| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Mar 2023 15:01:26 +0200
From: Ido Schimmel <idosch@...dia.com>
To: netdev@...r.kernel.org
Cc: dsahern@...il.com, stephen@...workplumber.org, razor@...ckwall.org,
petrm@...dia.com, mlxsw@...dia.com,
Ido Schimmel <idosch@...dia.com>
Subject: [PATCH iproute2-next 6/7] bridge: mdb: Add outgoing interface support
In a similar fashion to VXLAN FDB entries, allow user space to program
and view the outgoing interface of VXLAN MDB entries. Specifically, add
support for the 'MDBE_ATTR_IFINDEX' and 'MDBA_MDB_EATTR_IFINDEX'
attributes in request and response messages, respectively.
The outgoing interface will be forced during the underlay route lookup
and is required when the underlay destination IP is multicast, as the
multicast routing tables are not consulted.
Example:
# bridge mdb add dev vxlan0 port vxlan0 grp 239.1.1.1 permanent dst 198.51.100.1 via dummy10
$ bridge -d -s mdb show
dev vxlan0 port vxlan0 grp 239.1.1.1 permanent filter_mode exclude proto static dst 198.51.100.1 via dummy10 0.00
$ bridge -d -s -j -p mdb show
[ {
"mdb": [ {
"index": 10,
"dev": "vxlan0",
"port": "vxlan0",
"grp": "239.1.1.1",
"state": "permanent",
"filter_mode": "exclude",
"protocol": "static",
"flags": [ ],
"dst": "198.51.100.1",
"via": "dummy10",
"timer": " 0.00"
} ],
"router": {}
} ]
Signed-off-by: Ido Schimmel <idosch@...dia.com>
---
bridge/mdb.c | 32 ++++++++++++++++++++++++++++++--
man/man8/bridge.8 | 9 ++++++++-
2 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/bridge/mdb.c b/bridge/mdb.c
index ee83aa38bced..dcc082353514 100644
--- a/bridge/mdb.c
+++ b/bridge/mdb.c
@@ -34,7 +34,7 @@ static void usage(void)
fprintf(stderr,
"Usage: bridge mdb { add | del | replace } dev DEV port PORT grp GROUP [src SOURCE] [permanent | temp] [vid VID]\n"
" [ filter_mode { include | exclude } ] [ source_list SOURCE_LIST ] [ proto PROTO ] [ dst IPADDR ]\n"
- " [ dst_port DST_PORT ] [ vni VNI ] [ src_vni SRC_VNI ]\n"
+ " [ dst_port DST_PORT ] [ vni VNI ] [ src_vni SRC_VNI ] [ via DEV ]\n"
" bridge mdb {show} [ dev DEV ] [ vid VID ]\n");
exit(-1);
}
@@ -272,6 +272,14 @@ static void print_mdb_entry(FILE *f, int ifindex, const struct br_mdb_entry *e,
print_uint(PRINT_ANY, "src_vni", " src_vni %u",
rta_getattr_u32(tb[MDBA_MDB_EATTR_SRC_VNI]));
+ if (tb[MDBA_MDB_EATTR_IFINDEX]) {
+ unsigned int ifindex;
+
+ ifindex = rta_getattr_u32(tb[MDBA_MDB_EATTR_IFINDEX]);
+ print_string(PRINT_ANY, "via", " via %s",
+ ll_index_to_name(ifindex));
+ }
+
if (show_stats && tb && tb[MDBA_MDB_EATTR_TIMER]) {
__u32 timer = rta_getattr_u32(tb[MDBA_MDB_EATTR_TIMER]);
@@ -659,6 +667,19 @@ static int mdb_parse_vni(struct nlmsghdr *n, int maxlen, const char *vni,
return 0;
}
+static int mdb_parse_dev(struct nlmsghdr *n, int maxlen, const char *dev)
+{
+ unsigned int ifindex;
+
+ ifindex = ll_name_to_index(dev);
+ if (!ifindex)
+ return -1;
+
+ addattr32(n, maxlen, MDBE_ATTR_IFINDEX, ifindex);
+
+ return 0;
+}
+
static int mdb_modify(int cmd, int flags, int argc, char **argv)
{
struct {
@@ -672,7 +693,7 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv)
.bpm.family = PF_BRIDGE,
};
char *d = NULL, *p = NULL, *grp = NULL, *src = NULL, *mode = NULL;
- char *dst_port = NULL, *vni = NULL, *src_vni = NULL;
+ char *dst_port = NULL, *vni = NULL, *src_vni = NULL, *via = NULL;
char *src_list = NULL, *proto = NULL, *dst = NULL;
struct br_mdb_entry entry = {};
bool set_attrs = false;
@@ -728,6 +749,10 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv)
NEXT_ARG();
src_vni = *argv;
set_attrs = true;
+ } else if (strcmp(*argv, "via") == 0) {
+ NEXT_ARG();
+ via = *argv;
+ set_attrs = true;
} else {
if (matches(*argv, "help") == 0)
usage();
@@ -806,6 +831,9 @@ static int mdb_modify(int cmd, int flags, int argc, char **argv)
return -1;
}
+ if (via && mdb_parse_dev(&req.n, sizeof(req), via))
+ return nodev(via);
+
addattr_nest_end(&req.n, nest);
}
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index 88046dc1a2b4..9753ce9e92b4 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -153,7 +153,9 @@ bridge \- show / manipulate bridge addresses and devices
.B vni
.IR VNI " ] [ "
.B src_vni
-.IR SRC_VNI " ]
+.IR SRC_VNI " ] [ "
+.B via
+.IR DEV " ]
.ti -8
.BR "bridge mdb show" " [ "
@@ -1006,6 +1008,11 @@ the source VNI Network Identifier this entry belongs to. Used only when the
VXLAN device is in external mode. If omitted, the value specified at VXLAN
device creation will be used.
+.TP
+.BI via " DEV"
+device name of the outgoing interface for the VXLAN device to reach the remote
+VXLAN tunnel endpoint.
+
.in -8
.SS bridge mdb delete - delete a multicast group database entry
This command removes an existing mdb entry.
--
2.37.3
Powered by blists - more mailing lists