search for: br_fdb_not_learned_mask

...learned, and account > > + * for changes in the learned status. > > + */ > > +static void __fdb_set_flag_not_learned(struct net_bridge *br, > > + struct net_bridge_fdb_entry *fdb, > > + long nr) > > +{ > > + WARN_ON_ONCE(!(BIT(nr) & BR_FDB_NOT_LEARNED_MASK)); > > Please use *_bit Can you tell me which *_bit helper you had in mind? The shortest option I could come up with the ones I found seemed needlessly verbose and wasteful: static const unsigned long br_fdb_not_learned_mask = BR_FDB_NOT_LEARNED_MASK; ... WARN_ON_ONCE(test_bit(nr, &a...

...>>> + * for changes in the learned status. >>> + */ >>> +static void __fdb_set_flag_not_learned(struct net_bridge *br, >>> + struct net_bridge_fdb_entry *fdb, >>> + long nr) >>> +{ >>> + WARN_ON_ONCE(!(BIT(nr) & BR_FDB_NOT_LEARNED_MASK)); >> >> Please use *_bit > > Can you tell me which *_bit helper you had in mind? The shortest option I could > come up with the ones I found seemed needlessly verbose and wasteful: > > static const unsigned long br_fdb_not_learned_mask = BR_FDB_NOT_LEARNED_MASK; >...

...+- br_fdb_change_mac_address ? | +- br_fdb_add_local ? +- br_fdb_update ? +- fdb_add_entry <--- __br_fdb_add ? +- br_fdb_external_learn_add ? The flags that imply an entry does not come from learning (BR_FDB_NOT_LEARNED_MASK) are now only set or cleared under br->hash_lock as well, and when the boolean value of (fdb->flags & BR_FDB_NOT_LEARNED_MASK) changes the accounting is updated. This introduces one additional locked update in br_fdb_update if BR_FDB_ADDED_BY_USER was set. This is only the case when crea...

Introduce a limit on the amount of learned FDB entries on a bridge, configured by netlink with a build time default on bridge creation in the kernel config. For backwards compatibility the kernel config default is disabling the limit (0). Without any limit a malicious actor may OOM a kernel by spamming packets with changing MAC addresses on their bridge port, so allow the bridge creator to limit