Displaying 4 results from an estimated 4 matches for "fdb_flush".
2023 Jun 19
1
[Bridge] [PATCH iproute2-next 1/1] iplink: bridge: Add support for bridge FDB learning limits
...0) {
+ __u32 fdb_max_learned_entries;
+
+ NEXT_ARG();
+ if (get_u32(&fdb_max_learned_entries, *argv, 0))
+ invarg("invalid fdb_max_learned_entries", *argv);
+
+ addattr32(n, 1024, IFLA_BR_FDB_MAX_LEARNED_ENTRIES, fdb_max_learned_entries);
} else if (matches(*argv, "fdb_flush") == 0) {
addattr(n, 1024, IFLA_BR_FDB_FLUSH);
} else if (matches(*argv, "vlan_default_pvid") == 0) {
@@ -544,6 +553,18 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
if (tb[IFLA_BR_GC_TIMER])
_bridge_print_timer(f, "gc_timer"...
2023 Sep 05
1
[Bridge] [PATCH iproute2-next v3] iplink: bridge: Add support for bridge FDB learning limits
...0) {
+ __u32 fdb_max_learned_entries;
+
+ NEXT_ARG();
+ if (get_u32(&fdb_max_learned_entries, *argv, 0))
+ invarg("invalid fdb_max_learned_entries", *argv);
+
+ addattr32(n, 1024, IFLA_BR_FDB_MAX_LEARNED_ENTRIES, fdb_max_learned_entries);
} else if (matches(*argv, "fdb_flush") == 0) {
addattr(n, 1024, IFLA_BR_FDB_FLUSH);
} else if (matches(*argv, "vlan_default_pvid") == 0) {
@@ -544,6 +553,18 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
if (tb[IFLA_BR_GC_TIMER])
_bridge_print_timer(f, "gc_timer"...
2023 Oct 18
3
[Bridge] [PATCH iproute2-next v5] iplink: bridge: Add support for bridge FDB learning limits
...p(*argv, "fdb_max_learned") == 0) {
+ __u32 fdb_max_learned;
+
+ NEXT_ARG();
+ if (get_u32(&fdb_max_learned, *argv, 0))
+ invarg("invalid fdb_max_learned", *argv);
+
+ addattr32(n, 1024, IFLA_BR_FDB_MAX_LEARNED, fdb_max_learned);
} else if (matches(*argv, "fdb_flush") == 0) {
addattr(n, 1024, IFLA_BR_FDB_FLUSH);
} else if (matches(*argv, "vlan_default_pvid") == 0) {
@@ -544,6 +553,18 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
if (tb[IFLA_BR_GC_TIMER])
_bridge_print_timer(f, "gc_timer"...
2023 Jun 19
4
[Bridge] [PATCH net-next v2 0/3, iproute2-next 0/1] bridge: Add a limit on learned FDB entries
Introduce a limit on the amount of learned FDB entries on a bridge,
configured by netlink with a build time default on bridge creation in
the kernel config.
For backwards compatibility the kernel config default is disabling the
limit (0).
Without any limit a malicious actor may OOM a kernel by spamming packets
with changing MAC addresses on their bridge port, so allow the bridge
creator to limit