search for: net_bridge_port

...bridge/br_sysfs_if.c | 17 +++++++++++ 7 files changed, 154 insertions(+), 2 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index a48f5ef..7d0f6ed 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -394,6 +394,15 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, fdb = fdb_find(head, addr); if (likely(fdb)) { + /* + * If we are a VEPA and the source port is the uplink, + * this could be a reflected packet, so don't learn any + * addresses that already are in the fdb but on other ports + */ + if ((br->flags & BR_VEPA_MODE)...

...bridge/br_sysfs_if.c | 17 +++++++++++ 7 files changed, 154 insertions(+), 2 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index a48f5ef..7d0f6ed 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -394,6 +394,15 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, fdb = fdb_find(head, addr); if (likely(fdb)) { + /* + * If we are a VEPA and the source port is the uplink, + * this could be a reflected packet, so don't learn any + * addresses that already are in the fdb but on other ports + */ + if ((br->flags & BR_VEPA_MODE)...

...bridge/br_sysfs_if.c | 17 +++++++++++ 7 files changed, 154 insertions(+), 2 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index a48f5ef..7d0f6ed 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -394,6 +394,15 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, fdb = fdb_find(head, addr); if (likely(fdb)) { + /* + * If we are a VEPA and the source port is the uplink, + * this could be a reflected packet, so don't learn any + * addresses that already are in the fdb but on other ports + */ + if ((br->flags & BR_VEPA_MODE)...

...data) if (!netif_running(br->dev) || br->multicast_disabled) goto out; - br_multicast_start_querier(br); + br_ip6_multicast_start_querier(br); out: spin_unlock(&br->multicast_lock); } +#endif static void __br_multicast_send_query(struct net_bridge *br, struct net_bridge_port *port, @@ -788,15 +807,15 @@ static void __br_multicast_send_query(struct net_bridge *br, netif_rx(skb); } -static void br_multicast_send_query(struct net_bridge *br, - struct net_bridge_port *port, u32 sent) +static void br_ip4_multicast_send_query(struct net_bridge *br, + struct...

Changes since v9: * series re-ordering so make functionality more distinct. Basic vlan filtering is patches 1-4. Support for PVID/untagged vlans is patches 5 and 6. VLAN support for FDB/MDB is patches 7-11. Patch 12 is still additional egress policy. * Slight simplification to code that extracts the VID from skb. Since we now depend on the vlan module, at the time of input skb_tci is

...============================================ --- linux-2.6.7/net/bridge/br_stp.c.orig 2004-06-17 20:17:27.000000000 +0530 +++ linux-2.6.7/net/bridge/br_stp.c 2004-06-22 19:32:49.015908632 +0530 @@ -161,20 +161,19 @@ void br_transmit_config(struct net_bridg if (!br_is_root_bridge(br)) { struct net_bridge_port *root = br_get_port(br, br->root_port); - bpdu.max_age = root->message_age_timer.expires - jiffies; - - if (bpdu.max_age <= 0) bpdu.max_age = 1; + bpdu.message_age = br->max_age - + (root->message_age_timer.expires - jiffies) + 1; } bpdu.max_age = br->max_age; bpdu...

...if.c | 17 +++++++++++++++++ 4 files changed, 23 insertions(+), 1 deletions(-) diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index d2c27c8..bc1704a 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -22,7 +22,8 @@ static inline int should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb) { - return (skb->dev != p->dev && p->state == BR_STATE_FORWARDING); + return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && + p->state == BR_STATE_FORWARDING); } static inline unsigned packet_length(const...

...if.c | 17 +++++++++++++++++ 4 files changed, 23 insertions(+), 1 deletions(-) diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index d2c27c8..bc1704a 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -22,7 +22,8 @@ static inline int should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb) { - return (skb->dev != p->dev && p->state == BR_STATE_FORWARDING); + return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && + p->state == BR_STATE_FORWARDING); } static inline unsigned packet_length(const...

...if.c | 17 +++++++++++++++++ 4 files changed, 23 insertions(+), 1 deletions(-) diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index d2c27c8..bc1704a 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -22,7 +22,8 @@ static inline int should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb) { - return (skb->dev != p->dev && p->state == BR_STATE_FORWARDING); + return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) && + p->state == BR_STATE_FORWARDING); } static inline unsigned packet_length(const...

.../bridge/br_forward.c index 02bb620d3b8d..7ebdf9937125 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -18,16 +18,39 @@ #include "br_private.h" /* Don't forward packets to originating port or forwarding disabled */ -static inline int should_deliver(const struct net_bridge_port *p, - const struct sk_buff *skb) +static inline bool should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb, + enum skb_drop_reason *need_reason) { struct net_bridge_vlan_group *vg; + enum skb_drop_reason reason; vg = nbp_vlan_group_rcu(p); - return ((p->flags &...

...ridge/br_fdb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index e69a872bfc1d..ac1dc8723b9c 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -1056,7 +1056,7 @@ static int fdb_add_entry(struct net_bridge *br, struct net_bridge_port *source, if (!(flags & NLM_F_CREATE)) return -ENOENT; - fdb = fdb_create(br, source, addr, vid, 0); + fdb = fdb_create(br, source, addr, vid, BR_FDB_ADDED_BY_USER); if (!fdb) return -ENOMEM; @@ -1069,6 +1069,8 @@ static int fdb_add_entry(struct net_bridge *br, struct net_bri...

The following series adds 2 new flags to bridge. One flag allows the user to control whether mac learning is performed on the interface or not. By default mac learning is on. The other flag allows the user to control whether unicast traffic is flooded (send without an fdb) to a given unicast port. Default is on. Changes since v4: - Implemented Stephen's suggestions. Changes since v2: -

This series of patches provides an ability to add VLANs to the bridge ports. This is similar to what can be found in most switches. The bridge port may have any number of VLANs added to it including vlan 0 priority tagged traffic. When vlans are added to the port, only traffic tagged with particular vlan will forwarded over this port. Additionally, vlan ids are added to FDB entries and become

...s. */ +/* Delete a local entry if no other port had the same address. + * + * This function should only be called on entries with BR_FDB_LOCAL set, + * so clear_bit never removes the last bit in BR_FDB_NOT_LEARNED_MASK. + */ static void fdb_delete_local(struct net_bridge *br, const struct net_bridge_port *p, struct net_bridge_fdb_entry *f) @@ -390,6 +429,11 @@ static struct net_bridge_fdb_entry *fdb_create(struct net_bridge *br, { struct net_bridge_fdb_entry *fdb; int err; + bool learned = !(flags & BR_FDB_NOT_LEARNED_MASK); + + if (unlikely(learned && br->fdb_max_learn...

Introduce a limit on the amount of learned FDB entries on a bridge, configured by netlink with a build time default on bridge creation in the kernel config. For backwards compatibility the kernel config default is disabling the limit (0). Without any limit a malicious actor may OOM a kernel by spamming packets with changing MAC addresses on their bridge port, so allow the bridge creator to limit

...ndex */ #ifdef CONFIG_NET_CLS_ACT Index: wireless-dev/net/bridge/br_forward.c =================================================================== --- wireless-dev.orig/net/bridge/br_forward.c +++ wireless-dev/net/bridge/br_forward.c @@ -24,7 +24,16 @@ static inline int should_deliver(const struct net_bridge_port *p, const struct sk_buff *skb) { - return (skb->dev != p->dev && p->state == BR_STATE_FORWARDING); + if (skb->dev == p->dev || + p->state != BR_STATE_FORWARDING) + return 0; + +#ifdef CONFIG_BRIDGE_VLAN + if (skb->vlan && br_vlan_filter(skb, &p-...

I saw some big mistakes, here's the correct version : -------------------------------------------------------------------- void br_send_config_bpdu(struct net_bridge_port *p, struct bpdu *bpdu) { unsigned char buf[42]; buf[0] = bpdu->bpdu_header.protocol[0]; //0x00 buf[1] = bpdu->bpdu_header.protocol[1]; //0x00 buf[2] = bpdu->bpdu_header.version; //0x02 buf[3] = BPDU_TYPE_CONFIG; buf[4] = bpdu->bpdu_body.flags.topo_change; buf[5] = bpdu->bpdu_...

...anov <xemul@openvz.org> --- diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 3cedd4e..b42b192 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -122,6 +122,7 @@ static inline int is_link_local(const unsigned char *dest) struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb) { const unsigned char *dest = eth_hdr(skb)->h_dest; + typeof(br_should_route_hook) rhook; if (!is_valid_ether_addr(eth_hdr(skb)->h_source)) goto drop; @@ -147,9 +148,9 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb) swi...

...src_port_isolated:1; + u8 miss:1; /* FDB or MDB lookup miss */ #ifdef CONFIG_BRIDGE_VLAN_FILTERING u8 vlan_filtered:1; #endif And set this bit upon misses instead of skb->l2_miss: @@ -203,6 +205,8 @@ void br_flood(struct net_bridge *br, struct sk_buff *skb, struct net_bridge_port *prev = NULL; struct net_bridge_port *p; + BR_INPUT_SKB_CB(skb)->miss = 1; + list_for_each_entry_rcu(p, &br->port_list, list) { /* Do not flood unicast traffic to ports that turn it off, nor * other traffic if flood off, except for...

Based on net-next. This patch exports port->port_no port->port_id in the end of IFA_INFO_DATA. Cc: Herbert Xu <herbert at gondor.apana.org.au> Cc: Stephen Hemminger <shemminger at vyatta.com> Cc: "David S. Miller" <davem at davemloft.net> Cc: Thomas Graf <tgraf at suug.ch> Cc: Jesper Dangaard Brouer <brouer at redhat.com> Signed-off-by: Cong Wang