Displaying 4 results from an estimated 4 matches for "fdb_node".
Did you mean:
ddb_node
2023 May 15
5
[Bridge] [PATCH net-next 1/2] bridge: Add a limit on FDB entries
...ilter_rtable_init(br);
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index e69a872bfc1d..8a833e6dee92 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -329,6 +329,8 @@ static void fdb_delete(struct net_bridge *br, struct net_bridge_fdb_entry *f,
hlist_del_init_rcu(&f->fdb_node);
rhashtable_remove_fast(&br->fdb_hash_tbl, &f->rhnode,
br_fdb_rht_params);
+ if (!WARN_ON(!br->fdb_n_entries))
+ br->fdb_n_entries--;
fdb_notify(br, f, RTM_DELNEIGH, swdev_notify);
call_rcu(&f->rcu, fdb_rcu_free);
}
@@ -391,6 +393,9 @@ static struct ne...
2023 May 15
3
[Bridge] [PATCH net-next 1/2] bridge: Add a limit on FDB entries
...ff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
> index e69a872bfc1d..8a833e6dee92 100644
> --- a/net/bridge/br_fdb.c
> +++ b/net/bridge/br_fdb.c
> @@ -329,6 +329,8 @@ static void fdb_delete(struct net_bridge *br, struct net_bridge_fdb_entry *f,
> hlist_del_init_rcu(&f->fdb_node);
> rhashtable_remove_fast(&br->fdb_hash_tbl, &f->rhnode,
> br_fdb_rht_params);
> + if (!WARN_ON(!br->fdb_n_entries))
> + br->fdb_n_entries--;
This is pointless, just put the WARN_ON(!br->fdb_n_entries) above decrementing, if we
hit that we are alre...
2023 Jun 19
2
[Bridge] [PATCH net-next v2 2/3] bridge: Add a limit on learned FDB entries
...bool swdev_notify)
{
+ bool learned = !(f->flags & BR_FDB_NOT_LEARNED_MASK);
+
trace_fdb_delete(br, f);
if (test_bit(BR_FDB_STATIC, &f->flags))
@@ -329,11 +363,16 @@ static void fdb_delete(struct net_bridge *br, struct net_bridge_fdb_entry *f,
hlist_del_init_rcu(&f->fdb_node);
rhashtable_remove_fast(&br->fdb_hash_tbl, &f->rhnode,
br_fdb_rht_params);
+ br->fdb_cur_learned_entries -= learned;
fdb_notify(br, f, RTM_DELNEIGH, swdev_notify);
call_rcu(&f->rcu, fdb_rcu_free);
}
-/* Delete a local entry if no other port had the same...
2023 Jun 19
4
[Bridge] [PATCH net-next v2 0/3, iproute2-next 0/1] bridge: Add a limit on learned FDB entries
Introduce a limit on the amount of learned FDB entries on a bridge,
configured by netlink with a build time default on bridge creation in
the kernel config.
For backwards compatibility the kernel config default is disabling the
limit (0).
Without any limit a malicious actor may OOM a kernel by spamming packets
with changing MAC addresses on their bridge port, so allow the bridge
creator to limit