Displaying 3 results from an estimated 3 matches for "bridge_default_fdb_max_learn".
Did you mean:
bridge_default_fdb_max_learned
2023 Jun 19
1
[Bridge] [PATCH net-next v2 3/3] net: bridge: Add a configurable default FDB learning limit
...nged, 15 insertions(+)
diff --git a/net/bridge/Kconfig b/net/bridge/Kconfig
index 3c8ded7d3e84..c0d9c08088c4 100644
--- a/net/bridge/Kconfig
+++ b/net/bridge/Kconfig
@@ -84,3 +84,16 @@ config BRIDGE_CFM
Say N to exclude this support and reduce the binary size.
If unsure, say N.
+
+config BRIDGE_DEFAULT_FDB_MAX_LEARNED
+ int "Default FDB learning limit"
+ default 0
+ depends on BRIDGE
+ help
+ Sets a default limit on the number of learned FDB entries on
+ new bridges. This limit can be overwritten via netlink on a
+ per bridge basis.
+
+ The default of 0 disables the limit.
+
+ If unsure, sa...
2023 Sep 05
1
[Bridge] [PATCH iproute2-next v3] iplink: bridge: Add support for bridge FDB learning limits
Support setting the FDB limit through ip link. The arguments is:
- fdb_max_learned_entries: A 32-bit unsigned integer specifying the
maximum number of learned FDB entries, with 0
disabling the limit.
Also support reading back the current number of learned FDB entries in
the bridge by this count. The returned value's name is:
-
2023 Jun 19
4
[Bridge] [PATCH net-next v2 0/3, iproute2-next 0/1] bridge: Add a limit on learned FDB entries
Introduce a limit on the amount of learned FDB entries on a bridge,
configured by netlink with a build time default on bridge creation in
the kernel config.
For backwards compatibility the kernel config default is disabling the
limit (0).
Without any limit a malicious actor may OOM a kernel by spamming packets
with changing MAC addresses on their bridge port, so allow the bridge
creator to limit