06 Dec, 2012
2 commits
-
V3: make it a flag
V2: make the toggle per-portFast leave allows bridge to immediately stops the multicast
traffic on the port receives IGMP Leave when IGMP snooping is enabled,
no timeouts are observed.Cc: Herbert Xu
Cc: Stephen Hemminger
Cc: "David S. Miller"
Signed-off-by: Cong Wang -
V2: make the toggle per-port
Fast leave allows bridge to immediately stops the multicast
traffic on the port receives IGMP Leave when IGMP snooping is enabled,
no timeouts are observed.Cc: Herbert Xu
Cc: Stephen Hemminger
Cc: "David S. Miller"
Signed-off-by: Cong Wang
Signed-off-by: David S. Miller
19 Nov, 2012
1 commit
-
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.Allow setting bridge paramters via sysfs.
Allow all of the bridge ioctls:
BRCTL_ADD_IF
BRCTL_DEL_IF
BRCTL_SET_BRDIGE_FORWARD_DELAY
BRCTL_SET_BRIDGE_HELLO_TIME
BRCTL_SET_BRIDGE_MAX_AGE
BRCTL_SET_BRIDGE_AGING_TIME
BRCTL_SET_BRIDGE_STP_STATE
BRCTL_SET_BRIDGE_PRIORITY
BRCTL_SET_PORT_PRIORITY
BRCTL_SET_PATH_COST
BRCTL_ADD_BRIDGE
BRCTL_DEL_BRDIGESigned-off-by: "Eric W. Biederman"
Signed-off-by: David S. Miller
15 Nov, 2012
3 commits
-
This is Linux bridge implementation of root port guard.
If BPDU is received from a leaf (edge) port, it should not
be elected as root port.Why would you want to do this?
If using STP on a bridge and the downstream bridges are not fully
trusted; this prevents a hostile guest for rerouting traffic.Why not just use netfilter?
Netfilter does not track of follow spanning tree decisions.
It would be difficult and error prone to try and mirror STP
resolution in netfilter module.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
This is Linux bridge implementation of STP protection
(Cisco BPDU guard/Juniper BPDU block). BPDU block disables
the bridge port if a STP BPDU packet is received.Why would you want to do this?
If running Spanning Tree on bridge, hostile devices on the network
may send BPDU and cause network failure. Enabling bpdu block
will detect and stop this.How to recover the port?
The port will be restarted if link is brought down, or
removed and reattached. For example:
# ip li set dev eth0 down; ip li set dev eth0 upSigned-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Provide macro to build sysfs data structures and functions
for accessing flag bits. If flag bits change do netlink
notification.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
31 Jul, 2012
1 commit
-
Simple table that can be marked const.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
05 Apr, 2011
1 commit
-
Apply restrictions on STP parameters based 802.1D 1998 standard.
* Fixes missing locking in set path cost ioctl
* Uses common code for both ioctl and sysfsThis is based on an earlier patch Sasikanth V but with overhaul.
Note:
1. It does NOT enforce the restriction on the relationship max_age and
forward delay or hello time because in existing implementation these are
set as independant operations.2. If STP is disabled, there is no restriction on forward delay
3. No restriction on holding time because users use Linux code to act
as hub or be sticky.4. Although standard allow 0-255, Linux only allows 0-63 for port priority
because more bits are reserved for port number.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
16 May, 2010
1 commit
-
Links for each port are created in sysfs using the device
name, but this could be changed after being added to the
bridge.As well as being unable to remove interfaces after this
occurs (because userspace tools don't recognise the new
name, and the kernel won't recognise the old name), adding
another interface with the old name to the bridge will
cause an error trying to create the sysfs link.This fixes the problem by listening for NETDEV_CHANGENAME
notifications and renaming the link.https://bugzilla.kernel.org/show_bug.cgi?id=12743
Signed-off-by: Simon Arlott
Acked-by: Stephen Hemminger
Signed-off-by: David S. Miller
08 Mar, 2010
1 commit
-
Constify struct sysfs_ops.
This is part of the ops structure constification
effort started by Arjan van de Ven et al.Benefits of this constification:
* prevents modification of data that is shared
(referenced) by many other structure instances
at runtime* detects/prevents accidental (but not intentional)
modification attempts on archs that enforce
read-only kernel data at runtime* potentially better optimized code as the compiler
can assume that the const data cannot be changed* the compiler/linker move const data into .rodata
and therefore exclude them from false sharingSigned-off-by: Emese Revfy
Acked-by: David Teigland
Acked-by: Matt Domsch
Acked-by: Maciej Sosnowski
Acked-by: Hans J. Koch
Acked-by: Pekka Enberg
Acked-by: Jens Axboe
Acked-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman
28 Feb, 2010
1 commit
-
This patch allows the user to forcibly enable/disable ports as
having multicast routers attached. A port with a multicast router
will receive all multicast traffic.The value 0 disables it completely. The default is 1 which lets
the system automatically detect the presence of routers (currently
this is limited to picking up queries), and 2 means that the port
will always receive all multicast traffic.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
14 Aug, 2009
1 commit
-
This patch adds a 'hairpin' (also called 'reflective relay') mode
port configuration to the Linux Ethernet bridge kernel module.
A bridge supporting hairpin forwarding mode can send frames back
out through the port the frame was received on.Hairpin mode is required to support basic VEPA (Virtual
Ethernet Port Aggregator) capabilities.You can find additional information on VEPA here:
http://tech.groups.yahoo.com/group/evb/
http://www.ieee802.org/1/files/public/docs2009/new-hudson-vepa_seminar-20090514d.pdf
http://www.internet2.edu/presentations/jt2009jul/20090719-congdon.pdfAn additional patch 'bridge-utils: Add 'hairpin' port forwarding mode'
is provided to allow configuring hairpin mode from userspace tools.Signed-off-by: Paul Congdon
Signed-off-by: Anna Fischer
Acked-by: Arnd Bergmann
Signed-off-by: David S. Miller
19 May, 2009
1 commit
-
Holding rtnl_lock when we are unregistering the sysfs files can
deadlock if we unconditionally take rtnl_lock in a sysfs file. So fix
it with the now familiar patter of: rtnl_trylock and syscall_restart()Signed-off-by: Eric W. Biederman
Signed-off-by: David S. Miller
25 Jan, 2008
1 commit
-
The kobject in the bridge code is only used for registering with sysfs,
not for any lifespan rules. This patch changes it to be only a pointer
and use the simpler api for this kind of thing.Cc: Stephen Hemminger
Cc: Kay Sievers
Signed-off-by: Greg Kroah-Hartman
12 Jul, 2007
1 commit
-
sysfs is now completely out of driver/module lifetime game. After
deletion, a sysfs node doesn't access anything outside sysfs proper,
so there's no reason to hold onto the attribute owners. Note that
often the wrong modules were accounted for as owners leading to
accessing removed modules.This patch kills now unnecessary attribute->owner. Note that with
this change, userland holding a sysfs node does not prevent the
backing module from being unloaded.For more info regarding lifetime rule cleanup, please read the
following message.http://article.gmane.org/gmane.linux.kernel/510293
(tweaked by Greg to not delete the field just yet, to make it easier to
merge things properly.)Signed-off-by: Tejun Heo
Cc: Cornelia Huck
Cc: Andrew Morton
Signed-off-by: Greg Kroah-Hartman
26 Apr, 2007
1 commit
-
The RSTP daemon needs to be able to flush all dynamic forwarding
entries in the case of topology change.This is a temporary interface. It will change to a netlink interface
before RSTP daemon is officially released.Signed-off-by: Stephen Hemminger
08 Feb, 2007
1 commit
-
This lets the network core have the ability to handle suspend/resume
issues, if it wants to.Thanks to Frederik Deweerdt for the arm
driver fixes.Signed-off-by: Greg Kroah-Hartman
10 Feb, 2006
1 commit
-
Refactor how the bridge code interacts with kobject system.
It should still use kobjects even if not using sysfs.
Fix the error unwind handling in br_add_if.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
12 Jan, 2006
1 commit
-
net: Use where capable() is used.
Signed-off-by: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
05 Jan, 2006
1 commit
-
Leave the overloaded "hotplug" word to susbsystems which are handling
real devices. The driver core does not "plug" anything, it just exports
the state to userspace and generates events.Signed-off-by: Kay Sievers
Signed-off-by: Greg Kroah-Hartman
19 Apr, 2005
1 commit
-
kobject_add() and kobject_del() don't emit hotplug events anymore.
We need to do it ourselves now.Signed-off-by: Kay Sievers
Signed-off-by: Greg Kroah-Hartman
17 Apr, 2005
1 commit
-
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.Let it rip!
