| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Apr 2023 19:09:50 +0300
From: Ido Schimmel <idosch@...dia.com>
To: netdev@...r.kernel.org
Cc: dsahern@...il.com, stephen@...workplumber.org, razor@...ckwall.org,
liuhangbin@...il.com, Ido Schimmel <idosch@...dia.com>
Subject: [PATCH iproute2-next 1/2] bridge: vlan: Add support for neigh_suppress option
Add support for the per-VLAN neigh_suppress option. Example:
# bridge vlan set vid 10 dev swp1 neigh_suppress on
# bridge -d -j -p vlan show dev swp1 vid 10
[ {
"ifname": "swp1",
"vlans": [ {
"vlan": 10,
"state": "forwarding",
"mcast_router": 1,
"neigh_suppress": true
} ]
} ]
# bridge -d vlan show dev swp1 vid 10
port vlan-id
swp1 10
state forwarding mcast_router 1 neigh_suppress on
# bridge vlan set vid 10 dev swp1 neigh_suppress off
# bridge -d -j -p vlan show dev swp1 vid 10
[ {
"ifname": "swp1",
"vlans": [ {
"vlan": 10,
"state": "forwarding",
"mcast_router": 1,
"neigh_suppress": false
} ]
} ]
# bridge -d vlan show dev swp1 vid 10
port vlan-id
swp1 10
state forwarding mcast_router 1 neigh_suppress off
Signed-off-by: Ido Schimmel <idosch@...dia.com>
---
bridge/vlan.c | 18 ++++++++++++++++++
man/man8/bridge.8 | 11 ++++++++++-
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/bridge/vlan.c b/bridge/vlan.c
index 44e1ba39f01d..5b304ea94224 100644
--- a/bridge/vlan.c
+++ b/bridge/vlan.c
@@ -38,6 +38,7 @@ static void usage(void)
" bridge vlan { set } vid VLAN_ID dev DEV [ state STP_STATE ]\n"
" [ mcast_router MULTICAST_ROUTER ]\n"
" [ mcast_max_groups MAX_GROUPS ]\n"
+ " [ neigh_suppress {on | off} ]\n"
" bridge vlan { show } [ dev DEV ] [ vid VLAN_ID ]\n"
" bridge vlan { tunnelshow } [ dev DEV ] [ vid VLAN_ID ]\n"
" bridge vlan global { set } vid VLAN_ID dev DEV\n"
@@ -354,6 +355,18 @@ static int vlan_option_set(int argc, char **argv)
addattr32(&req.n, sizeof(req),
BRIDGE_VLANDB_ENTRY_MCAST_MAX_GROUPS,
max_groups);
+ } else if (strcmp(*argv, "neigh_suppress") == 0) {
+ bool neigh_suppress;
+ int ret;
+
+ NEXT_ARG();
+ neigh_suppress = parse_on_off("neigh_suppress", *argv,
+ &ret);
+ if (ret)
+ return ret;
+ addattr8(&req.n, sizeof(req),
+ BRIDGE_VLANDB_ENTRY_NEIGH_SUPPRESS,
+ neigh_suppress);
} else {
if (matches(*argv, "help") == 0)
NEXT_ARG();
@@ -1041,6 +1054,11 @@ static void print_vlan_opts(struct rtattr *a, int ifindex)
print_uint(PRINT_ANY, "mcast_max_groups", "mcast_max_groups %u ",
rta_getattr_u32(vattr));
}
+ if (vtb[BRIDGE_VLANDB_ENTRY_NEIGH_SUPPRESS]) {
+ vattr = vtb[BRIDGE_VLANDB_ENTRY_NEIGH_SUPPRESS];
+ print_on_off(PRINT_ANY, "neigh_suppress", "neigh_suppress %s ",
+ rta_getattr_u8(vattr));
+ }
print_nl();
if (show_stats)
__print_one_vlan_stats(&vstats);
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index 4006ad23ea74..3bda6dbd61d0 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -184,7 +184,8 @@ bridge \- show / manipulate bridge addresses and devices
.B mcast_max_groups
.IR MAX_GROUPS " ] [ "
.B mcast_router
-.IR MULTICAST_ROUTER " ]"
+.IR MULTICAST_ROUTER " ] [ "
+.BR neigh_suppress " { " on " | " off " } ]"
.ti -8
.BR "bridge vlan" " [ " show " | " tunnelshow " ] [ "
@@ -1204,6 +1205,14 @@ may be either
enable multicast traffic forwarding. This mode is available only for ports.
.sp
+.TP
+.BR "neigh_suppress on " or " neigh_suppress off "
+Controls whether neigh discovery (arp and nd) proxy and suppression is enabled
+for a given VLAN on a given port. By default this flag is off.
+
+Note that this option only takes effect when \fBbridge link\fR option
+\fBneigh_vlan_suppress\fR is enabled for a given port.
+
.SS bridge vlan show - list vlan configuration.
This command displays the current VLAN filter table.
--
2.40.0
Powered by blists - more mailing lists