lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZytIkgDsKaallC7F@penguin>
Date: Wed, 6 Nov 2024 12:44:34 +0200
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: Ido Schimmel <idosch@...dia.com>
Cc: netdev@...r.kernel.org, bridge@...ts.linux-foundation.org,
	davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
	edumazet@...gle.com, roopa@...dia.com, horms@...nel.org,
	petrm@...dia.com, aroulin@...dia.com
Subject: Re: [PATCH net-next] bridge: Allow deleting FDB entries with
 non-existent VLAN

On Tue, Nov 05, 2024 at 03:39:54PM +0200, Ido Schimmel wrote:
> It is currently impossible to delete individual FDB entries (as opposed
> to flushing) that were added with a VLAN that no longer exists:
> 
>  # ip link add name dummy1 up type dummy
>  # ip link add name br1 up type bridge vlan_filtering 1
>  # ip link set dev dummy1 master br1
>  # bridge fdb add 00:11:22:33:44:55 dev dummy1 master static vlan 1
>  # bridge vlan del vid 1 dev dummy1
>  # bridge fdb get 00:11:22:33:44:55 br br1 vlan 1
>  00:11:22:33:44:55 dev dummy1 vlan 1 master br1 static
>  # bridge fdb del 00:11:22:33:44:55 dev dummy1 master vlan 1
>  RTNETLINK answers: Invalid argument
>  # bridge fdb get 00:11:22:33:44:55 br br1 vlan 1
>  00:11:22:33:44:55 dev dummy1 vlan 1 master br1 static
> 
> This is in contrast to MDB entries that can be deleted after the VLAN
> was deleted:
> 
>  # bridge vlan add vid 10 dev dummy1
>  # bridge mdb add dev br1 port dummy1 grp 239.1.1.1 permanent vid 10
>  # bridge vlan del vid 10 dev dummy1
>  # bridge mdb get dev br1 grp 239.1.1.1 vid 10
>  dev br1 port dummy1 grp 239.1.1.1 permanent vid 10
>  # bridge mdb del dev br1 port dummy1 grp 239.1.1.1 permanent vid 10
>  # bridge mdb get dev br1 grp 239.1.1.1 vid 10
>  Error: bridge: MDB entry not found.
> 
> Align the two interfaces and allow user space to delete FDB entries that
> were added with a VLAN that no longer exists:
> 
>  # ip link add name dummy1 up type dummy
>  # ip link add name br1 up type bridge vlan_filtering 1
>  # ip link set dev dummy1 master br1
>  # bridge fdb add 00:11:22:33:44:55 dev dummy1 master static vlan 1
>  # bridge vlan del vid 1 dev dummy1
>  # bridge fdb get 00:11:22:33:44:55 br br1 vlan 1
>  00:11:22:33:44:55 dev dummy1 vlan 1 master br1 static
>  # bridge fdb del 00:11:22:33:44:55 dev dummy1 master vlan 1
>  # bridge fdb get 00:11:22:33:44:55 br br1 vlan 1
>  Error: Fdb entry not found.
> 
> Add a selftest to make sure this behavior does not regress:
> 
>  # ./rtnetlink.sh -t kci_test_fdb_del
>  PASS: bridge fdb del
> 
> Signed-off-by: Ido Schimmel <idosch@...dia.com>
> Reviewed-by: Andy Roulin <aroulin@...dia.com>
> Reviewed-by: Petr Machata <petrm@...dia.com>
> ---
>  net/bridge/br_fdb.c                      |  9 ++----
>  tools/testing/selftests/net/rtnetlink.sh | 40 ++++++++++++++++++++++++
>  2 files changed, 42 insertions(+), 7 deletions(-)
> 
 
Nice catch, I'd even queue it for -net. :)
Of course we should be able to delete anything.

Acked-by: Nikolay Aleksandrov <razor@...ckwall.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ