Displaying 4 results from an estimated 4 matches for "fdb_max_entries".
2023 May 15
5
[Bridge] [PATCH net-next 1/2] bridge: Add a limit on FDB entries
...are stored in to 2^31. Each entry is of the type struct
net_bridge_fdb_entry, which is currently 128 bytes big. This means the
maximum amount of memory allocated for FDB entries is 2^31 * 128B =
256GiB, which is too much for most computers.
Mitigate this by adding a bridge netlink setting IFLA_BR_FDB_MAX_ENTRIES,
which, if nonzero, limits the amount of entries to a user specified
maximum.
For backwards compatibility the default setting of 0 disables the limit.
All changes to fdb_n_entries are under br->hash_lock, which means we do
not need additional locking. The call paths are (? denotes that
br->...
2023 May 15
3
[Bridge] [PATCH net-next 1/2] bridge: Add a limit on FDB entries
...ach entry is of the type struct
> net_bridge_fdb_entry, which is currently 128 bytes big. This means the
> maximum amount of memory allocated for FDB entries is 2^31 * 128B =
> 256GiB, which is too much for most computers.
>
> Mitigate this by adding a bridge netlink setting IFLA_BR_FDB_MAX_ENTRIES,
> which, if nonzero, limits the amount of entries to a user specified
> maximum.
>
> For backwards compatibility the default setting of 0 disables the limit.
>
> All changes to fdb_n_entries are under br->hash_lock, which means we do
> not need additional locking. The cal...
2023 Jun 19
1
[Bridge] [PATCH iproute2-next 1/1] iplink: bridge: Add support for bridge FDB learning limits
...diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index bf3605a9fa2e..a29595858a51 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -1620,6 +1620,8 @@ the following additional arguments are supported:
] [
.BI no_linklocal_learn " NO_LINKLOCAL_LEARN "
] [
+.BI fdb_max_entries " FDB_MAX_ENTRIES "
+] [
.BI vlan_filtering " VLAN_FILTERING "
] [
.BI vlan_protocol " VLAN_PROTOCOL "
@@ -1731,6 +1733,13 @@ or off
When disabled, the bridge will not learn from link-local frames (default:
enabled).
+.BI fdb_max_learned_entries " FDB_MAX_L...
2023 Jun 19
4
[Bridge] [PATCH net-next v2 0/3, iproute2-next 0/1] bridge: Add a limit on learned FDB entries
Introduce a limit on the amount of learned FDB entries on a bridge,
configured by netlink with a build time default on bridge creation in
the kernel config.
For backwards compatibility the kernel config default is disabling the
limit (0).
Without any limit a malicious actor may OOM a kernel by spamming packets
with changing MAC addresses on their bridge port, so allow the bridge
creator to limit