| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Oct 2022 11:35:33 +0300
From: Ido Schimmel <idosch@...dia.com>
To: Hans Schultz <netdev@...io-technology.com>
Cc: davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
Florian Fainelli <f.fainelli@...il.com>,
Andrew Lunn <andrew@...n.ch>,
Vivien Didelot <vivien.didelot@...il.com>,
Vladimir Oltean <olteanv@...il.com>,
Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>,
Kurt Kanzenbach <kurt@...utronix.de>,
Hauke Mehrtens <hauke@...ke-m.de>,
Woojung Huh <woojung.huh@...rochip.com>,
UNGLinuxDriver@...rochip.com, Sean Wang <sean.wang@...iatek.com>,
Landen Chao <Landen.Chao@...iatek.com>,
DENG Qingfang <dqfext@...il.com>,
Matthias Brugger <matthias.bgg@...il.com>,
Claudiu Manoil <claudiu.manoil@....com>,
Alexandre Belloni <alexandre.belloni@...tlin.com>,
Jiri Pirko <jiri@...nulli.us>,
Ivan Vecera <ivecera@...hat.com>,
Roopa Prabhu <roopa@...dia.com>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Shuah Khan <shuah@...nel.org>,
Russell King <linux@...linux.org.uk>,
Christian Marangi <ansuelsmth@...il.com>,
Daniel Borkmann <daniel@...earbox.net>,
Yuwei Wang <wangyuweihx@...il.com>,
Petr Machata <petrm@...dia.com>,
Florent Fourcot <florent.fourcot@...irst.fr>,
Hans Schultz <schultz.hans@...il.com>,
Joachim Wiberg <troglobit@...il.com>,
Amit Cohen <amcohen@...dia.com>, linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
linux-mediatek@...ts.infradead.org,
bridge@...ts.linux-foundation.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH v2 iproute2-next 2/4] bridge: fdb: show locked FDB
entries flag in output
On Tue, Oct 04, 2022 at 05:20:34PM +0200, Hans Schultz wrote:
> Signed-off-by: Hans Schultz <netdev@...io-technology.com>
Don't leave the commit message empty. Explain the change and include an
example output showing the "locked" flag.
> ---
> bridge/fdb.c | 11 +++++++++--
Still missing a description of the "locked" flag from the man page.
Something like:
"
locked - this entry was added by the kernel in response to a host trying
to communicate behind a bridge port with MAB enabled. User space can
authenticate the host by clearing the flag. The flag cannot be set by
user space.
"
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/bridge/fdb.c b/bridge/fdb.c
> index 5f71bde0..f1f0a5bb 100644
> --- a/bridge/fdb.c
> +++ b/bridge/fdb.c
> @@ -93,7 +93,7 @@ static int state_a2n(unsigned int *s, const char *arg)
> return 0;
> }
>
> -static void fdb_print_flags(FILE *fp, unsigned int flags)
> +static void fdb_print_flags(FILE *fp, unsigned int flags, __u8 ext_flags)
s/__u8/__u32/
> {
> open_json_array(PRINT_JSON,
> is_json_context() ? "flags" : "");
> @@ -116,6 +116,9 @@ static void fdb_print_flags(FILE *fp, unsigned int flags)
> if (flags & NTF_STICKY)
> print_string(PRINT_ANY, NULL, "%s ", "sticky");
>
> + if (ext_flags & NTF_EXT_LOCKED)
> + print_string(PRINT_ANY, NULL, "%s ", "locked");
> +
> close_json_array(PRINT_JSON, NULL);
> }
>
> @@ -144,6 +147,7 @@ int print_fdb(struct nlmsghdr *n, void *arg)
> struct ndmsg *r = NLMSG_DATA(n);
> int len = n->nlmsg_len;
> struct rtattr *tb[NDA_MAX+1];
> + __u32 ext_flags = 0;
> __u16 vid = 0;
>
> if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH) {
> @@ -170,6 +174,9 @@ int print_fdb(struct nlmsghdr *n, void *arg)
> parse_rtattr(tb, NDA_MAX, NDA_RTA(r),
> n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
>
> + if (tb[NDA_FLAGS_EXT])
> + ext_flags = rta_getattr_u32(tb[NDA_FLAGS_EXT]);
> +
> if (tb[NDA_VLAN])
> vid = rta_getattr_u16(tb[NDA_VLAN]);
>
> @@ -266,7 +273,7 @@ int print_fdb(struct nlmsghdr *n, void *arg)
> if (show_stats && tb[NDA_CACHEINFO])
> fdb_print_stats(fp, RTA_DATA(tb[NDA_CACHEINFO]));
>
> - fdb_print_flags(fp, r->ndm_flags);
> + fdb_print_flags(fp, r->ndm_flags, ext_flags);
>
>
> if (tb[NDA_MASTER])
> --
> 2.34.1
>
Powered by blists - more mailing lists