| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Apr 2023 19:09:51 +0300
From: Ido Schimmel <idosch@...dia.com>
To: netdev@...r.kernel.org
Cc: dsahern@...il.com, stephen@...workplumber.org, razor@...ckwall.org,
liuhangbin@...il.com, Ido Schimmel <idosch@...dia.com>
Subject: [PATCH iproute2-next 2/2] bridge: link: Add support for neigh_vlan_suppress option
Add support for the per-port neigh_vlan_suppress option. Example:
# bridge link set dev swp1 neigh_vlan_suppress on
# bridge -d -j -p link show dev swp1
[ {
"ifindex": 62,
"ifname": "swp1",
"flags": [ "BROADCAST","NOARP","UP","LOWER_UP" ],
"mtu": 1500,
"master": "br0",
"state": "forwarding",
"priority": 32,
"cost": 100,
"hairpin": false,
"guard": false,
"root_block": false,
"fastleave": false,
"learning": true,
"flood": true,
"mcast_flood": true,
"bcast_flood": true,
"mcast_router": 1,
"mcast_to_unicast": false,
"neigh_suppress": false,
"neigh_vlan_suppress": true,
"vlan_tunnel": false,
"isolated": false,
"locked": false,
"mab": false,
"mcast_n_groups": 0,
"mcast_max_groups": 0
} ]
# bridge -d link show dev swp1
62: swp1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress on vlan_tunnel off isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0
# bridge link set dev swp1 neigh_vlan_suppress off
# bridge -d -j -p link show dev swp1
[ {
"ifindex": 62,
"ifname": "swp1",
"flags": [ "BROADCAST","NOARP","UP","LOWER_UP" ],
"mtu": 1500,
"master": "br0",
"state": "forwarding",
"priority": 32,
"cost": 100,
"hairpin": false,
"guard": false,
"root_block": false,
"fastleave": false,
"learning": true,
"flood": true,
"mcast_flood": true,
"bcast_flood": true,
"mcast_router": 1,
"mcast_to_unicast": false,
"neigh_suppress": false,
"neigh_vlan_suppress": false,
"vlan_tunnel": false,
"isolated": false,
"locked": false,
"mab": false,
"mcast_n_groups": 0,
"mcast_max_groups": 0
} ]
# bridge -d link show dev swp1
62: swp1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress off vlan_tunnel off isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0
Signed-off-by: Ido Schimmel <idosch@...dia.com>
---
bridge/link.c | 19 +++++++++++++++++++
ip/iplink_bridge_slave.c | 10 ++++++++++
man/man8/bridge.8 | 8 ++++++++
man/man8/ip-link.8.in | 8 ++++++++
4 files changed, 45 insertions(+)
diff --git a/bridge/link.c b/bridge/link.c
index 9dd7475d6e4a..b35429866f52 100644
--- a/bridge/link.c
+++ b/bridge/link.c
@@ -165,6 +165,14 @@ static void print_protinfo(FILE *fp, struct rtattr *attr)
if (prtb[IFLA_BRPORT_NEIGH_SUPPRESS])
print_on_off(PRINT_ANY, "neigh_suppress", "neigh_suppress %s ",
rta_getattr_u8(prtb[IFLA_BRPORT_NEIGH_SUPPRESS]));
+ if (prtb[IFLA_BRPORT_NEIGH_VLAN_SUPPRESS]) {
+ struct rtattr *at;
+
+ at = prtb[IFLA_BRPORT_NEIGH_VLAN_SUPPRESS];
+ print_on_off(PRINT_ANY, "neigh_vlan_suppress",
+ "neigh_vlan_suppress %s ",
+ rta_getattr_u8(at));
+ }
if (prtb[IFLA_BRPORT_VLAN_TUNNEL])
print_on_off(PRINT_ANY, "vlan_tunnel", "vlan_tunnel %s ",
rta_getattr_u8(prtb[IFLA_BRPORT_VLAN_TUNNEL]));
@@ -296,6 +304,7 @@ static void usage(void)
" [ mcast_to_unicast {on | off} ]\n"
" [ mcast_max_groups MAX_GROUPS ]\n"
" [ neigh_suppress {on | off} ]\n"
+ " [ neigh_vlan_suppress {on | off} ]\n"
" [ vlan_tunnel {on | off} ]\n"
" [ isolated {on | off} ]\n"
" [ locked {on | off} ]\n"
@@ -322,6 +331,7 @@ static int brlink_modify(int argc, char **argv)
char *d = NULL;
int backup_port_idx = -1;
__s8 neigh_suppress = -1;
+ __s8 neigh_vlan_suppress = -1;
__s8 learning = -1;
__s8 learning_sync = -1;
__s8 flood = -1;
@@ -447,6 +457,12 @@ static int brlink_modify(int argc, char **argv)
neigh_suppress = parse_on_off("neigh_suppress", *argv, &ret);
if (ret)
return ret;
+ } else if (strcmp(*argv, "neigh_vlan_suppress") == 0) {
+ NEXT_ARG();
+ neigh_vlan_suppress = parse_on_off("neigh_vlan_suppress",
+ *argv, &ret);
+ if (ret)
+ return ret;
} else if (strcmp(*argv, "vlan_tunnel") == 0) {
NEXT_ARG();
vlan_tunnel = parse_on_off("vlan_tunnel", *argv, &ret);
@@ -544,6 +560,9 @@ static int brlink_modify(int argc, char **argv)
if (neigh_suppress != -1)
addattr8(&req.n, sizeof(req), IFLA_BRPORT_NEIGH_SUPPRESS,
neigh_suppress);
+ if (neigh_vlan_suppress != -1)
+ addattr8(&req.n, sizeof(req), IFLA_BRPORT_NEIGH_VLAN_SUPPRESS,
+ neigh_vlan_suppress);
if (vlan_tunnel != -1)
addattr8(&req.n, sizeof(req), IFLA_BRPORT_VLAN_TUNNEL,
vlan_tunnel);
diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c
index 66a67961957f..11ab2113fe96 100644
--- a/ip/iplink_bridge_slave.c
+++ b/ip/iplink_bridge_slave.c
@@ -37,6 +37,7 @@ static void print_explain(FILE *f)
" [ mcast_to_unicast {on | off} ]\n"
" [ group_fwd_mask MASK ]\n"
" [ neigh_suppress {on | off} ]\n"
+ " [ neigh_vlan_suppress {on | off} ]\n"
" [ vlan_tunnel {on | off} ]\n"
" [ isolated {on | off} ]\n"
" [ locked {on | off} ]\n"
@@ -261,6 +262,11 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f,
print_on_off(PRINT_ANY, "neigh_suppress", "neigh_suppress %s ",
rta_getattr_u8(tb[IFLA_BRPORT_NEIGH_SUPPRESS]));
+ if (tb[IFLA_BRPORT_NEIGH_VLAN_SUPPRESS])
+ print_on_off(PRINT_ANY, "neigh_vlan_suppress",
+ "neigh_vlan_suppress %s ",
+ rta_getattr_u8(tb[IFLA_BRPORT_NEIGH_VLAN_SUPPRESS]));
+
if (tb[IFLA_BRPORT_GROUP_FWD_MASK]) {
char convbuf[256];
__u16 fwd_mask;
@@ -393,6 +399,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv,
NEXT_ARG();
bridge_slave_parse_on_off("neigh_suppress", *argv, n,
IFLA_BRPORT_NEIGH_SUPPRESS);
+ } else if (strcmp(*argv, "neigh_vlan_suppress") == 0) {
+ NEXT_ARG();
+ bridge_slave_parse_on_off("neigh_vlan_suppress", *argv,
+ n, IFLA_BRPORT_NEIGH_VLAN_SUPPRESS);
} else if (matches(*argv, "group_fwd_mask") == 0) {
__u16 mask;
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index 3bda6dbd61d0..e05528199eab 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -53,6 +53,7 @@ bridge \- show / manipulate bridge addresses and devices
.IR MULTICAST_ROUTER " ] ["
.BR mcast_to_unicast " { " on " | " off " } ] [ "
.BR neigh_suppress " { " on " | " off " } ] [ "
+.BR neigh_vlan_suppress " { " on " | " off " } ] [ "
.BR vlan_tunnel " { " on " | " off " } ] [ "
.BR isolated " { " on " | " off " } ] [ "
.BR locked " { " on " | " off " } ] [ "
@@ -590,6 +591,13 @@ only deliver reports to STAs running a multicast router.
Controls whether neigh discovery (arp and nd) proxy and suppression is
enabled on the port. By default this flag is off.
+.TP
+.BR "neigh_vlan_suppress on " or " neigh_vlan_suppress off "
+Controls whether per-VLAN neigh discovery (arp and nd) proxy and suppression is
+enabled on the port. When on, the \fBbridge link\fR option \fBneigh_suppress\fR
+has no effect and the per-VLAN state is set using the \fBbridge vlan\fR option
+\fBneigh_suppress\fR. By default this flag is off.
+
.TP
.BR "vlan_tunnel on " or " vlan_tunnel off "
Controls whether vlan to tunnel mapping is enabled on the port. By
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 8cec5fe36761..bf3605a9fa2e 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -2517,6 +2517,8 @@ the following additional arguments are supported:
] [
.BR neigh_suppress " { " on " | " off " }"
] [
+.BR neigh_vlan_suppress " { " on " | " off " }"
+] [
.BR vlan_tunnel " { " on " | " off " }"
] [
.BR isolated " { " on " | " off " }"
@@ -2622,6 +2624,12 @@ this port).
- controls whether neigh discovery (arp and nd) proxy and suppression
is enabled on the port. By default this flag is off.
+.BR neigh_vlan_suppress " { " on " | " off " }"
+- controls whether per-VLAN neigh discovery (arp and nd) proxy and suppression
+is enabled on the port. When on, the \fBbridge link\fR option
+\fBneigh_suppress\fR has no effect and the per-VLAN state is set using the
+\fBbridge vlan\fR option \fBneigh_suppress\fR. By default this flag is off.
+
.BR vlan_tunnel " { " on " | " off " }"
- controls whether vlan to tunnel mapping is enabled on the port. By
default this flag is off.
--
2.40.0
Powered by blists - more mailing lists