search for: net_bridge

...dr(skb))) { if ((mdst && mdst->mglist) || br_multicast_is_router(br)) skb2 = skb; diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c index 0daae3e..6053b96 100644 --- a/net/bridge/br_mdb.c +++ b/net/bridge/br_mdb.c @@ -414,16 +414,20 @@ static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry) if (!netif_running(br->dev) || br->multicast_disabled) return -EINVAL; - if (timer_pending(&br->multicast_querier_timer)) - return -EBUSY; - ip.proto = entry->addr.proto; - if (ip.proto == htons(ETH_P_IP)) + if (ip.proto == htons(ETH_P_IP))...

...spam the kernel with packets with a random source MAC address, each of which will create an FDB entry, each of which is a dynamic allocation in the kernel. There are roughly 2^48 different MAC addresses, further limited by the rhashtable they are stored in to 2^31. Each entry is of the type struct net_bridge_fdb_entry, which is currently 128 bytes big. This means the maximum amount of memory allocated for FDB entries is 2^31 * 128B = 256GiB, which is too much for most computers. Mitigate this by adding a bridge netlink setting IFLA_BR_FDB_MAX_LEARNED_ENTRIES, which, if nonzero, limits the amount of le...

Changes since v9: * series re-ordering so make functionality more distinct. Basic vlan filtering is patches 1-4. Support for PVID/untagged vlans is patches 5 and 6. VLAN support for FDB/MDB is patches 7-11. Patch 12 is still additional egress policy. * Slight simplification to code that extracts the VID from skb. Since we now depend on the vlan module, at the time of input skb_tci is

...457-1-jnixdorf-oss at avm.de/ Changes since v1: - Added BR_FDB_ADDED_BY_USER earlier in fdb_add_entry to ensure the limit is not applied. - Do not initialize fdb_*_entries to 0. (from review) - Do not skip decrementing on 0. (from review) - Moved the counters to a conditional hole in struct net_bridge to avoid growing the struct. (from review, it still grows the struct as there are 2 32-bit values) - Add IFLA_BR_FDB_CUR_LEARNED_ENTRIES (from review) - Fix br_get_size() with the added attributes. - Only limit learned entries, rename to *_(CUR|MAX)_LEARNED_ENTRIES. (from review) - Add...

...+++++++++++++++++ net/bridge/br_sysfs_if.c | 17 +++++++++++ 7 files changed, 154 insertions(+), 2 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index a48f5ef..7d0f6ed 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -394,6 +394,15 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, fdb = fdb_find(head, addr); if (likely(fdb)) { + /* + * If we are a VEPA and the source port is the uplink, + * this could be a reflected packet, so don't learn any + * addresses that already are in the fdb but on other ports + */ + if ((br-&...

...+++++++++++++++++ net/bridge/br_sysfs_if.c | 17 +++++++++++ 7 files changed, 154 insertions(+), 2 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index a48f5ef..7d0f6ed 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -394,6 +394,15 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, fdb = fdb_find(head, addr); if (likely(fdb)) { + /* + * If we are a VEPA and the source port is the uplink, + * this could be a reflected packet, so don't learn any + * addresses that already are in the fdb but on other ports + */ + if ((br-&...

...+++++++++++++++++ net/bridge/br_sysfs_if.c | 17 +++++++++++ 7 files changed, 154 insertions(+), 2 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index a48f5ef..7d0f6ed 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -394,6 +394,15 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, fdb = fdb_find(head, addr); if (likely(fdb)) { + /* + * If we are a VEPA and the source port is the uplink, + * this could be a reflected packet, so don't learn any + * addresses that already are in the fdb but on other ports + */ + if ((br-&...

...if.c | 17 +++++++++++++++++ 4 files changed, 23 insertions(+), 1 deletions(-) diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index d2c27c8..bc1704a 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -22,7 +22,8 @@ static inline int should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb) { - return (skb->dev != p->dev && p->state == BR_STATE_FORWARDING); + return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && + p->state == BR_STATE_FORWARDING); } static inline unsigned packet_length(c...

This series of patches provides an ability to add VLANs to the bridge ports. This is similar to what can be found in most switches. The bridge port may have any number of VLANs added to it including vlan 0 priority tagged traffic. When vlans are added to the port, only traffic tagged with particular vlan will forwarded over this port. Additionally, vlan ids are added to FDB entries and become

...if.c | 17 +++++++++++++++++ 4 files changed, 23 insertions(+), 1 deletions(-) diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index d2c27c8..bc1704a 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -22,7 +22,8 @@ static inline int should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb) { - return (skb->dev != p->dev && p->state == BR_STATE_FORWARDING); + return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && + p->state == BR_STATE_FORWARDING); } static inline unsigned packet_length(c...

...if.c | 17 +++++++++++++++++ 4 files changed, 23 insertions(+), 1 deletions(-) diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index d2c27c8..bc1704a 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -22,7 +22,8 @@ static inline int should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb) { - return (skb->dev != p->dev && p->state == BR_STATE_FORWARDING); + return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && + p->state == BR_STATE_FORWARDING); } static inline unsigned packet_length(c...

...dst); - } else + else br_flood_deliver(br, skb, 0); rcu_read_unlock(); diff -Nru a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c --- a/net/bridge/br_fdb.c 2004-07-28 15:30:04 -07:00 +++ b/net/bridge/br_fdb.c 2004-07-28 15:30:04 -07:00 @@ -73,7 +73,7 @@ static __inline__ void fdb_delete(struct net_bridge_fdb_entry *f) { - hlist_del(&f->hlist); + hlist_del_rcu(&f->hlist); if (!f->is_static) list_del(&f->age_list); @@ -85,7 +85,7 @@ struct net_bridge *br = p->br; int i; - write_lock_bh(&br->hash_lock); + spin_lock_bh(&br->hash_lock); /* Sear...

...re not limited. net/bridge/br_fdb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index e69a872bfc1d..ac1dc8723b9c 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -1056,7 +1056,7 @@ static int fdb_add_entry(struct net_bridge *br, struct net_bridge_port *source, if (!(flags & NLM_F_CREATE)) return -ENOENT; - fdb = fdb_create(br, source, addr, vid, 0); + fdb = fdb_create(br, source, addr, vid, BR_FDB_ADDED_BY_USER); if (!fdb) return -ENOMEM; @@ -1069,6 +1069,8 @@ static int fdb_add_entry(struct ne...

I have a bridge that has gigabit interfaces. The machine in question has the fun job of being a Bridge, Firewall and SMB server. Both of the Gigabit interfaces are connected to workstations directly via Xover cable (well MDI-X to be exact). My question is, if I enable jumbo frames on the gigabit interfaces will that make any difference in overall transfer rate of the bridge? I was thinking it

...ed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> --- a/net/bridge/br_sysfs_br.c 2007-07-16 14:24:18.000000000 +0100 +++ b/net/bridge/br_sysfs_br.c 2007-08-14 13:44:23.000000000 +0100 @@ -150,9 +150,7 @@ static ssize_t show_stp_state(struct dev static void set_stp_state(struct net_bridge *br, unsigned long val) { rtnl_lock(); - spin_unlock_bh(&br->lock); br_stp_set_enabled(br, val); - spin_lock_bh(&br->lock); rtnl_unlock(); }

...OTSUPP; - - data = (unsigned long *)rq->ifr_data; - if (copy_from_user(args, data, 4*sizeof(unsigned long))) - return -EFAULT; - - return br_ioctl_device(dev->priv, args[0], args[1], args[2], args[3]); -} - static struct net_device_stats *br_dev_get_stats(struct net_device *dev) { struct net_bridge *br; @@ -115,7 +100,7 @@ ether_setup(dev); - dev->do_ioctl = br_dev_do_ioctl; + dev->do_ioctl = br_dev_ioctl; dev->get_stats = br_dev_get_stats; dev->hard_start_xmit = br_dev_xmit; dev->open = br_dev_open; diff -Nru a/net/bridge/br_if.c b/net/bridge/br_if.c --- a/net/brid...

...23 at 09:55:31AM +0300, Nikolay Aleksandrov wrote: > On 6/19/23 10:14, Johannes Nixdorf wrote: > > +/* Set a FDB flag that implies the entry was not learned, and account > > + * for changes in the learned status. > > + */ > > +static void __fdb_set_flag_not_learned(struct net_bridge *br, > > + struct net_bridge_fdb_entry *fdb, > > + long nr) > > +{ > > + WARN_ON_ONCE(!(BIT(nr) & BR_FDB_NOT_LEARNED_MASK)); > > Please use *_bit Can you tell me which *_bit helper you had in mind? The shortest option I could come up with the...

...spam the kernel with packets with a random source MAC address, each of which will create an FDB entry, each of which is a dynamic allocation in the kernel. There are roughly 2^48 different MAC addresses, further limited by the rhashtable they are stored in to 2^31. Each entry is of the type struct net_bridge_fdb_entry, which is currently 128 bytes big. This means the maximum amount of memory allocated for FDB entries is 2^31 * 128B = 256GiB, which is too much for most computers. Mitigate this by adding a bridge netlink setting IFLA_BR_FDB_MAX_ENTRIES, which, if nonzero, limits the amount of entries to...

...+0300, Nikolay Aleksandrov wrote: >> On 6/19/23 10:14, Johannes Nixdorf wrote: >>> +/* Set a FDB flag that implies the entry was not learned, and account >>> + * for changes in the learned status. >>> + */ >>> +static void __fdb_set_flag_not_learned(struct net_bridge *br, >>> + struct net_bridge_fdb_entry *fdb, >>> + long nr) >>> +{ >>> + WARN_ON_ONCE(!(BIT(nr) & BR_FDB_NOT_LEARNED_MASK)); >> >> Please use *_bit > > Can you tell me which *_bit helper you had in mind? The shortest opt...

...ndex */ #ifdef CONFIG_NET_CLS_ACT Index: wireless-dev/net/bridge/br_forward.c =================================================================== --- wireless-dev.orig/net/bridge/br_forward.c +++ wireless-dev/net/bridge/br_forward.c @@ -24,7 +24,16 @@ static inline int should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb) { - return (skb->dev != p->dev && p->state == BR_STATE_FORWARDING); + if (skb->dev == p->dev || + p->state != BR_STATE_FORWARDING) + return 0; + +#ifdef CONFIG_BRIDGE_VLAN + if (skb->vlan && br_vlan_filter(skb, &a...