bridge: add per-port broadcast flood flag
authorMike Manning <mmanning@brocade.com>
Wed, 26 Apr 2017 13:48:09 +0000 (14:48 +0100)
committerDavid S. Miller <davem@davemloft.net>
Thu, 27 Apr 2017 20:34:29 +0000 (16:34 -0400)
Support for l2 multicast flood control was added in commit b6cb5ac8331b
("net: bridge: add per-port multicast flood flag"). It allows broadcast
as it was introduced specifically for unknown multicast flood control.
But as broadcast is a special case of multicast, this may also need to
be disabled. For this purpose, introduce a flag to disable the flooding
of received l2 broadcasts. This approach is backwards compatible and
provides flexibility in filtering for the desired packet types.

Cc: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: Mike Manning <mmanning@brocade.com>
Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/if_bridge.h
include/uapi/linux/if_link.h
net/bridge/br_forward.c
net/bridge/br_if.c
net/bridge/br_netlink.c
net/bridge/br_sysfs_if.c

index c5847dc75a937a5ceed4a762ffcc9f2644b499bc..0c16866a7aacc0cbc361e8d5b902252f71323f3b 100644 (file)
@@ -48,6 +48,7 @@ struct br_ip_list {
 #define BR_MCAST_FLOOD         BIT(11)
 #define BR_MULTICAST_TO_UNICAST        BIT(12)
 #define BR_VLAN_TUNNEL         BIT(13)
+#define BR_BCAST_FLOOD         BIT(14)
 
 #define BR_DEFAULT_AGEING_TIME (300 * HZ)
 
index 633aa0276d32e98d5cf848d1687e9425e7f9c70e..8e56ac70e0d1a3536a43aff83370e5b3bd5bb0b4 100644 (file)
@@ -323,6 +323,7 @@ enum {
        IFLA_BRPORT_MCAST_FLOOD,
        IFLA_BRPORT_MCAST_TO_UCAST,
        IFLA_BRPORT_VLAN_TUNNEL,
+       IFLA_BRPORT_BCAST_FLOOD,
        __IFLA_BRPORT_MAX
 };
 #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
index 902af6ba481c999f81ed2fba488d91665e03c02e..48fb17417fac3397e74cb712388076ed1ee87865 100644 (file)
@@ -183,13 +183,23 @@ void br_flood(struct net_bridge *br, struct sk_buff *skb,
        struct net_bridge_port *p;
 
        list_for_each_entry_rcu(p, &br->port_list, list) {
-               /* Do not flood unicast traffic to ports that turn it off */
-               if (pkt_type == BR_PKT_UNICAST && !(p->flags & BR_FLOOD))
-                       continue;
-               /* Do not flood if mc off, except for traffic we originate */
-               if (pkt_type == BR_PKT_MULTICAST &&
-                   !(p->flags & BR_MCAST_FLOOD) && skb->dev != br->dev)
-                       continue;
+               /* Do not flood unicast traffic to ports that turn it off, nor
+                * other traffic if flood off, except for traffic we originate
+                */
+               switch (pkt_type) {
+               case BR_PKT_UNICAST:
+                       if (!(p->flags & BR_FLOOD))
+                               continue;
+                       break;
+               case BR_PKT_MULTICAST:
+                       if (!(p->flags & BR_MCAST_FLOOD) && skb->dev != br->dev)
+                               continue;
+                       break;
+               case BR_PKT_BROADCAST:
+                       if (!(p->flags & BR_BCAST_FLOOD) && skb->dev != br->dev)
+                               continue;
+                       break;
+               }
 
                /* Do not flood to ports that enable proxy ARP */
                if (p->flags & BR_PROXYARP)
index f3544d96155c61a902b75fa4fc64c4257cc1c1ff..7f8d05cf90656e43211d9682657b788f99736722 100644 (file)
@@ -361,7 +361,7 @@ static struct net_bridge_port *new_nbp(struct net_bridge *br,
        p->path_cost = port_cost(dev);
        p->priority = 0x8000 >> BR_PORT_BITS;
        p->port_no = index;
-       p->flags = BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD;
+       p->flags = BR_LEARNING | BR_FLOOD | BR_MCAST_FLOOD | BR_BCAST_FLOOD;
        br_init_port(p);
        br_set_state(p, BR_STATE_DISABLED);
        br_stp_port_timer_init(p);
index 650986473577b59331339bdd07276180d446c80f..a572db710d4eb68a03ba0d9d958f41f931aff6b9 100644 (file)
@@ -189,6 +189,8 @@ static int br_port_fill_attrs(struct sk_buff *skb,
                       !!(p->flags & BR_FLOOD)) ||
            nla_put_u8(skb, IFLA_BRPORT_MCAST_FLOOD,
                       !!(p->flags & BR_MCAST_FLOOD)) ||
+           nla_put_u8(skb, IFLA_BRPORT_BCAST_FLOOD,
+                      !!(p->flags & BR_BCAST_FLOOD)) ||
            nla_put_u8(skb, IFLA_BRPORT_PROXYARP, !!(p->flags & BR_PROXYARP)) ||
            nla_put_u8(skb, IFLA_BRPORT_PROXYARP_WIFI,
                       !!(p->flags & BR_PROXYARP_WIFI)) ||
@@ -683,6 +685,7 @@ static int br_setport(struct net_bridge_port *p, struct nlattr *tb[])
        br_set_port_flag(p, tb, IFLA_BRPORT_UNICAST_FLOOD, BR_FLOOD);
        br_set_port_flag(p, tb, IFLA_BRPORT_MCAST_FLOOD, BR_MCAST_FLOOD);
        br_set_port_flag(p, tb, IFLA_BRPORT_MCAST_TO_UCAST, BR_MULTICAST_TO_UNICAST);
+       br_set_port_flag(p, tb, IFLA_BRPORT_BCAST_FLOOD, BR_BCAST_FLOOD);
        br_set_port_flag(p, tb, IFLA_BRPORT_PROXYARP, BR_PROXYARP);
        br_set_port_flag(p, tb, IFLA_BRPORT_PROXYARP_WIFI, BR_PROXYARP_WIFI);
 
index 79aee759aba5906692d0c715c851cd3dca96801b..5d5d413a6cf8a311ddde9e341caa39a8f3640b35 100644 (file)
@@ -173,6 +173,7 @@ BRPORT_ATTR_FLAG(unicast_flood, BR_FLOOD);
 BRPORT_ATTR_FLAG(proxyarp, BR_PROXYARP);
 BRPORT_ATTR_FLAG(proxyarp_wifi, BR_PROXYARP_WIFI);
 BRPORT_ATTR_FLAG(multicast_flood, BR_MCAST_FLOOD);
+BRPORT_ATTR_FLAG(broadcast_flood, BR_BCAST_FLOOD);
 
 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
 static ssize_t show_multicast_router(struct net_bridge_port *p, char *buf)
@@ -221,6 +222,7 @@ static const struct brport_attribute *brport_attrs[] = {
        &brport_attr_proxyarp,
        &brport_attr_proxyarp_wifi,
        &brport_attr_multicast_flood,
+       &brport_attr_broadcast_flood,
        NULL
 };