lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20230424160951.232878-3-idosch@nvidia.com>
Date:   Mon, 24 Apr 2023 19:09:51 +0300
From:   Ido Schimmel <idosch@...dia.com>
To:     netdev@...r.kernel.org
Cc:     dsahern@...il.com, stephen@...workplumber.org, razor@...ckwall.org,
        liuhangbin@...il.com, Ido Schimmel <idosch@...dia.com>
Subject: [PATCH iproute2-next 2/2] bridge: link: Add support for neigh_vlan_suppress option

Add support for the per-port neigh_vlan_suppress option. Example:

 # bridge link set dev swp1 neigh_vlan_suppress on
 # bridge -d -j -p link show dev swp1
 [ {
         "ifindex": 62,
         "ifname": "swp1",
         "flags": [ "BROADCAST","NOARP","UP","LOWER_UP" ],
         "mtu": 1500,
         "master": "br0",
         "state": "forwarding",
         "priority": 32,
         "cost": 100,
         "hairpin": false,
         "guard": false,
         "root_block": false,
         "fastleave": false,
         "learning": true,
         "flood": true,
         "mcast_flood": true,
         "bcast_flood": true,
         "mcast_router": 1,
         "mcast_to_unicast": false,
         "neigh_suppress": false,
         "neigh_vlan_suppress": true,
         "vlan_tunnel": false,
         "isolated": false,
         "locked": false,
         "mab": false,
         "mcast_n_groups": 0,
         "mcast_max_groups": 0
     } ]
 # bridge -d link show dev swp1
 62: swp1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
     hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress on vlan_tunnel off isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0

 # bridge link set dev swp1 neigh_vlan_suppress off
 # bridge -d -j -p link show dev swp1
 [ {
         "ifindex": 62,
         "ifname": "swp1",
         "flags": [ "BROADCAST","NOARP","UP","LOWER_UP" ],
         "mtu": 1500,
         "master": "br0",
         "state": "forwarding",
         "priority": 32,
         "cost": 100,
         "hairpin": false,
         "guard": false,
         "root_block": false,
         "fastleave": false,
         "learning": true,
         "flood": true,
         "mcast_flood": true,
         "bcast_flood": true,
         "mcast_router": 1,
         "mcast_to_unicast": false,
         "neigh_suppress": false,
         "neigh_vlan_suppress": false,
         "vlan_tunnel": false,
         "isolated": false,
         "locked": false,
         "mab": false,
         "mcast_n_groups": 0,
         "mcast_max_groups": 0
     } ]
 # bridge -d link show dev swp1
 62: swp1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
     hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress off vlan_tunnel off isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0

Signed-off-by: Ido Schimmel <idosch@...dia.com>
---
 bridge/link.c            | 19 +++++++++++++++++++
 ip/iplink_bridge_slave.c | 10 ++++++++++
 man/man8/bridge.8        |  8 ++++++++
 man/man8/ip-link.8.in    |  8 ++++++++
 4 files changed, 45 insertions(+)

diff --git a/bridge/link.c b/bridge/link.c
index 9dd7475d6e4a..b35429866f52 100644
--- a/bridge/link.c
+++ b/bridge/link.c
@@ -165,6 +165,14 @@ static void print_protinfo(FILE *fp, struct rtattr *attr)
 		if (prtb[IFLA_BRPORT_NEIGH_SUPPRESS])
 			print_on_off(PRINT_ANY, "neigh_suppress", "neigh_suppress %s ",
 				     rta_getattr_u8(prtb[IFLA_BRPORT_NEIGH_SUPPRESS]));
+		if (prtb[IFLA_BRPORT_NEIGH_VLAN_SUPPRESS]) {
+			struct rtattr *at;
+
+			at = prtb[IFLA_BRPORT_NEIGH_VLAN_SUPPRESS];
+			print_on_off(PRINT_ANY, "neigh_vlan_suppress",
+				     "neigh_vlan_suppress %s ",
+				     rta_getattr_u8(at));
+		}
 		if (prtb[IFLA_BRPORT_VLAN_TUNNEL])
 			print_on_off(PRINT_ANY, "vlan_tunnel", "vlan_tunnel %s ",
 				     rta_getattr_u8(prtb[IFLA_BRPORT_VLAN_TUNNEL]));
@@ -296,6 +304,7 @@ static void usage(void)
 		"                               [ mcast_to_unicast {on | off} ]\n"
 		"                               [ mcast_max_groups MAX_GROUPS ]\n"
 		"                               [ neigh_suppress {on | off} ]\n"
+		"                               [ neigh_vlan_suppress {on | off} ]\n"
 		"                               [ vlan_tunnel {on | off} ]\n"
 		"                               [ isolated {on | off} ]\n"
 		"                               [ locked {on | off} ]\n"
@@ -322,6 +331,7 @@ static int brlink_modify(int argc, char **argv)
 	char *d = NULL;
 	int backup_port_idx = -1;
 	__s8 neigh_suppress = -1;
+	__s8 neigh_vlan_suppress = -1;
 	__s8 learning = -1;
 	__s8 learning_sync = -1;
 	__s8 flood = -1;
@@ -447,6 +457,12 @@ static int brlink_modify(int argc, char **argv)
 			neigh_suppress = parse_on_off("neigh_suppress", *argv, &ret);
 			if (ret)
 				return ret;
+		} else if (strcmp(*argv, "neigh_vlan_suppress") == 0) {
+			NEXT_ARG();
+			neigh_vlan_suppress = parse_on_off("neigh_vlan_suppress",
+							   *argv, &ret);
+			if (ret)
+				return ret;
 		} else if (strcmp(*argv, "vlan_tunnel") == 0) {
 			NEXT_ARG();
 			vlan_tunnel = parse_on_off("vlan_tunnel", *argv, &ret);
@@ -544,6 +560,9 @@ static int brlink_modify(int argc, char **argv)
 	if (neigh_suppress != -1)
 		addattr8(&req.n, sizeof(req), IFLA_BRPORT_NEIGH_SUPPRESS,
 			 neigh_suppress);
+	if (neigh_vlan_suppress != -1)
+		addattr8(&req.n, sizeof(req), IFLA_BRPORT_NEIGH_VLAN_SUPPRESS,
+			 neigh_vlan_suppress);
 	if (vlan_tunnel != -1)
 		addattr8(&req.n, sizeof(req), IFLA_BRPORT_VLAN_TUNNEL,
 			 vlan_tunnel);
diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c
index 66a67961957f..11ab2113fe96 100644
--- a/ip/iplink_bridge_slave.c
+++ b/ip/iplink_bridge_slave.c
@@ -37,6 +37,7 @@ static void print_explain(FILE *f)
 		"			[ mcast_to_unicast {on | off} ]\n"
 		"			[ group_fwd_mask MASK ]\n"
 		"			[ neigh_suppress {on | off} ]\n"
+		"			[ neigh_vlan_suppress {on | off} ]\n"
 		"			[ vlan_tunnel {on | off} ]\n"
 		"			[ isolated {on | off} ]\n"
 		"			[ locked {on | off} ]\n"
@@ -261,6 +262,11 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f,
 		print_on_off(PRINT_ANY, "neigh_suppress", "neigh_suppress %s ",
 			     rta_getattr_u8(tb[IFLA_BRPORT_NEIGH_SUPPRESS]));
 
+	if (tb[IFLA_BRPORT_NEIGH_VLAN_SUPPRESS])
+		print_on_off(PRINT_ANY, "neigh_vlan_suppress",
+			     "neigh_vlan_suppress %s ",
+			     rta_getattr_u8(tb[IFLA_BRPORT_NEIGH_VLAN_SUPPRESS]));
+
 	if (tb[IFLA_BRPORT_GROUP_FWD_MASK]) {
 		char convbuf[256];
 		__u16 fwd_mask;
@@ -393,6 +399,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv,
 			NEXT_ARG();
 			bridge_slave_parse_on_off("neigh_suppress", *argv, n,
 						  IFLA_BRPORT_NEIGH_SUPPRESS);
+		} else if (strcmp(*argv, "neigh_vlan_suppress") == 0) {
+			NEXT_ARG();
+			bridge_slave_parse_on_off("neigh_vlan_suppress", *argv,
+						  n, IFLA_BRPORT_NEIGH_VLAN_SUPPRESS);
 		} else if (matches(*argv, "group_fwd_mask") == 0) {
 			__u16 mask;
 
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index 3bda6dbd61d0..e05528199eab 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -53,6 +53,7 @@ bridge \- show / manipulate bridge addresses and devices
 .IR MULTICAST_ROUTER " ] ["
 .BR mcast_to_unicast " { " on " | " off " } ] [ "
 .BR neigh_suppress " { " on " | " off " } ] [ "
+.BR neigh_vlan_suppress " { " on " | " off " } ] [ "
 .BR vlan_tunnel " { " on " | " off " } ] [ "
 .BR isolated " { " on " | " off " } ] [ "
 .BR locked " { " on " | " off " } ] [ "
@@ -590,6 +591,13 @@ only deliver reports to STAs running a multicast router.
 Controls whether neigh discovery (arp and nd) proxy and suppression is
 enabled on the port. By default this flag is off.
 
+.TP
+.BR "neigh_vlan_suppress on " or " neigh_vlan_suppress off "
+Controls whether per-VLAN neigh discovery (arp and nd) proxy and suppression is
+enabled on the port. When on, the \fBbridge link\fR option \fBneigh_suppress\fR
+has no effect and the per-VLAN state is set using the \fBbridge vlan\fR option
+\fBneigh_suppress\fR. By default this flag is off.
+
 .TP
 .BR "vlan_tunnel on " or " vlan_tunnel off "
 Controls whether vlan to tunnel mapping is enabled on the port. By
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 8cec5fe36761..bf3605a9fa2e 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -2517,6 +2517,8 @@ the following additional arguments are supported:
 ] [
 .BR neigh_suppress " { " on " | " off " }"
 ] [
+.BR neigh_vlan_suppress " { " on " | " off " }"
+] [
 .BR vlan_tunnel " { " on " | " off " }"
 ] [
 .BR isolated " { " on " | " off " }"
@@ -2622,6 +2624,12 @@ this port).
 - controls whether neigh discovery (arp and nd) proxy and suppression
 is enabled on the port. By default this flag is off.
 
+.BR neigh_vlan_suppress " { " on " | " off " }"
+- controls whether per-VLAN neigh discovery (arp and nd) proxy and suppression
+is enabled on the port. When on, the \fBbridge link\fR option
+\fBneigh_suppress\fR has no effect and the per-VLAN state is set using the
+\fBbridge vlan\fR option \fBneigh_suppress\fR. By default this flag is off.
+
 .BR vlan_tunnel " { " on " | " off " }"
 - controls whether vlan to tunnel mapping is enabled on the port. By
 default this flag is off.
-- 
2.40.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ