lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 21 Feb 2015 10:29:11 -0800
From:	roopa <>
To:	Viswanath Bandaru <>
CC:	Florian Fainelli <>,
	"" <>,
	"" <>,
	"" <>,
	"" <>,
	"" <>,
	"" <>,
	"" <>
Subject: Re: [PATCH net-next RFC 0/5] Add NTF_EXT_AGED to control FDB ageing
 in SW or HW

On 2/20/15, 4:20 PM, Viswanath Bandaru wrote:
>> -----Original Message-----
>> From: Florian Fainelli []
>> Sent: Saturday, February 21, 2015 12:44 AM
>> To: roopa;
>> Cc:;;;
>>;; Viswanath Bandaru;
>> Subject: Re: [PATCH net-next RFC 0/5] Add NTF_EXT_AGED to control FDB
>> ageing in SW or HW
>> On 20/02/15 09:29, roopa wrote:
>>> On 2/19/15, 11:09 PM, wrote:
>>>> From: Scott Feldman <>
>>>> Add a new NTF_EXT_FLAG to mark an FDB as externally aged, for example
>> by
>>>> offload hardware.   Switchdev driver/devices can set this flag when
>>>> learning a
>>>> new FDB entry and SW (the bridge driver) will skip this entry when
>>>> running its ageing task.  If flag is set, the driver/device is
>>>> responsible for calling
>>>> call_netdev_switch_notifiers(NETDEV_SWITCH_FDB_DEL, ...) when entry
>>>> expires.
>>>> This give the flexibility for driver/device to decide ageing policy
>>>> based on its capabilities.  For devices managing many FDB entries, it
>>>> is desireable for the device to aged out its own entries.  Devices
>>>> not capable of aged entries can rely of SW to age out the entries.
>>> scott, patches look good. However, I am not sure yet if there is a
>>> need to make it a per fdb entry flag.
>> I agree, in fact, most of the HW I have access to only has a global age timer
>> configuration knob. Is this configurable on a per-port basis for higher end
>> switches, or even maybe per-FDB entry?
> The decision to age an entry is on a per-FDB entry, So if the flag is not available in the fdb-entry, then it has to be obtained from associated netdev. I think the per-FDB may be more convenient than keeping it on netdev.

I was not saying netdev, but the bridge could have it...something like 
the below:

diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index e0670d7..1815924 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -280,7 +280,8 @@ void br_fdb_cleanup(unsigned long _data)

                 hlist_for_each_entry_safe(f, n, &br->hash[i], hlist) {
                         unsigned long this_timer;
-                       if (f->is_static)
+                       if (f->is_static || (f->added_by_external_learn &&
+                               br->hw_aging_enabled))
                         this_timer = f->updated + delay;
                         if (time_before_eq(this_timer, jiffies))
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index de09199..68bfb4b 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -246,6 +246,7 @@ struct net_bridge

         unsigned char                   topology_change;
         unsigned char                   topology_change_detected;
+       unsigned char                   hw_aging_enabled;

         unsigned char                   multicast_router;

I have no objections to the current patchset (they clearly fix the 
problem). I was only wondering if the notion of aging can continue to 
stay in the bridge
and not be carried into every fdb entry. which seems cleaner to me.

>>> At some point we will also need the hw ageing parameter to be
>> configurable.
>>> So other approach could be,
>>> - ageing parameter on bridge gets offloaded the hw
> Like everybody said, the ageing is really the switch's property.  If there are two bridges with ports from same switching device, it becomes tricky to configure ageing time on the switch.  ( I think this is what you may be referring to be saying it needs more thought).
Regarding the two bridges with ports from the same switching device, I 
think the switch driver should handle that. Maybe min value etc as 
discussed further in this thread.

Today given that most people are going to use the vlan filtering bridge 
and most likely prefer having a single vlan filtering bridge represent 
their swicth (we do in most cases), I see this being a non critical 
problem to solve.


To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists