Displaying 8 results from an estimated 8 matches for "vlan_filtered".
2023 Jun 19
1
[Bridge] [PATCH iproute2-next 1/1] iplink: bridge: Add support for bridge FDB learning limits
Support setting the FDB limit through ip link. The arguments is:
- fdb_max_learned_entries: A 32-bit unsigned integer specifying the
maximum number of learned FDB entries, with 0
disabling the limit.
Also support reading back the current number of learned FDB entries in
the bridge by this count. The returned value's name is:
-
2023 Sep 05
1
[Bridge] [PATCH iproute2-next v3] iplink: bridge: Add support for bridge FDB learning limits
Support setting the FDB limit through ip link. The arguments is:
- fdb_max_learned_entries: A 32-bit unsigned integer specifying the
maximum number of learned FDB entries, with 0
disabling the limit.
Also support reading back the current number of learned FDB entries in
the bridge by this count. The returned value's name is:
-
2023 Oct 18
3
[Bridge] [PATCH iproute2-next v5] iplink: bridge: Add support for bridge FDB learning limits
Support setting the FDB limit through ip link. The arguments is:
- fdb_max_learned: A 32-bit unsigned integer specifying the maximum
number of learned FDB entries, with 0 disabling
the limit.
Also support reading back the current number of learned FDB entries in
the bridge by this count. The returned value's name is:
- fdb_n_learned: A 32-bit unsigned
2023 Jun 19
4
[Bridge] [PATCH net-next v2 0/3, iproute2-next 0/1] bridge: Add a limit on learned FDB entries
Introduce a limit on the amount of learned FDB entries on a bridge,
configured by netlink with a build time default on bridge creation in
the kernel config.
For backwards compatibility the kernel config default is disabling the
limit (0).
Without any limit a malicious actor may OOM a kernel by spamming packets
with changing MAC addresses on their bridge port, so allow the bridge
creator to limit
2023 May 19
2
[Bridge] [PATCH net-next 1/5] skbuff: bridge: Add layer 2 miss indication
...b..bd5c18286a40 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -581,6 +581,7 @@ struct br_input_skb_cb {
#endif
u8 proxyarp_replied:1;
u8 src_port_isolated:1;
+ u8 miss:1; /* FDB or MDB lookup miss */
#ifdef CONFIG_BRIDGE_VLAN_FILTERING
u8 vlan_filtered:1;
#endif
And set this bit upon misses instead of skb->l2_miss:
@@ -203,6 +205,8 @@ void br_flood(struct net_bridge *br, struct sk_buff *skb,
struct net_bridge_port *prev = NULL;
struct net_bridge_port *p;
+ BR_INPUT_SKB_CB(skb)->miss = 1;
+
list_for_each_en...
2019 Mar 12
2
KVM-Docker-Networking using TAP and MACVLAN
Hi everyone!
I have the following requirement: I need to connect a set of Docker
containers to a KVM. The containers shall be isolated in a way that they
cannot communicate to each other without going through the KVM, which
will act as router/firewall. For this, I thought about the following
simple setup (as opposed to a more complex one involving a bridge with
vlan_filtering and a seperate VLAN
2019 Mar 13
0
Re: KVM-Docker-Networking using TAP and MACVLAN
On Tue, Mar 12, 2019 at 11:10:40PM +0100, Lars Lindstrom wrote:
>Hi everyone!
>
>I have the following requirement: I need to connect a set of Docker
>containers to a KVM. The containers shall be isolated in a way that they
>cannot communicate to each other without going through the KVM, which
>will act as router/firewall. For this, I thought about the following
>simple setup
2013 Feb 13
14
[Bridge] [PATCH v10 net-next 00/12] VLAN filtering/VLAN aware bridge
Changes since v9:
* series re-ordering so make functionality more distinct. Basic vlan
filtering is patches 1-4. Support for PVID/untagged vlans is patches
5 and 6. VLAN support for FDB/MDB is patches 7-11. Patch 12 is
still additional egress policy.
* Slight simplification to code that extracts the VID from skb. Since we
now depend on the vlan module, at the time of input skb_tci is