lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240702120805.2391594-5-tobias@waldekranz.com>
Date: Tue,  2 Jul 2024 14:08:05 +0200
From: Tobias Waldekranz <tobias@...dekranz.com>
To: stephen@...workplumber.org,
	dsahern@...nel.org,
	roopa@...dia.com,
	razor@...ckwall.org,
	bridge@...ts.linux.dev,
	netdev@...r.kernel.org
Cc: liuhangbin@...il.com
Subject: [PATCH v3 iproute2 4/4] bridge: mst: Add get/set support for MST states

Allow a port's spanning tree state to be modified on a per-MSTI basis,
and support dumping the current MST states for every port and MSTI.

Signed-off-by: Tobias Waldekranz <tobias@...dekranz.com>
---
 bridge/Makefile    |   2 +-
 bridge/br_common.h |   1 +
 bridge/bridge.c    |   3 +-
 bridge/mst.c       | 258 +++++++++++++++++++++++++++++++++++++++++++++
 man/man8/bridge.8  |  57 ++++++++++
 5 files changed, 319 insertions(+), 2 deletions(-)
 create mode 100644 bridge/mst.c

diff --git a/bridge/Makefile b/bridge/Makefile
index 01f8a455..4c57df43 100644
--- a/bridge/Makefile
+++ b/bridge/Makefile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: GPL-2.0
-BROBJ = bridge.o fdb.o monitor.o link.o mdb.o vlan.o vni.o
+BROBJ = bridge.o fdb.o monitor.o link.o mdb.o mst.o vlan.o vni.o
 
 include ../config.mk
 
diff --git a/bridge/br_common.h b/bridge/br_common.h
index 704e76b0..3a0cf882 100644
--- a/bridge/br_common.h
+++ b/bridge/br_common.h
@@ -20,6 +20,7 @@ void print_headers(FILE *fp, const char *label);
 int do_fdb(int argc, char **argv);
 int do_mdb(int argc, char **argv);
 int do_monitor(int argc, char **argv);
+int do_mst(int argc, char **argv);
 int do_vlan(int argc, char **argv);
 int do_link(int argc, char **argv);
 int do_vni(int argc, char **argv);
diff --git a/bridge/bridge.c b/bridge/bridge.c
index ef592815..f8b5646a 100644
--- a/bridge/bridge.c
+++ b/bridge/bridge.c
@@ -36,7 +36,7 @@ static void usage(void)
 	fprintf(stderr,
 "Usage: bridge [ OPTIONS ] OBJECT { COMMAND | help }\n"
 "       bridge [ -force ] -batch filename\n"
-"where  OBJECT := { link | fdb | mdb | vlan | vni | monitor }\n"
+"where  OBJECT := { link | fdb | mdb | mst | vlan | vni | monitor }\n"
 "       OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] |\n"
 "                    -o[neline] | -t[imestamp] | -n[etns] name |\n"
 "                    -com[pressvlans] -c[olor] -p[retty] -j[son] }\n");
@@ -56,6 +56,7 @@ static const struct cmd {
 	{ "link",	do_link },
 	{ "fdb",	do_fdb },
 	{ "mdb",	do_mdb },
+	{ "mst",	do_mst },
 	{ "vlan",	do_vlan },
 	{ "vni",	do_vni },
 	{ "monitor",	do_monitor },
diff --git a/bridge/mst.c b/bridge/mst.c
new file mode 100644
index 00000000..f8447284
--- /dev/null
+++ b/bridge/mst.c
@@ -0,0 +1,258 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Get/set Multiple Spanning Tree (MST) states
+ */
+
+#include <stdio.h>
+#include <linux/if_bridge.h>
+#include <net/if.h>
+
+#include "libnetlink.h"
+#include "json_print.h"
+#include "utils.h"
+
+#include "br_common.h"
+
+#define MST_ID_LEN 9
+
+static unsigned int filter_index;
+
+static void usage(void)
+{
+	fprintf(stderr,
+		"Usage: bridge mst set dev DEV msti MSTI state STATE\n"
+		"       bridge mst {show} [ dev DEV ]\n");
+	exit(-1);
+}
+
+static void print_mst_entry(struct rtattr *a, FILE *fp)
+{
+	struct rtattr *tb[IFLA_BRIDGE_MST_ENTRY_MAX + 1];
+	__u16 msti = 0;
+	__u8 state = 0;
+
+	parse_rtattr_flags(tb, IFLA_BRIDGE_MST_ENTRY_MAX, RTA_DATA(a),
+			   RTA_PAYLOAD(a), NLA_F_NESTED);
+
+
+	if (!(tb[IFLA_BRIDGE_MST_ENTRY_MSTI] &&
+	      tb[IFLA_BRIDGE_MST_ENTRY_STATE])) {
+		fprintf(stderr, "BUG: broken MST entry");
+		return;
+	}
+
+	msti = rta_getattr_u16(tb[IFLA_BRIDGE_MST_ENTRY_MSTI]);
+	state = rta_getattr_u8(tb[IFLA_BRIDGE_MST_ENTRY_STATE]);
+
+	open_json_object(NULL);
+	print_uint(PRINT_ANY, "msti", "%u", msti);
+	print_nl();
+	print_string(PRINT_FP, NULL, "%-" textify(IFNAMSIZ) "s    ", "");
+	print_stp_state(state);
+	print_nl();
+	close_json_object();
+}
+
+static int print_msts(struct nlmsghdr *n, void *arg)
+{
+	struct ifinfomsg *ifi = NLMSG_DATA(n);
+	struct rtattr *af_spec, *mst, *a;
+	int rem = n->nlmsg_len;
+	bool opened = false;
+
+	rem -= NLMSG_LENGTH(sizeof(*ifi));
+	if (rem < 0) {
+		fprintf(stderr, "BUG: wrong nlmsg len %d\n", rem);
+		return -1;
+	}
+
+	af_spec = parse_rtattr_one(IFLA_AF_SPEC, IFLA_RTA(ifi), rem);
+	if (!af_spec)
+		return -1;
+
+	if (filter_index && filter_index != ifi->ifi_index)
+		return 0;
+
+	mst = parse_rtattr_one_nested(NLA_F_NESTED | IFLA_BRIDGE_MST, af_spec);
+	if (!mst)
+		return 0;
+
+	rem = RTA_PAYLOAD(mst);
+	for (a = RTA_DATA(mst); RTA_OK(a, rem); a = RTA_NEXT(a, rem)) {
+		unsigned short rta_type = a->rta_type & NLA_TYPE_MASK;
+
+		switch (rta_type) {
+		case IFLA_BRIDGE_MST_ENTRY:
+			if (!opened) {
+				open_json_object(NULL);
+				print_color_string(PRINT_ANY, COLOR_IFNAME,
+						   "ifname",
+						   "%-" textify(IFNAMSIZ) "s  ",
+						   ll_index_to_name(ifi->ifi_index));
+				open_json_array(PRINT_JSON, "mst");
+				opened = true;
+			} else {
+				print_string(PRINT_FP, NULL, "%-"
+					     textify(IFNAMSIZ) "s  ", "");
+			}
+
+			print_mst_entry(a, arg);
+			break;
+		default:
+			continue;
+		}
+	}
+
+	if (opened) {
+		close_json_array(PRINT_JSON, NULL);
+		close_json_object();
+	}
+
+	return 0;
+}
+
+static int mst_show(int argc, char **argv)
+{
+	char *filter_dev = NULL;
+
+	while (argc > 0) {
+		if (strcmp(*argv, "dev") == 0) {
+			NEXT_ARG();
+			if (filter_dev)
+				duparg("dev", *argv);
+			filter_dev = *argv;
+		}
+		argc--; argv++;
+	}
+
+	if (filter_dev) {
+		filter_index = ll_name_to_index(filter_dev);
+		if (!filter_index)
+			return nodev(filter_dev);
+	}
+
+	if (rtnl_linkdump_req_filter(&rth, PF_BRIDGE, RTEXT_FILTER_MST) < 0) {
+		perror("Cannon send dump request");
+		exit(1);
+	}
+
+	new_json_obj(json);
+
+	if (!is_json_context()) {
+		printf("%-" textify(IFNAMSIZ) "s  "
+		       "%-" textify(MST_ID_LEN) "s",
+		       "port", "msti");
+		printf("\n");
+	}
+
+	if (rtnl_dump_filter(&rth, print_msts, stdout) < 0) {
+		fprintf(stderr, "Dump terminated\n");
+		return -1;
+	}
+
+	delete_json_obj();
+	fflush(stdout);
+	return 0;
+}
+
+static int mst_set(int argc, char **argv)
+{
+	struct {
+		struct nlmsghdr		n;
+		struct ifinfomsg	ifi;
+		char			buf[512];
+	} req = {
+		.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+		.n.nlmsg_flags = NLM_F_REQUEST,
+		.n.nlmsg_type = RTM_SETLINK,
+		.ifi.ifi_family = PF_BRIDGE,
+	};
+	char *d = NULL, *m = NULL, *s = NULL, *endptr;
+	struct rtattr *af_spec, *mst, *entry;
+	__u16 msti;
+	__s8 state;
+
+	while (argc > 0) {
+		if (strcmp(*argv, "dev") == 0) {
+			NEXT_ARG();
+			d = *argv;
+		} else if (strcmp(*argv, "msti") == 0) {
+			NEXT_ARG();
+			m = *argv;
+		} else if (strcmp(*argv, "state") == 0) {
+			NEXT_ARG();
+			s = *argv;
+		} else {
+			if (matches(*argv, "help") == 0)
+				usage();
+		}
+		argc--; argv++;
+	}
+
+	if (d == NULL || m == NULL || s == NULL) {
+		fprintf(stderr, "Device, MSTI and state are required arguments.\n");
+		return -1;
+	}
+
+	req.ifi.ifi_index = ll_name_to_index(d);
+	if (!req.ifi.ifi_index)
+		return nodev(d);
+
+	msti = strtol(m, &endptr, 10);
+	if (!(*s != '\0' && *endptr == '\0')) {
+		fprintf(stderr,
+			"Error: invalid MSTI\n");
+		return -1;
+	}
+
+	state = strtol(s, &endptr, 10);
+	if (!(*s != '\0' && *endptr == '\0')) {
+		state = parse_stp_state(s);
+		if (state == -1) {
+			fprintf(stderr,
+				"Error: invalid STP port state\n");
+			return -1;
+		}
+	}
+
+	af_spec = addattr_nest(&req.n, sizeof(req), IFLA_AF_SPEC);
+	mst = addattr_nest(&req.n, sizeof(req), IFLA_BRIDGE_MST);
+
+	entry = addattr_nest(&req.n, sizeof(req), IFLA_BRIDGE_MST_ENTRY);
+	entry->rta_type |= NLA_F_NESTED;
+
+	addattr16(&req.n, sizeof(req), IFLA_BRIDGE_MST_ENTRY_MSTI, msti);
+	addattr8(&req.n, sizeof(req), IFLA_BRIDGE_MST_ENTRY_STATE, state);
+
+	addattr_nest_end(&req.n, entry);
+
+	addattr_nest_end(&req.n, mst);
+	addattr_nest_end(&req.n, af_spec);
+
+
+	if (rtnl_talk(&rth, &req.n, NULL) < 0)
+		return -1;
+
+	return 0;
+}
+
+int do_mst(int argc, char **argv)
+{
+	ll_init_map(&rth);
+
+	if (argc > 0) {
+		if (matches(*argv, "set") == 0)
+			return mst_set(argc-1, argv+1);
+
+		if (matches(*argv, "show") == 0 ||
+		    matches(*argv, "lst") == 0 ||
+		    matches(*argv, "list") == 0)
+			return mst_show(argc-1, argv+1);
+		if (matches(*argv, "help") == 0)
+			usage();
+	} else
+		return mst_show(0, NULL);
+
+	fprintf(stderr, "Command \"%s\" is unknown, try \"bridge mst help\".\n", *argv);
+	exit(-1);
+}
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index b4699801..08032e2f 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -207,6 +207,15 @@ bridge \- show / manipulate bridge addresses and devices
 .RB "[ " vni
 .IR VNI " ]"
 
+.ti -8
+.B "bridge mst set"
+.IR dev " DEV " msti " MSTI " state " STP_STATE "
+
+.ti -8
+.BR "bridge mst" " [ [ " show " ] [ "
+.B dev
+.IR DEV " ] ]"
+
 .ti -8
 .BR "bridge vlan" " { " add " | " del " } "
 .B dev
@@ -1247,6 +1256,54 @@ endpoint. Match entries only with the specified destination port number.
 the VXLAN VNI Network Identifier to use to connect to the remote VXLAN tunnel
 endpoint. Match entries only with the specified destination VNI.
 
+.SH bridge mst - multiple spanning tree port states
+
+In the multiple spanning tree (MST) model, the active paths through a
+network can be different for different VLANs.  In other words, a
+bridge port can simultaneously forward one subset of VLANs, while
+blocking another.
+
+Provided that the
+.B mst_enable
+bridge option is enabled, a group of VLANs can be forwarded along the
+same spanning tree by associating them with the same instance (MSTI)
+using
+.BR "bridge vlan global set dev DEV vid VID msti MSTI" .
+
+.SS bridge mst set - set multiple spanning tree state
+
+Set the spanning tree state for
+.IR DEV ,
+in the multiple spanning tree instance
+.IR MSTI ,
+to
+.IR STP_STATE .
+
+.TP
+.BI dev " DEV"
+Interface name of the bridge port.
+
+.TP
+.BI msti " MSTI"
+The multiple spanning tree instance.
+
+.TP
+.BI state " STP_STATE"
+The spanning tree state, see the
+.B state
+option of
+.B "bridge link set"
+for supported states.
+
+.SS bridge mst show - list MST states
+
+List current MST port states in every MSTI.
+
+.TP
+.BI dev " DEV"
+If specified, only display states of the bridge port with this
+interface name.
+
 .SH bridge vlan - VLAN filter list
 
 .B vlan
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ