| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZJBoNYWkE7ts8MHF@shredder>
Date: Mon, 19 Jun 2023 17:37:41 +0300
From: Ido Schimmel <idosch@...dia.com>
To: Johannes Nixdorf <jnixdorf-oss@....de>
Cc: bridge@...ts.linux-foundation.org, netdev@...r.kernel.org,
David Ahern <dsahern@...il.com>,
Nikolay Aleksandrov <razor@...ckwall.org>,
Vladimir Oltean <vladimir.oltean@....com>,
Andrew Lunn <andrew@...n.ch>,
Florian Fainelli <f.fainelli@...il.com>,
Oleksij Rempel <linux@...pel-privat.de>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Roopa Prabhu <roopa@...dia.com>
Subject: Re: [PATCH iproute2-next 1/1] iplink: bridge: Add support for bridge
FDB learning limits
Please see the following link regarding posting of iproute2 patches:
https://www.kernel.org/doc/html/latest/process/maintainer-netdev.html#co-posting-changes-to-user-space-components
On Mon, Jun 19, 2023 at 09:14:44AM +0200, Johannes Nixdorf wrote:
> Support setting the FDB limit through ip link. The arguments is:
> - fdb_max_learned_entries: A 32-bit unsigned integer specifying the
> maximum number of learned FDB entries, with 0
> disabling the limit.
>
> Also support reading back the current number of learned FDB entries in
> the bridge by this count. The returned value's name is:
> - fdb_cur_learned_entries: A 32-bit unsigned integer specifying the
> current number of learned FDB entries.
MDB has "mcast_n_groups" and "mcast_max_groups". Maybe use
"fdb_n_learned_entries" to be consistent?
>
> Example:
>
> # ip -d -j -p link show br0
> [ {
> ...
> "linkinfo": {
> "info_kind": "bridge",
> "info_data": {
> ...
> "fdb_cur_learned_entries": 2,
> "fdb_max_learned_entries": 0,
> ...
> }
> },
> ...
> } ]
> # ip link set br0 type bridge fdb_max_learned_entries 1024
> # ip -d -j -p link show br0
> [ {
> ...
> "linkinfo": {
> "info_kind": "bridge",
> "info_data": {
> ...
> "fdb_cur_learned_entries": 2,
> "fdb_max_learned_entries": 1024,
> ...
> }
> },
> ...
> } ]
>
> Signed-off-by: Johannes Nixdorf <jnixdorf-oss@....de>
> ---
> include/uapi/linux/if_link.h | 2 ++
> ip/iplink_bridge.c | 21 +++++++++++++++++++++
> man/man8/ip-link.8.in | 9 +++++++++
> 3 files changed, 32 insertions(+)
>
> diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
> index 94fb7ef9e226..5ad1e2727e0d 100644
> --- a/include/uapi/linux/if_link.h
> +++ b/include/uapi/linux/if_link.h
> @@ -508,6 +508,8 @@ enum {
> IFLA_BR_VLAN_STATS_PER_PORT,
> IFLA_BR_MULTI_BOOLOPT,
> IFLA_BR_MCAST_QUERIER_STATE,
> + IFLA_BR_FDB_CUR_LEARNED_ENTRIES,
> + IFLA_BR_FDB_MAX_LEARNED_ENTRIES,
> __IFLA_BR_MAX,
> };
>
> diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c
> index 7e4e62c81c0c..68ed3c251945 100644
> --- a/ip/iplink_bridge.c
> +++ b/ip/iplink_bridge.c
> @@ -34,6 +34,7 @@ static void print_explain(FILE *f)
> " [ group_fwd_mask MASK ]\n"
> " [ group_address ADDRESS ]\n"
> " [ no_linklocal_learn NO_LINKLOCAL_LEARN ]\n"
> + " [ fdb_max_learned_entries FDB_MAX_LEARNED_ENTRIES ]\n"
> " [ vlan_filtering VLAN_FILTERING ]\n"
> " [ vlan_protocol VLAN_PROTOCOL ]\n"
> " [ vlan_default_pvid VLAN_DEFAULT_PVID ]\n"
> @@ -168,6 +169,14 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv,
> bm.optval |= no_ll_learn_bit;
> else
> bm.optval &= ~no_ll_learn_bit;
> + } else if (matches(*argv, "fdb_max_learned_entries") == 0) {
New code is expected to use strcmp() instead of matches().
> + __u32 fdb_max_learned_entries;
> +
> + NEXT_ARG();
> + if (get_u32(&fdb_max_learned_entries, *argv, 0))
> + invarg("invalid fdb_max_learned_entries", *argv);
> +
> + addattr32(n, 1024, IFLA_BR_FDB_MAX_LEARNED_ENTRIES, fdb_max_learned_entries);
> } else if (matches(*argv, "fdb_flush") == 0) {
> addattr(n, 1024, IFLA_BR_FDB_FLUSH);
> } else if (matches(*argv, "vlan_default_pvid") == 0) {
> @@ -544,6 +553,18 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
> if (tb[IFLA_BR_GC_TIMER])
> _bridge_print_timer(f, "gc_timer", tb[IFLA_BR_GC_TIMER]);
>
> + if (tb[IFLA_BR_FDB_CUR_LEARNED_ENTRIES])
> + print_uint(PRINT_ANY,
> + "fdb_cur_learned_entries",
> + "fdb_cur_learned_entries %u ",
> + rta_getattr_u32(tb[IFLA_BR_FDB_CUR_LEARNED_ENTRIES]));
> +
> + if (tb[IFLA_BR_FDB_MAX_LEARNED_ENTRIES])
> + print_uint(PRINT_ANY,
> + "fdb_max_learned_entries",
> + "fdb_max_learned_entries %u ",
> + rta_getattr_u32(tb[IFLA_BR_FDB_MAX_LEARNED_ENTRIES]));
> +
> if (tb[IFLA_BR_VLAN_DEFAULT_PVID])
> print_uint(PRINT_ANY,
> "vlan_default_pvid",
> diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
> index bf3605a9fa2e..a29595858a51 100644
> --- a/man/man8/ip-link.8.in
> +++ b/man/man8/ip-link.8.in
> @@ -1620,6 +1620,8 @@ the following additional arguments are supported:
> ] [
> .BI no_linklocal_learn " NO_LINKLOCAL_LEARN "
> ] [
> +.BI fdb_max_entries " FDB_MAX_ENTRIES "
Inconsistent with actual name.
> +] [
> .BI vlan_filtering " VLAN_FILTERING "
> ] [
> .BI vlan_protocol " VLAN_PROTOCOL "
> @@ -1731,6 +1733,13 @@ or off
> When disabled, the bridge will not learn from link-local frames (default:
> enabled).
>
> +.BI fdb_max_learned_entries " FDB_MAX_LEARNED_ENTRIES "
> +- set the maximum number of learned FDB entries linux may create. If
You can drop "linux may create".
> +.RI ( FDB_MAX_LEARNED_ENTRIES " == 0) "
> +the feature is disabled.
Please mention it's the default.
> +.I FDB_MAX_LEARNED_ENTRIES
> +is a 32bit unsigned integer.
> +
> .BI vlan_filtering " VLAN_FILTERING "
> - turn VLAN filtering on
> .RI ( VLAN_FILTERING " > 0) "
> --
> 2.40.1
>
Powered by blists - more mailing lists