lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 21 Mar 2019 09:32:39 +0100
From:   Tobias Jungel <tobias.jungel@...dn.de>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     netdev@...r.kernel.org
Subject: [iproute2 PATCH] ip: bridge: add mcast to unicast config flag

This adds configuration for the IFLA_BRPORT_MCAST_TO_UCAST flag that
allows multicast packets to be replicated as unicast packets.

Signed-off-by: Tobias Jungel <tobias.jungel@...dn.de>
---
 bridge/link.c            | 12 ++++++++++++
 ip/iplink_bridge_slave.c |  9 +++++++++
 man/man8/bridge.8        |  5 +++++
 man/man8/ip-link.8.in    |  5 +++++
 4 files changed, 31 insertions(+)

diff --git a/bridge/link.c b/bridge/link.c
index 32317e53..04cfc144 100644
--- a/bridge/link.c
+++ b/bridge/link.c
@@ -146,6 +146,9 @@ static void print_protinfo(FILE *fp, struct rtattr *attr)
 		if (prtb[IFLA_BRPORT_MCAST_FLOOD])
 			print_onoff(fp, "mcast_flood",
 				    rta_getattr_u8(prtb[IFLA_BRPORT_MCAST_FLOOD]));
+		if (prtb[IFLA_BRPORT_MCAST_TO_UCAST])
+			print_onoff(fp, "mcast_to_unicast",
+				    rta_getattr_u8(prtb[IFLA_BRPORT_MCAST_TO_UCAST]));
 		if (prtb[IFLA_BRPORT_NEIGH_SUPPRESS])
 			print_onoff(fp, "neigh_suppress",
 				    rta_getattr_u8(prtb[IFLA_BRPORT_NEIGH_SUPPRESS]));
@@ -260,6 +263,7 @@ static void usage(void)
 	fprintf(stderr,	"                               [ learning_sync {on | off} ]\n");
 	fprintf(stderr,	"                               [ flood {on | off} ]\n");
 	fprintf(stderr,	"                               [ mcast_flood {on | off} ]\n");
+	fprintf(stderr,	"                               [ mcast_to_unicast {on | off} ]\n");
 	fprintf(stderr,	"                               [ neigh_suppress {on | off} ]\n");
 	fprintf(stderr,	"                               [ vlan_tunnel {on | off} ]\n");
 	fprintf(stderr,	"                               [ isolated {on | off} ]\n");
@@ -306,6 +310,7 @@ static int brlink_modify(int argc, char **argv)
 	__s8 flood = -1;
 	__s8 vlan_tunnel = -1;
 	__s8 mcast_flood = -1;
+	__s8 mcast_to_unicast = -1;
 	__s8 isolated = -1;
 	__s8 hairpin = -1;
 	__s8 bpdu_guard = -1;
@@ -354,6 +359,10 @@ static int brlink_modify(int argc, char **argv)
 			NEXT_ARG();
 			if (!on_off("mcast_flood", &mcast_flood, *argv))
 				return -1;
+		} else if (strcmp(*argv, "mcast_to_unicast") == 0) {
+			NEXT_ARG();
+			if (!on_off("mcast_to_unicast", &mcast_to_unicast, *argv))
+				return -1;
 		} else if (strcmp(*argv, "cost") == 0) {
 			NEXT_ARG();
 			cost = atoi(*argv);
@@ -453,6 +462,9 @@ static int brlink_modify(int argc, char **argv)
 	if (mcast_flood >= 0)
 		addattr8(&req.n, sizeof(req), IFLA_BRPORT_MCAST_FLOOD,
 			 mcast_flood);
+	if (mcast_to_unicast >= 0)
+		addattr8(&req.n, sizeof(req), IFLA_BRPORT_MCAST_TO_UCAST,
+			 mcast_to_unicast);
 	if (learning >= 0)
 		addattr8(&req.n, sizeof(req), IFLA_BRPORT_LEARNING, learning);
 	if (learning_sync >= 0)
diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c
index 85e6b424..ae9d15fc 100644
--- a/ip/iplink_bridge_slave.c
+++ b/ip/iplink_bridge_slave.c
@@ -37,6 +37,7 @@ static void print_explain(FILE *f)
 		"                        [ mcast_router MULTICAST_ROUTER ]\n"
 		"                        [ mcast_fast_leave {on | off} ]\n"
 		"                        [ mcast_flood {on | off} ]\n"
+		"                        [ mcast_to_unicast {on | off} ]\n"
 		"                        [ group_fwd_mask MASK ]\n"
 		"                        [ neigh_suppress {on | off} ]\n"
 		"                        [ vlan_tunnel {on | off} ]\n"
@@ -257,6 +258,10 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f,
 		_print_onoff(f, "mcast_flood", "mcast_flood",
 			     rta_getattr_u8(tb[IFLA_BRPORT_MCAST_FLOOD]));
 
+	if (tb[IFLA_BRPORT_MCAST_TO_UCAST])
+		_print_onoff(f, "mcast_to_unicast", "mcast_to_unicast",
+			     rta_getattr_u8(tb[IFLA_BRPORT_MCAST_TO_UCAST]));
+
 	if (tb[IFLA_BRPORT_NEIGH_SUPPRESS])
 		_print_onoff(f, "neigh_suppress", "neigh_suppress",
 			     rta_getattr_u8(tb[IFLA_BRPORT_NEIGH_SUPPRESS]));
@@ -357,6 +362,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv,
 			NEXT_ARG();
 			bridge_slave_parse_on_off("mcast_flood", *argv, n,
 						  IFLA_BRPORT_MCAST_FLOOD);
+		} else if (matches(*argv, "mcast_to_unicast") == 0) {
+			NEXT_ARG();
+			bridge_slave_parse_on_off("mcast_to_unicast", *argv, n,
+						  IFLA_BRPORT_MCAST_TO_UCAST);
 		} else if (matches(*argv, "proxy_arp") == 0) {
 			NEXT_ARG();
 			bridge_slave_parse_on_off("proxy_arp", *argv, n,
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index c9af20e8..06e3fdb3 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -47,6 +47,7 @@ bridge \- show / manipulate bridge addresses and devices
 .BR flood " { " on " | " off " } ] [ "
 .BR hwmode " { " vepa " | " veb " } ] [ "
 .BR mcast_flood " { " on " | " off " } ] [ "
+.BR mcast_to_unicast " { " on " | " off " } ] [ "
 .BR neigh_suppress " { " on " | " off " } ] [ "
 .BR vlan_tunnel " { " on " | " off " } ] [ "
 .BR isolated " { " on " | " off " } ] [ "
@@ -365,6 +366,10 @@ switch.
 .BR "mcast_flood on " or " mcast_flood off "
 Controls whether a given port will flood multicast traffic for which there is no MDB entry. By default this flag is on.
 
+.TP
+.BR "mcast_to_unicast on " or " mcast_to_unicast off "
+Controls whether a given port will replicate packets using unicast instead of multicast. By default this flag is off.
+
 .TP
 .BR "neigh_suppress on " or " neigh_suppress off "
 Controls whether neigh discovery (arp and nd) proxy and suppression is enabled on the port. By default this flag is off.
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 6f31453c..716421f4 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -2100,6 +2100,8 @@ the following additional arguments are supported:
 ] [
 .BR mcast_flood " { " on " | " off " }"
 ] [
+.BR mcast_to_unicast " { " on " | " off " }"
+] [
 .BR group_fwd_mask " MASK"
 ] [
 .BR neigh_suppress " { " on " | " off " }"
@@ -2185,6 +2187,9 @@ option above.
 .BR mcast_flood " { " on " | " off " }"
 - controls whether a given port will flood multicast traffic for which there is no MDB entry.
 
+.BR mcast_to_unicast " { " on " | " off " }"
+- controls whether a given port will replicate packets using unicast instead of multicast. By default this flag is off.
+
 .BI group_fwd_mask " MASK "
 - set the group forward mask. This is the bitmask that is applied to decide whether to forward incoming frames destined to link-local addresses, ie addresses of the form 01:80:C2:00:00:0X (defaults to 0, ie the bridge does not forward any link-local frames coming on this port).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ