bridge: Add a flag to control unicast packet flood.
authorVlad Yasevich <vyasevic@redhat.com>
Wed, 5 Jun 2013 14:08:01 +0000 (10:08 -0400)
committerDavid S. Miller <davem@davemloft.net>
Tue, 11 Jun 2013 09:04:32 +0000 (02:04 -0700)
Add a flag to control flood of unicast traffic.  By default, flood is
on and the bridge will flood unicast traffic if it doesn't know
the destination.  When the flag is turned off, unicast traffic
without an FDB will not be forwarded to the specified port.

Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/uapi/linux/if_link.h
net/bridge/br_device.c
net/bridge/br_forward.c
net/bridge/br_if.c
net/bridge/br_input.c
net/bridge/br_netlink.c
net/bridge/br_private.h
net/bridge/br_sysfs_if.c

index 8643809d8417b49324d49ce9b1ae2ec6e90a826b..da05a2698cb5c67f32c11f5dd73743c2d2429e56 100644 (file)
@@ -222,6 +222,7 @@ enum {
        IFLA_BRPORT_PROTECT,    /* root port protection    */
        IFLA_BRPORT_FAST_LEAVE, /* multicast fast leave    */
        IFLA_BRPORT_LEARNING,   /* mac learning */
+       IFLA_BRPORT_UNICAST_FLOOD, /* flood unicast traffic */
        __IFLA_BRPORT_MAX
 };
 #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
index 75f3239130f8d8dd9082eac302aafd08c1beeeb7..2ef66781fedb3a9211448fa3db73eedab2c7d8a2 100644 (file)
@@ -58,10 +58,10 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
        skb_pull(skb, ETH_HLEN);
 
        if (is_broadcast_ether_addr(dest))
-               br_flood_deliver(br, skb);
+               br_flood_deliver(br, skb, false);
        else if (is_multicast_ether_addr(dest)) {
                if (unlikely(netpoll_tx_running(dev))) {
-                       br_flood_deliver(br, skb);
+                       br_flood_deliver(br, skb, false);
                        goto out;
                }
                if (br_multicast_rcv(br, NULL, skb)) {
@@ -73,11 +73,11 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
                if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb))
                        br_multicast_deliver(mdst, skb);
                else
-                       br_flood_deliver(br, skb);
+                       br_flood_deliver(br, skb, false);
        } else if ((dst = __br_fdb_get(br, dest, vid)) != NULL)
                br_deliver(dst->dst, skb);
        else
-               br_flood_deliver(br, skb);
+               br_flood_deliver(br, skb, true);
 
 out:
        rcu_read_unlock();
index 092b20e4ee4c3fc3a054477b67d2273263adf543..4b81b147178987f6ea29ee6efba261cd738102b9 100644 (file)
@@ -174,7 +174,8 @@ out:
 static void br_flood(struct net_bridge *br, struct sk_buff *skb,
                     struct sk_buff *skb0,
                     void (*__packet_hook)(const struct net_bridge_port *p,
-                                          struct sk_buff *skb))
+                                          struct sk_buff *skb),
+                    bool unicast)
 {
        struct net_bridge_port *p;
        struct net_bridge_port *prev;
@@ -182,6 +183,9 @@ static void br_flood(struct net_bridge *br, struct sk_buff *skb,
        prev = NULL;
 
        list_for_each_entry_rcu(p, &br->port_list, list) {
+               /* Do not flood unicast traffic to ports that turn it off */
+               if (unicast && !(p->flags & BR_FLOOD))
+                       continue;
                prev = maybe_deliver(prev, p, skb, __packet_hook);
                if (IS_ERR(prev))
                        goto out;
@@ -203,16 +207,16 @@ out:
 
 
 /* called with rcu_read_lock */
-void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb)
+void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb, bool unicast)
 {
-       br_flood(br, skb, NULL, __br_deliver);
+       br_flood(br, skb, NULL, __br_deliver, unicast);
 }
 
 /* called under bridge lock */
 void br_flood_forward(struct net_bridge *br, struct sk_buff *skb,
-                     struct sk_buff *skb2)
+                     struct sk_buff *skb2, bool unicast)
 {
-       br_flood(br, skb, skb2, __br_forward);
+       br_flood(br, skb, skb2, __br_forward, unicast);
 }
 
 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
index 2c08911df57881df197dda07ffdc7d6b63b872a8..5623be6b9ecda3f77d62cb2db7fc5e9aef2bd65c 100644 (file)
@@ -221,7 +221,7 @@ static struct net_bridge_port *new_nbp(struct net_bridge *br,
        p->path_cost = port_cost(dev);
        p->priority = 0x8000 >> BR_PORT_BITS;
        p->port_no = index;
-       p->flags = BR_LEARNING;
+       p->flags = BR_LEARNING | BR_FLOOD;
        br_init_port(p);
        p->state = BR_STATE_DISABLED;
        br_stp_port_timer_init(p);
index 7e993667d4bfac3db9e77e61671316ede606aee3..1b8b8b824cd766b05665e1d89f0e1394abdfbe2f 100644 (file)
@@ -65,6 +65,7 @@ int br_handle_frame_finish(struct sk_buff *skb)
        struct net_bridge_fdb_entry *dst;
        struct net_bridge_mdb_entry *mdst;
        struct sk_buff *skb2;
+       bool unicast = true;
        u16 vid = 0;
 
        if (!p || p->state == BR_STATE_DISABLED)
@@ -95,9 +96,10 @@ int br_handle_frame_finish(struct sk_buff *skb)
 
        dst = NULL;
 
-       if (is_broadcast_ether_addr(dest))
+       if (is_broadcast_ether_addr(dest)) {
                skb2 = skb;
-       else if (is_multicast_ether_addr(dest)) {
+               unicast = false;
+       } else if (is_multicast_ether_addr(dest)) {
                mdst = br_mdb_get(br, skb, vid);
                if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) {
                        if ((mdst && mdst->mglist) ||
@@ -110,6 +112,7 @@ int br_handle_frame_finish(struct sk_buff *skb)
                } else
                        skb2 = skb;
 
+               unicast = false;
                br->dev->stats.multicast++;
        } else if ((dst = __br_fdb_get(br, dest, vid)) &&
                        dst->is_local) {
@@ -123,7 +126,7 @@ int br_handle_frame_finish(struct sk_buff *skb)
                        dst->used = jiffies;
                        br_forward(dst->dst, skb, skb2);
                } else
-                       br_flood_forward(br, skb, skb2);
+                       br_flood_forward(br, skb, skb2, unicast);
        }
 
        if (skb2)
index ce902bf8a61803782b6cea8c9f654eb978e25a24..1fc30abd3a523912376ce01fcae932f3b6b8c746 100644 (file)
@@ -31,6 +31,7 @@ static inline size_t br_port_info_size(void)
                + nla_total_size(1)     /* IFLA_BRPORT_PROTECT */
                + nla_total_size(1)     /* IFLA_BRPORT_FAST_LEAVE */
                + nla_total_size(1)     /* IFLA_BRPORT_LEARNING */
+               + nla_total_size(1)     /* IFLA_BRPORT_UNICAST_FLOOD */
                + 0;
 }
 
@@ -58,7 +59,8 @@ static int br_port_fill_attrs(struct sk_buff *skb,
            nla_put_u8(skb, IFLA_BRPORT_GUARD, !!(p->flags & BR_BPDU_GUARD)) ||
            nla_put_u8(skb, IFLA_BRPORT_PROTECT, !!(p->flags & BR_ROOT_BLOCK)) ||
            nla_put_u8(skb, IFLA_BRPORT_FAST_LEAVE, !!(p->flags & BR_MULTICAST_FAST_LEAVE)) ||
-           nla_put_u8(skb, IFLA_BRPORT_LEARNING, !!(p->flags & BR_LEARNING)))
+           nla_put_u8(skb, IFLA_BRPORT_LEARNING, !!(p->flags & BR_LEARNING)) ||
+           nla_put_u8(skb, IFLA_BRPORT_UNICAST_FLOOD, !!(p->flags & BR_FLOOD)))
                return -EMSGSIZE;
 
        return 0;
@@ -284,6 +286,7 @@ static const struct nla_policy ifla_brport_policy[IFLA_BRPORT_MAX + 1] = {
        [IFLA_BRPORT_GUARD]     = { .type = NLA_U8 },
        [IFLA_BRPORT_PROTECT]   = { .type = NLA_U8 },
        [IFLA_BRPORT_LEARNING]  = { .type = NLA_U8 },
+       [IFLA_BRPORT_UNICAST_FLOOD] = { .type = NLA_U8 },
 };
 
 /* Change the state of the port and notify spanning tree */
@@ -332,6 +335,7 @@ static int br_setport(struct net_bridge_port *p, struct nlattr *tb[])
        br_set_port_flag(p, tb, IFLA_BRPORT_FAST_LEAVE, BR_MULTICAST_FAST_LEAVE);
        br_set_port_flag(p, tb, IFLA_BRPORT_PROTECT, BR_ROOT_BLOCK);
        br_set_port_flag(p, tb, IFLA_BRPORT_LEARNING, BR_LEARNING);
+       br_set_port_flag(p, tb, IFLA_BRPORT_UNICAST_FLOOD, BR_FLOOD);
 
        if (tb[IFLA_BRPORT_COST]) {
                err = br_stp_set_path_cost(p, nla_get_u32(tb[IFLA_BRPORT_COST]));
index 04d7f43508f71155d0ef699e2e19b1e6d4937c85..3be89b3ce17b5a314215609790cadec6e5453727 100644 (file)
@@ -159,6 +159,7 @@ struct net_bridge_port
 #define BR_MULTICAST_FAST_LEAVE        0x00000008
 #define BR_ADMIN_COST          0x00000010
 #define BR_LEARNING            0x00000020
+#define BR_FLOOD               0x00000040
 
 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
        u32                             multicast_startup_queries_sent;
@@ -414,9 +415,10 @@ extern int br_dev_queue_push_xmit(struct sk_buff *skb);
 extern void br_forward(const struct net_bridge_port *to,
                struct sk_buff *skb, struct sk_buff *skb0);
 extern int br_forward_finish(struct sk_buff *skb);
-extern void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb);
+extern void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb,
+                            bool unicast);
 extern void br_flood_forward(struct net_bridge *br, struct sk_buff *skb,
-                            struct sk_buff *skb2);
+                            struct sk_buff *skb2, bool unicast);
 
 /* br_if.c */
 extern void br_port_carrier_check(struct net_bridge_port *p);
index 707f3628e9cd85282cdf69bddfcfc20498ec2563..2a2cdb756d51e1944cb707b2945ba034ab22fe71 100644 (file)
@@ -159,6 +159,7 @@ BRPORT_ATTR_FLAG(hairpin_mode, BR_HAIRPIN_MODE);
 BRPORT_ATTR_FLAG(bpdu_guard, BR_BPDU_GUARD);
 BRPORT_ATTR_FLAG(root_block, BR_ROOT_BLOCK);
 BRPORT_ATTR_FLAG(learning, BR_LEARNING);
+BRPORT_ATTR_FLAG(unicast_flood, BR_FLOOD);
 
 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
 static ssize_t show_multicast_router(struct net_bridge_port *p, char *buf)
@@ -197,6 +198,7 @@ static const struct brport_attribute *brport_attrs[] = {
        &brport_attr_bpdu_guard,
        &brport_attr_root_block,
        &brport_attr_learning,
+       &brport_attr_unicast_flood,
 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
        &brport_attr_multicast_router,
        &brport_attr_multicast_fast_leave,