#
bc9a25d2 |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Add vlan support for local fdb entries
When VLAN is added to the port, a local fdb entry for that port (the entry with the mac address of the port) is added for that VLAN. This way we can c
bridge: Add vlan support for local fdb entries
When VLAN is added to the port, a local fdb entry for that port (the entry with the mac address of the port) is added for that VLAN. This way we can correctly determine if the traffic is for the bridge itself. If the address of the port changes, we try to change all the local fdb entries we have for that port.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
1690be63 |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Add vlan support to static neighbors
When a user adds bridge neighbors, allow him to specify VLAN id. If the VLAN id is not specified, the neighbor will be added for VLANs currently in the p
bridge: Add vlan support to static neighbors
When a user adds bridge neighbors, allow him to specify VLAN id. If the VLAN id is not specified, the neighbor will be added for VLANs currently in the ports filter list. If no VLANs are configured on the port, we use vlan 0 and only add 1 entry.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Acked-by: Jitendra Kalsaria <jitendra.kalsaria@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
b0e9a30d |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Add vlan id to multicast groups
Add vlan_id to multicasts groups so that we know which vlan each group belongs to and can correctly forward to appropriate vlan.
Signed-off-by: Vlad Yasevich
bridge: Add vlan id to multicast groups
Add vlan_id to multicasts groups so that we know which vlan each group belongs to and can correctly forward to appropriate vlan.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
2ba071ec |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Add vlan to unicast fdb entries
This patch adds vlan to unicast fdb entries that are created for learned addresses (not the manually configured ones). It adds vlan id into the hash mix and
bridge: Add vlan to unicast fdb entries
This patch adds vlan to unicast fdb entries that are created for learned addresses (not the manually configured ones). It adds vlan id into the hash mix and uses vlan as an addditional parameter for an entry match.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
552406c4 |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Add the ability to configure pvid
A user may designate a certain vlan as PVID. This means that any ingress frame that does not contain a vlan tag is assigned to this vlan and any forwarding
bridge: Add the ability to configure pvid
A user may designate a certain vlan as PVID. This means that any ingress frame that does not contain a vlan tag is assigned to this vlan and any forwarding decisions are made with this vlan in mind.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
78851988 |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Implement vlan ingress/egress policy with PVID.
At ingress, any untagged traffic is assigned to the PVID. Any tagged traffic is filtered according to membership bitmap.
At egress, if the vl
bridge: Implement vlan ingress/egress policy with PVID.
At ingress, any untagged traffic is assigned to the PVID. Any tagged traffic is filtered according to membership bitmap.
At egress, if the vlan matches the PVID, the frame is sent untagged. Otherwise the frame is sent tagged.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
6cbdceeb |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Dump vlan information from a bridge port
Using the RTM_GETLINK dump the vlan filter list of a given bridge port. The information depends on setting the filter flag similar to how nic VF inf
bridge: Dump vlan information from a bridge port
Using the RTM_GETLINK dump the vlan filter list of a given bridge port. The information depends on setting the filter flag similar to how nic VF info is dumped.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
407af329 |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Add netlink interface to configure vlans on bridge ports
Add a netlink interface to add and remove vlan configuration on bridge port. The interface uses the RTM_SETLINK message and encodes t
bridge: Add netlink interface to configure vlans on bridge ports
Add a netlink interface to add and remove vlan configuration on bridge port. The interface uses the RTM_SETLINK message and encodes the vlan configuration inside the IFLA_AF_SPEC. It is possble to include multiple vlans to either add or remove in a single message.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
85f46c6b |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Verify that a vlan is allowed to egress on given port
When bridge forwards a frame, make sure that a frame is allowed to egress on that port.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.c
bridge: Verify that a vlan is allowed to egress on given port
When bridge forwards a frame, make sure that a frame is allowed to egress on that port.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
a37b85c9 |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Validate that vlan is permitted on ingress
When a frame arrives on a port or transmitted by the bridge, if we have VLANs configured, validate that a given VLAN is allowed to enter the bridge
bridge: Validate that vlan is permitted on ingress
When a frame arrives on a port or transmitted by the bridge, if we have VLANs configured, validate that a given VLAN is allowed to enter the bridge.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
243a2e63 |
| 13-Feb-2013 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Add vlan filtering infrastructure
Adds an optional infrustructure component to bridge that would allow native vlan filtering in the bridge. Each bridge port (as well as the bridge device) n
bridge: Add vlan filtering infrastructure
Adds an optional infrustructure component to bridge that would allow native vlan filtering in the bridge. Each bridge port (as well as the bridge device) now get a VLAN bitmap. Each bit in the bitmap is associated with a vlan id. This way if the bit corresponding to the vid is set in the bitmap that the packet with vid is allowed to enter and exit the port.
Write access the bitmap is protected by RTNL and read access protected by RCU.
Vlan functionality is disabled by default.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
b2748267 |
| 10-Feb-2013 |
Jiri Pirko <jiri@resnulli.us> |
bridge: use dev->addr_assign_type to see if user change mac
And remove no longer used br->flags.
Signed-off-by: Jiri Pirko <jiri@resnulli.us> Acked-by: Stephen Hemminger <stephen@networkplumber.org
bridge: use dev->addr_assign_type to see if user change mac
And remove no longer used br->flags.
Signed-off-by: Jiri Pirko <jiri@resnulli.us> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v3.8-rc7, v3.8-rc6, v3.8-rc5, v3.8-rc4, v3.8-rc3 |
|
#
fdb184d1 |
| 03-Jan-2013 |
Rami Rosen <ramirose@gmail.com> |
bridge: add empty br_mdb_init() and br_mdb_uninit() definitions.
This patch adds empty br_mdb_init() and br_mdb_uninit() definitions in br_private.h to avoid build failure when CONFIG_BRIDGE_IGMP_SN
bridge: add empty br_mdb_init() and br_mdb_uninit() definitions.
This patch adds empty br_mdb_init() and br_mdb_uninit() definitions in br_private.h to avoid build failure when CONFIG_BRIDGE_IGMP_SNOOPING is not set. These methods were moved from br_multicast.c to br_netlink.c by commit 3ec8e9f085bcaef0de1077f555c2c5102c223390
Signed-off-by: Rami Rosen <ramirose@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v3.8-rc2, v3.8-rc1 |
|
#
63233159 |
| 19-Dec-2012 |
Vlad Yasevich <vyasevic@redhat.com> |
bridge: Do not unregister all PF_BRIDGE rtnl operations
Bridge fdb and link rtnl operations are registered in core/rtnetlink. Bridge mdb operations are registred in bridge/mdb. When removing bridg
bridge: Do not unregister all PF_BRIDGE rtnl operations
Bridge fdb and link rtnl operations are registered in core/rtnetlink. Bridge mdb operations are registred in bridge/mdb. When removing bridge module, do not unregister ALL PF_BRIDGE ops since that would remove the ops from rtnetlink as well. Do remove mdb ops when bridge is destroyed.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
ccb1c31a |
| 14-Dec-2012 |
Amerigo Wang <amwang@redhat.com> |
bridge: add flags to distinguish permanent mdb entires
This patch adds a flag to each mdb entry, so that we can distinguish permanent entries with temporary entries.
Cc: Herbert Xu <herbert@gondor.
bridge: add flags to distinguish permanent mdb entires
This patch adds a flag to each mdb entry, so that we can distinguish permanent entries with temporary entries.
Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Stephen Hemminger <shemminger@vyatta.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
cfd56754 |
| 11-Dec-2012 |
Cong Wang <amwang@redhat.com> |
bridge: add support of adding and deleting mdb entries
This patch implents adding/deleting mdb entries via netlink. Currently all entries are temp, we probably need a flag to distinguish permanent e
bridge: add support of adding and deleting mdb entries
This patch implents adding/deleting mdb entries via netlink. Currently all entries are temp, we probably need a flag to distinguish permanent entries too.
Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Stephen Hemminger <shemminger@vyatta.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Thomas Graf <tgraf@suug.ch> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
37a393bc |
| 11-Dec-2012 |
Cong Wang <amwang@redhat.com> |
bridge: notify mdb changes via netlink
As Stephen mentioned, we need to monitor the mdb changes in user-space, so add notifications via netlink too.
Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc:
bridge: notify mdb changes via netlink
As Stephen mentioned, we need to monitor the mdb changes in user-space, so add notifications via netlink too.
Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Stephen Hemminger <shemminger@vyatta.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Thomas Graf <tgraf@suug.ch> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v3.7 |
|
#
2ce297fc |
| 09-Dec-2012 |
Cong Wang <amwang@redhat.com> |
bridge: fix seq check in br_mdb_dump()
In case of rehashing, introduce a global variable 'br_mdb_rehash_seq' which gets increased every time when rehashing, and assign net->dev_base_seq + br_mdb_reh
bridge: fix seq check in br_mdb_dump()
In case of rehashing, introduce a global variable 'br_mdb_rehash_seq' which gets increased every time when rehashing, and assign net->dev_base_seq + br_mdb_rehash_seq to cb->seq.
In theory cb->seq could be wrapped to zero, but this is not easy to fix, as net->dev_base_seq is not visible inside br_mdb_rehash(). In practice, this is rare.
Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Stephen Hemminger <shemminger@vyatta.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Thomas Graf <tgraf@suug.ch> Cc: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
ee07c6e7 |
| 06-Dec-2012 |
Cong Wang <amwang@redhat.com> |
bridge: export multicast database via netlink
V5: fix two bugs pointed out by Thomas remove seq check for now, mark it as TODO
V4: remove some useless #include some coding style fix
V3: dr
bridge: export multicast database via netlink
V5: fix two bugs pointed out by Thomas remove seq check for now, mark it as TODO
V4: remove some useless #include some coding style fix
V3: drop debugging printk's update selinux perm table as well
V2: drop patch 1/2, export ifindex directly Redesign netlink attributes Improve netlink seq check Handle IPv6 addr as well
This patch exports bridge multicast database via netlink message type RTM_GETMDB. Similar to fdb, but currently bridge-specific. We may need to support modify multicast database too (RTM_{ADD,DEL}MDB).
(Thanks to Thomas for patient reviews)
Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Stephen Hemminger <shemminger@vyatta.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Thomas Graf <tgraf@suug.ch> Cc: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Cong Wang <amwang@redhat.com> Acked-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
c2d3babf |
| 05-Dec-2012 |
David S. Miller <davem@davemloft.net> |
bridge: implement multicast fast leave
V3: make it a flag V2: make the toggle per-port
Fast leave allows bridge to immediately stops the multicast traffic on the port receives IGMP Leave when IGMP
bridge: implement multicast fast leave
V3: make it a flag V2: make the toggle per-port
Fast leave allows bridge to immediately stops the multicast traffic on the port receives IGMP Leave when IGMP snooping is enabled, no timeouts are observed.
Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Stephen Hemminger <shemminger@vyatta.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Cong Wang <amwang@redhat.com>
show more ...
|
#
50426b59 |
| 03-Dec-2012 |
Amerigo Wang <amwang@redhat.com> |
bridge: implement multicast fast leave
V2: make the toggle per-port
Fast leave allows bridge to immediately stops the multicast traffic on the port receives IGMP Leave when IGMP snooping is enabled
bridge: implement multicast fast leave
V2: make the toggle per-port
Fast leave allows bridge to immediately stops the multicast traffic on the port receives IGMP Leave when IGMP snooping is enabled, no timeouts are observed.
Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Stephen Hemminger <shemminger@vyatta.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v3.7-rc8, v3.7-rc7, v3.7-rc6 |
|
#
1007dd1a |
| 13-Nov-2012 |
stephen hemminger <shemminger@vyatta.com> |
bridge: add root port blocking
This is Linux bridge implementation of root port guard. If BPDU is received from a leaf (edge) port, it should not be elected as root port.
Why would you want to do t
bridge: add root port blocking
This is Linux bridge implementation of root port guard. If BPDU is received from a leaf (edge) port, it should not be elected as root port.
Why would you want to do this? If using STP on a bridge and the downstream bridges are not fully trusted; this prevents a hostile guest for rerouting traffic.
Why not just use netfilter? Netfilter does not track of follow spanning tree decisions. It would be difficult and error prone to try and mirror STP resolution in netfilter module.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
a2e01a65 |
| 13-Nov-2012 |
stephen hemminger <shemminger@vyatta.com> |
bridge: implement BPDU blocking
This is Linux bridge implementation of STP protection (Cisco BPDU guard/Juniper BPDU block). BPDU block disables the bridge port if a STP BPDU packet is received.
Wh
bridge: implement BPDU blocking
This is Linux bridge implementation of STP protection (Cisco BPDU guard/Juniper BPDU block). BPDU block disables the bridge port if a STP BPDU packet is received.
Why would you want to do this? If running Spanning Tree on bridge, hostile devices on the network may send BPDU and cause network failure. Enabling bpdu block will detect and stop this.
How to recover the port? The port will be restarted if link is brought down, or removed and reattached. For example: # ip li set dev eth0 down; ip li set dev eth0 up
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v3.7-rc5, v3.7-rc4 |
|
#
0cb2bbbe |
| 03-Nov-2012 |
Lee Jones <lee.jones@linaro.org> |
bridge: Avoid 'statement with no effect' compiler warnings
Instead of issuing (0) statements when !CONFIG_SYSFS which will cause 'warning: ', we'll use inline statements instead. This will effective
bridge: Avoid 'statement with no effect' compiler warnings
Instead of issuing (0) statements when !CONFIG_SYSFS which will cause 'warning: ', we'll use inline statements instead. This will effectively do the same thing, but suppress any unnecessary warnings.
Cc: Stephen Hemminger <shemminger@vyatta.com> Cc: bridge@lists.linux-foundation.org Cc: netdev@vger.kernel.org Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
Revision tags: v3.7-rc3 |
|
#
2469ffd7 |
| 24-Oct-2012 |
John Fastabend <john.r.fastabend@intel.com> |
net: set and query VEB/VEPA bridge mode via PF_BRIDGE
Hardware switches may support enabling and disabling the loopback switch which puts the device in a VEPA mode defined in the IEEE 802.1Qbg speci
net: set and query VEB/VEPA bridge mode via PF_BRIDGE
Hardware switches may support enabling and disabling the loopback switch which puts the device in a VEPA mode defined in the IEEE 802.1Qbg specification. In this mode frames are not switched in the hardware but sent directly to the switch. SR-IOV capable NICs will likely support this mode I am aware of at least two such devices. Also I am told (but don't have any of this hardware available) that there are devices that only support VEPA modes. In these cases it is important at a minimum to be able to query these attributes.
This patch adds an additional IFLA_BRIDGE_MODE attribute that can be set and dumped via the PF_BRIDGE:{SET|GET}LINK operations. Also anticipating bridge attributes that may be common for both embedded bridges and software bridges this adds a flags attribute IFLA_BRIDGE_FLAGS currently used to determine if the command or event is being generated to/from an embedded bridge or software bridge. Finally, the event generation is pulled out of the bridge module and into rtnetlink proper.
For example using the macvlan driver in VEPA mode on top of an embedded switch requires putting the embedded switch into a VEPA mode to get the expected results.
-------- -------- | VEPA | | VEPA | <-- macvlan vepa edge relays -------- -------- | | | | ------------------ | VEPA | <-- embedded switch in NIC ------------------ | | ------------------- | external switch | <-- shiny new physical ------------------- switch with VEPA support
A packet sent from the macvlan VEPA at the top could be loopbacked on the embedded switch and never seen by the external switch. So in order for this to work the embedded switch needs to be set in the VEPA state via the above described commands.
By making these attributes nested in IFLA_AF_SPEC we allow future extensions to be made as needed.
CC: Lennert Buytenhek <buytenh@wantstofly.org> CC: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: John Fastabend <john.r.fastabend@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|