linux/net/bridge, branch v6.7Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
https://git.shady.money/linux/atom?h=v6.72023-11-14T15:16:21Znetfilter: nf_conntrack_bridge: initialize err to 02023-11-14T15:16:21ZLinkui Xiaoxiaolinkui@kylinos.cn2023-11-01T03:20:18Zurn:sha1:a44af08e3d4d7566eeea98d7a29fe06e7b9de944
K2CI reported a problem:
consume_skb(skb);
return err;
[nf_br_ip_fragment() error] uninitialized symbol 'err'.
err is not initialized, because returning 0 is expected, initialize err
to 0.
Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system")
Reported-by: k2ci <kernel-bot@kylinos.cn>
Signed-off-by: Linkui Xiao <xiaolinkui@kylinos.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: add missing module descriptions2023-11-08T12:52:32ZFlorian Westphalfw@strlen.de2023-11-04T10:14:05Zurn:sha1:94090b23f3f71c150359a2e0716855a4037ad45a
W=1 builds warn on missing MODULE_DESCRIPTION, add them.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net: bridge: fill in MODULE_DESCRIPTION()2023-10-27T10:16:44ZNikolay Aleksandrovrazor@blackwall.org2023-10-27T10:05:49Zurn:sha1:6808918343a8b4b6970ba52ba2d1d511a0976748
Fill in bridge's module description.
Suggested-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
bridge: mcast: Add MDB get support2023-10-27T09:51:42ZIdo Schimmelidosch@nvidia.com2023-10-25T12:30:16Zurn:sha1:68b380a395a72ace8b77463f6cd2d7fd6dcb5a1b
Implement support for MDB get operation by looking up a matching MDB
entry, allocating the skb according to the entry's size and then filling
in the response. The operation is performed under the bridge multicast
lock to ensure that the entry does not change between the time the reply
size is determined and when the reply is filled in.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
bridge: mcast: Rename MDB entry get function2023-10-27T09:51:41ZIdo Schimmelidosch@nvidia.com2023-10-25T12:30:11Zurn:sha1:6d0259dd6c533e4ccc41b40075c1bdfd0f1efbd7
The current name is going to conflict with the upcoming net device
operation for the MDB get operation.
Rename the function to br_mdb_entry_skb_get(). No functional changes
intended.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
bridge: mcast: Factor out a helper for PG entry size calculation2023-10-27T09:51:41ZIdo Schimmelidosch@nvidia.com2023-10-25T12:30:10Zurn:sha1:62ef9cba98a2e401b1e8b5dedcc56b735031e744
Currently, netlink notifications are sent for individual port group
entries and not for the entire MDB entry itself.
Subsequent patches are going to add MDB get support which will require
the bridge driver to reply with an entire MDB entry.
Therefore, as a preparation, factor out an helper to calculate the size
of an individual port group entry. When determining the size of the
reply this helper will be invoked for each port group entry in the MDB
entry.
No functional changes intended.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
bridge: mcast: Account for missing attributes2023-10-27T09:51:41ZIdo Schimmelidosch@nvidia.com2023-10-25T12:30:09Zurn:sha1:1b6d993509c13d180b2a9fbfe0ebc48e344348df
The 'MDBA_MDB' and 'MDBA_MDB_ENTRY' nest attributes are not accounted
for when calculating the size of MDB notifications. Add them along with
comments for existing attributes.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
bridge: mcast: Dump MDB entries even when snooping is disabled2023-10-27T09:51:41ZIdo Schimmelidosch@nvidia.com2023-10-25T12:30:08Zurn:sha1:b9109b5b77f0cb437fe9fd5575e29e944c0b2580
Currently, the bridge driver does not dump MDB entries when multicast
snooping is disabled although the entries are present in the kernel:
# bridge mdb add dev br0 port swp1 grp 239.1.1.1 permanent
# bridge mdb show dev br0
dev br0 port swp1 grp 239.1.1.1 permanent
dev br0 port br0 grp ff02::6a temp
dev br0 port br0 grp ff02::1:ff9d:e61b temp
# ip link set dev br0 type bridge mcast_snooping 0
# bridge mdb show dev br0
# ip link set dev br0 type bridge mcast_snooping 1
# bridge mdb show dev br0
dev br0 port swp1 grp 239.1.1.1 permanent
dev br0 port br0 grp ff02::6a temp
dev br0 port br0 grp ff02::1:ff9d:e61b temp
This behavior differs from other netlink dump interfaces that dump
entries regardless if they are used or not. For example, VLANs are
dumped even when VLAN filtering is disabled:
# ip link set dev br0 type bridge vlan_filtering 0
# bridge vlan show dev swp1
port vlan-id
swp1 1 PVID Egress Untagged
Remove the check and always dump MDB entries:
# bridge mdb add dev br0 port swp1 grp 239.1.1.1 permanent
# bridge mdb show dev br0
dev br0 port swp1 grp 239.1.1.1 permanent
dev br0 port br0 grp ff02::6a temp
dev br0 port br0 grp ff02::1:ffeb:1a4d temp
# ip link set dev br0 type bridge mcast_snooping 0
# bridge mdb show dev br0
dev br0 port swp1 grp 239.1.1.1 permanent
dev br0 port br0 grp ff02::6a temp
dev br0 port br0 grp ff02::1:ffeb:1a4d temp
# ip link set dev br0 type bridge mcast_snooping 1
# bridge mdb show dev br0
dev br0 port swp1 grp 239.1.1.1 permanent
dev br0 port br0 grp ff02::6a temp
dev br0 port br0 grp ff02::1:ffeb:1a4d temp
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
br_netfilter: use single forward hook for ip and arp2023-10-24T11:16:29ZFlorian Westphalfw@strlen.de2023-10-20T11:14:25Zurn:sha1:ee6f05dcd6727669b6f49a8a6dafad94a40ee872
br_netfilter registers two forward hooks, one for ip and one for arp.
Just use a common function for both and then call the arp/ip helper
as needed.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: bridge: convert br_netfilter to NF_DROP_REASON2023-10-18T08:26:43ZFlorian Westphalfw@strlen.de2023-10-11T07:59:39Zurn:sha1:cf8b7c1a5be7ef2850c46a17fea5f867f71922ff
errno is 0 because these hooks are called from prerouting and forward.
There is no socket that the errno would ever be propagated to.
Other netfilter modules (e.g. nf_nat, conntrack, ...) can be converted
in a similar way.
Signed-off-by: Florian Westphal <fw@strlen.de>