search for: nlm_f_create

...nsertions(+), 3 deletions(-) diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index e69a872bfc1d..ac1dc8723b9c 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c @@ -1056,7 +1056,7 @@ static int fdb_add_entry(struct net_bridge *br, struct net_bridge_port *source, if (!(flags & NLM_F_CREATE)) return -ENOENT; - fdb = fdb_create(br, source, addr, vid, 0); + fdb = fdb_create(br, source, addr, vid, BR_FDB_ADDED_BY_USER); if (!fdb) return -ENOMEM; @@ -1069,6 +1069,8 @@ static int fdb_add_entry(struct net_bridge *br, struct net_bridge_port *source, WRITE_ONCE(fdb->ds...

...msg *)NLMSG_DATA(nlMsg); /* Fill in the nlmsg header*/ nlMsg->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); // Length ofmessage. nlMsg->nlmsg_type = RTM_NEWROUTE; // Get the routes from kernel routing table . nlMsg->nlmsg_flags = NLM_F_CREATE ; // The message is a request for dump. nlMsg->nlmsg_seq = msgSeq++; // Sequence of the message packet. nlMsg->nlmsg_pid = getpid(); // PID of process sending the request. rtMsg->rtm_family = AF_INET;...

Introduce a limit on the amount of learned FDB entries on a bridge, configured by netlink with a build time default on bridge creation in the kernel config. For backwards compatibility the kernel config default is disabling the limit (0). Without any limit a malicious actor may OOM a kernel by spamming packets with changing MAC addresses on their bridge port, so allow the bridge creator to limit

...t netlink_ctx to mnl_nft_socket_sendmsg() src: add debugging mask to context structure src: call nft_init() and nft_exit() from context routines src: move nf_sock into nft_ctx structure netlink: remove nfsock_open() src: add nft_ctx_netlink_init() mnl: do not set NLM_F_CREATE in deletion requests parser_bison: consolidate stmt_expr rule parser_bison: use keywords in ct expression parser_bison: allow helper keyword in ct object kind mnl: fix broken sequence number allocation parser_bison: allow to used named limit from dictionaries too...

Changes since v9: * series re-ordering so make functionality more distinct. Basic vlan filtering is patches 1-4. Support for PVID/untagged vlans is patches 5 and 6. VLAN support for FDB/MDB is patches 7-11. Patch 12 is still additional egress policy. * Slight simplification to code that extracts the VID from skb. Since we now depend on the vlan module, at the time of input skb_tci is

This series of patches provides an ability to add VLANs to the bridge ports. This is similar to what can be found in most switches. The bridge port may have any number of VLANs added to it including vlan 0 priority tagged traffic. When vlans are added to the port, only traffic tagged with particular vlan will forwarded over this port. Additionally, vlan ids are added to FDB entries and become