| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <451c6ad5-6577-4acc-ba5a-de5c4a85b88e@blackwall.org>
Date: Thu, 17 Jul 2025 16:14:28 +0300
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: Ido Schimmel <idosch@...dia.com>, netdev@...r.kernel.org
Cc: dsahern@...il.com, stephen@...workplumber.org, petrm@...dia.com
Subject: Re: [PATCH iproute2-next] bridge: fdb: Add support for FDB activity
notification control
On 7/17/25 16:05, Ido Schimmel wrote:
> Add support for FDB activity notification control [1].
>
> Users can use this to enable activity notifications on a new FDB entry
> that was learned on an ES (Ethernet Segment) peer and mark it as locally
> inactive:
>
> # bridge fdb add 00:11:22:33:44:55 dev bond1 master static activity_notify inactive
> $ bridge -d fdb get 00:11:22:33:44:55 br br1
> 00:11:22:33:44:55 dev bond1 activity_notify inactive master br1 static
> $ bridge -d -j -p fdb get 00:11:22:33:44:55 br br1
> [ {
> "mac": "00:11:22:33:44:55",
> "ifname": "bond1",
> "activity_notify": true,
> "inactive": true,
> "flags": [ ],
> "master": "br1",
> "state": "static"
> } ]
>
> User space will receive a notification when the entry becomes active and
> the control plane will be able to mark the entry as locally active.
>
> It is also possible to enable activity notifications on an existing
> dynamic entry:
>
> $ bridge -d -s -j -p fdb get 00:aa:bb:cc:dd:ee br br1
> [ {
> "mac": "00:aa:bb:cc:dd:ee",
> "ifname": "bond1",
> "used": 8,
> "updated": 8,
> "flags": [ ],
> "master": "br1",
> "state": ""
> } ]
> # bridge fdb replace 00:aa:bb:cc:dd:ee dev bond1 master static activity_notify norefresh
> $ bridge -d -s -j -p fdb get 00:aa:bb:cc:dd:ee br br1
> [ {
> "mac": "00:aa:bb:cc:dd:ee",
> "ifname": "bond1",
> "activity_notify": true,
> "used": 3,
> "updated": 23,
> "flags": [ ],
> "master": "br1",
> "state": "static"
> } ]
>
> The "norefresh" keyword is used to avoid resetting the entry's last
> active time (i.e., "updated" time).
>
> User space will receive a notification when the entry becomes inactive
> and the control plane will be able to mark the entry as locally
> inactive. Note that the entry was converted from a dynamic entry to a
> static entry to prevent the kernel from automatically deleting it upon
> inactivity.
>
> An existing inactive entry can only be marked as active by the kernel or
> by disabling and enabling activity notifications:
>
> $ bridge -d fdb get 00:11:22:33:44:55 br br1
> 00:11:22:33:44:55 dev bond1 activity_notify inactive master br1 static
> # bridge fdb replace 00:11:22:33:44:55 dev bond1 master static activity_notify
> $ bridge -d fdb get 00:11:22:33:44:55 br br1
> 00:11:22:33:44:55 dev bond1 activity_notify inactive master br1 static
> # bridge fdb replace 00:11:22:33:44:55 dev bond1 master static
> # bridge fdb replace 00:11:22:33:44:55 dev bond1 master static activity_notify
> $ bridge -d fdb get 00:11:22:33:44:55 br br1
> 00:11:22:33:44:55 dev bond1 activity_notify master br1 static
>
> Marking an entry as inactive while activity notifications are disabled
> does not make sense and will be rejected by the kernel:
>
> # bridge fdb replace 00:11:22:33:44:55 dev bond1 master static inactive
> RTNETLINK answers: Invalid argument
>
> [1] https://lore.kernel.org/netdev/20200623204718.1057508-1-nikolay@cumulusnetworks.com/
>
> Reviewed-by: Petr Machata <petrm@...dia.com>
> Signed-off-by: Ido Schimmel <idosch@...dia.com>
> ---
> I have a kernel selftest for this functionality. I will post it after
> this patch is accepted.
> ---
> bridge/fdb.c | 69 ++++++++++++++++++++++++++++++++++++++++++++---
> man/man8/bridge.8 | 22 ++++++++++++++-
> 2 files changed, 87 insertions(+), 4 deletions(-)
>
Acked-by: Nikolay Aleksandrov <razor@...ckwall.org>
Powered by blists - more mailing lists