1/files/public/docs2009/new-hudson-vepa_seminar-20090514d.pdf Signed-off-by: Paul Congdon <paul.congdon at hp.com> Signed-off-by: Anna Fischer <anna.fischer at hp.com> --- net/bridge/br_fdb.c | 22 ++++++++++++++ net/bridge/br_forward.c | 24 ++++++++++++++- net/bridge/br_if.c | 3 ++ net/bridge/br_input.c | 9 ++++++ net/bridge/br_private.h | 12 ++++++++ net/bridge/br_sysfs_br.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++ net/bridge/br_sysfs_if...

...it seems to me that since MAC address is used as the key for entries in the FDB, there should not be two entries with the same address. (The address shown is one of the interfaces in the bridge.) When a static entry is added it should overwrite a non-static entry. I am going to try to fix this in br_fdb.c and post a patch (ppc kernel 2.4.21-pre4), but I wanted to see if anyone had any advice that would save me some work or help me do a better job. Thank you. -- Dan Eble <dane@aiinet.com> _____ . | _ |/| Applied Innovation Inc. | |_| | | "All Proto...

Hello, I manage a number of servers all running 2.4 (same problem exists with 2.6). My problem is that since a few bridge versions ago, I've had to modify net/bridge/br_fdb.c in the br_fdb_insert() function -- to get rid of the checks that produce this error: Jan 16 10:35:31 host15 kernel: tap_0: received packet with own address as source address Jan 16 10:35:33 host15 kernel: tap_0: received packet with own address as source address My specific setup is: br0 assi...

...Unified vlans_to_* calls into a single interface * Fixed the rest of the issues report by Michal Miroslaw * Fixed a bug where fdb entries were not created for all added vlans. Changes since v7: * Rebases on the latest net-next and removed the vlan wrapper patch from the series. * Fixed a crash in br_fdb_add/br_fdb_delete. Changes since v6: * VLANs are now stored in a VLAN bitmap per port. This allows for O(1) lookup at ingress and egress. We simply check to see if the bit associated with the vlan id is set in the map. The drawback to this approach is that it wastes some space when there is onl...

...+- include/uapi/linux/neighbour.h | 1 + include/uapi/linux/rtnetlink.h | 1 + net/8021q/vlan.c | 4 +- net/8021q/vlan_core.c | 24 +-- net/bridge/br_device.c | 13 +- net/bridge/br_fdb.c | 254 +++++++++++++++---- net/bridge/br_forward.c | 131 ++++++++++ net/bridge/br_if.c | 347 ++++++++++++++++++++++++- net/bridge/br_input.c | 69 +++++- net/bridge/br_multicast.c...

...m MST to not impact RTM_NEWNEIGH and to skip lookups when learning is disabled. Vlad Yasevich (2): bridge: Add flag to control mac learning. bridge: Add a flag to control unicast packet flood. include/uapi/linux/if_link.h | 2 ++ net/bridge/br_device.c | 8 ++++---- net/bridge/br_fdb.c | 17 ++++++++++++++--- net/bridge/br_forward.c | 14 +++++++++----- net/bridge/br_if.c | 2 +- net/bridge/br_input.c | 9 ++++++--- net/bridge/br_netlink.c | 10 +++++++++- net/bridge/br_private.h | 7 +++++-- net/bridge/br_sysfs_if.c |...