nl_bridge: flush our fdb entries on vlan removal #446
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
For us being able to handle the DEL_NEIGH messages, we would need to do reference counting for the vlan group for bridges as well - currently we (try to) delete it directly on vlan removal. |
The kernel refuses to remove fdb entries for VLANs that are not configured, but at the same time won't remove permanent entries on VLAN deletion, including extern_learn entries. Fortunately recent kernels gained the ability for bulk deletion, so add a new helper to send a flush of all extern_learn entries from a deleted vlan from a certain port. Using this, we can make sure no entries are left behind in the removed vlan. Any removed entry will trigger a DEL_NEIGH message from the kernel, but since we already removed the neigh from the cache and removed the flow, we do not need to handle it again here, so add a check before attempting to handle the deleted neigh. This was tested via: on switch: $ ip link add swbridge type bridge vlan_filtering 1 vlan_default_pvid 0 $ ip link set dev port5 master swbridge $ ip link set dev port5 up $ bridge vlan add dev port5 vid 2 pvid untagged (connect something to port5, let it generate packets) $ bridge fdb show dev port5 | grep extern_learn 0c:c4:7a:9c:29:fc vlan 2 extern_learn master swbridge $ bridge vlan del dev port5 vid 2 Before: $ bridge fdb show dev port5 | grep extern_learn 0c:c4:7a:9c:29:fc vlan 2 extern_learn master swbridge (entry still present) After: $ bridge fdb show dev port5 | grep extern_learn (entry gone) Signed-off-by: Jonas Gorski <[email protected]>
KanjiMonster
force-pushed
the
jogo_fdb_flush
branch
from
a47e87a
to
cb05923
Compare
rubensfig
approved these changes
Aug 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The kernel refuses to remove fdb entries for VLANs that are not configured, but at the same time won't remove permanent entries on VLAN deletion, including extern_learn entries.
Fortunately recent kernels gained the ability for bulk deletion, so add a new helper to send a flush of all extern_learn entries from a deleted vlan from a certain port.
Using this, we can make sure no entries are left behind in the removed vlan.
Any removed entry will trigger a DEL_NEIGH message from the kernel, but since we already removed the neigh from the cache and removed the flow, we do not need to handle it again here, so add a check before attempting to handle the deleted neigh.
This was tested via:
on switch:
(connect something to port5, let it generate packets)
Before:
(entry still present)
After:
(entry gone)