lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20220608122921.3962382-4-razor@blackwall.org>
Date:   Wed,  8 Jun 2022 15:29:14 +0300
From:   Nikolay Aleksandrov <razor@...ckwall.org>
To:     netdev@...r.kernel.org
Cc:     dsahern@...il.com, stephen@...workplumber.org, roopa@...dia.com,
        Nikolay Aleksandrov <razor@...ckwall.org>
Subject: [PATCH iproute2-next 03/10] bridge: fdb: add flush port matching

Usually we match on the device specified after "dev" but there are
special cases where we need an additional device attribute for matching
such as when matching entries specifically pointing to the bridge device
itself. We use NDA_IFINDEX for that purpose.

Example:
$ bridge fdb flush dev br0 brport br0
This will flush only entries pointing to the bridge itself.

$ bridge fdb flush dev swp1 brport swp2 master
Note this will flush entries pointing to swp2 only. The NDA_IFINDEX
attribute overrides the dev argument. This is documented in the man
page.

Signed-off-by: Nikolay Aleksandrov <razor@...ckwall.org>
---
 bridge/fdb.c      | 23 ++++++++++++++++++++---
 man/man8/bridge.8 |  8 ++++++++
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/bridge/fdb.c b/bridge/fdb.c
index c2a1fb957f7e..4af13eb20dc5 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -45,7 +45,8 @@ static void usage(void)
 		"              [ state STATE ] [ dynamic ] ]\n"
 		"       bridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV\n"
 		"              [ vlan VID ] [ vni VNI ] [ self ] [ master ] [ dynamic ]\n"
-		"       bridge fdb flush dev DEV [ vlan VID ] [ self ] [ master ]\n");
+		"       bridge fdb flush dev DEV [ brport DEV ] [ vlan VID ]\n"
+		"              [ self ] [ master ]\n");
 	exit(-1);
 }
 
@@ -679,9 +680,9 @@ static int fdb_flush(int argc, char **argv)
 		.n.nlmsg_type = RTM_DELNEIGH,
 		.ndm.ndm_family = PF_BRIDGE,
 	};
+	short vid = -1, port_ifidx = -1;
 	unsigned short ndm_flags = 0;
-	char *d = NULL;
-	short vid = -1;
+	char *d = NULL, *port = NULL;
 
 	while (argc > 0) {
 		if (strcmp(*argv, "dev") == 0) {
@@ -691,6 +692,11 @@ static int fdb_flush(int argc, char **argv)
 			ndm_flags |= NTF_MASTER;
 		} else if (strcmp(*argv, "self") == 0) {
 			ndm_flags |= NTF_SELF;
+		} else if (strcmp(*argv, "brport") == 0) {
+			if (port)
+				duparg2("brport", *argv);
+			NEXT_ARG();
+			port = *argv;
 		} else if (strcmp(*argv, "vlan") == 0) {
 			if (vid >= 0)
 				duparg2("vlan", *argv);
@@ -714,6 +720,15 @@ static int fdb_flush(int argc, char **argv)
 		return -1;
 	}
 
+	if (port) {
+		port_ifidx = ll_name_to_index(port);
+		if (port_ifidx == 0) {
+			fprintf(stderr, "Cannot find bridge port device \"%s\"\n",
+				port);
+			return -1;
+		}
+	}
+
 	if (vid >= 4096) {
 		fprintf(stderr, "Invalid VLAN ID \"%hu\"\n", vid);
 		return -1;
@@ -724,6 +739,8 @@ static int fdb_flush(int argc, char **argv)
 		ndm_flags |= NTF_SELF;
 
 	req.ndm.ndm_flags = ndm_flags;
+	if (port_ifidx > -1)
+		addattr32(&req.n, sizeof(req), NDA_IFINDEX, port_ifidx);
 	if (vid > -1)
 		addattr16(&req.n, sizeof(req), NDA_VLAN, vid);
 
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index d5db85b943bd..32b81b4bd4fe 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -116,6 +116,8 @@ bridge \- show / manipulate bridge addresses and devices
 .BR "bridge fdb flush"
 .B dev
 .IR DEV " [ "
+.B brport
+.IR DEV " ] [ "
 .B vlan
 .IR VID " ] [ "
 .BR self " ] [ " master " ]"
@@ -801,6 +803,12 @@ the target device for the operation. If the device is a bridge port and "master"
 is set then the operation will be fulfilled by its master device's driver and
 all entries pointing to that port will be deleted.
 
+.TP
+.BI brport " DEV"
+the target bridge port for the operation. If the bridge device is specified then only
+entries pointing to the bridge itself will be deleted. Note that the target device
+specified by this option will override the one specified by dev above.
+
 .TP
 .BI vlan " VID"
 the target VLAN ID for the operation. Match forwarding table entries only with the
-- 
2.35.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ