iplink_bridge: Add no_linklocal_learn option support

Kernel commit 70e4272b4c81 ("net: bridge: add no_linklocal_learn bool option") added the no_linklocal_learn bridge option that can be set via sysfs or netlink. Add iproute2 support, allowing it to query and set the option via netlink. The option is useful, for example, in scenarios where we want the bridge to be able to refresh dynamic FDB entries that were added by user space and are pointing to locked bridge ports, but do not want the bridge to populate its FDB from EAPOL frames used for authentication. Example: $ ip -j -d link show dev br0 | jq ".[][\"linkinfo\"][\"info_data\"][\"no_linklocal_learn\"]" 0 $ cat /sys/class/net/br0/bridge/no_linklocal_learn 0 # ip link set dev br0 type bridge no_linklocal_learn 1 $ ip -j -d link show dev br0 | jq ".[][\"linkinfo\"][\"info_data\"][\"no_linklocal_learn\"]" 1 $ cat /sys/class/net/br0/bridge/no_linklocal_learn 1 # ip link set dev br0 type bridge no_linklocal_learn 0 $ ip -j -d link show dev br0 | jq ".[][\"linkinfo\"][\"info_data\"][\"no_linklocal_learn\"]" 0 $ cat /sys/class/net/br0/bridge/no_linklocal_learn 0 Signed-off-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
2024-11-15 05:55:11 +08:00 · 2022-10-01 17:35:51 +03:00 · 2022-10-01 17:35:51 +03:00 · c74a8bc9cf
commit c74a8bc9cf
parent 6781fcee42
2 changed files with 29 additions and 0 deletions
--- a/ip/iplink_bridge.c
+++ b/ip/iplink_bridge.c
@ -37,6 +37,7 @@ static void print_explain(FILE *f)
 		"		  [ priority PRIORITY ]\n"
 		"		  [ group_fwd_mask MASK ]\n"
 		"		  [ group_address ADDRESS ]\n"
+		"		  [ no_linklocal_learn NO_LINKLOCAL_LEARN ]\n"
 		"		  [ vlan_filtering VLAN_FILTERING ]\n"
 		"		  [ vlan_protocol VLAN_PROTOCOL ]\n"
 		"		  [ vlan_default_pvid VLAN_DEFAULT_PVID ]\n"
@ -159,6 +160,18 @@ static int bridge_parse_opt(struct link_util *lu, int argc, char **argv,
 			if (len < 0)
 				return -1;
 			addattr_l(n, 1024, IFLA_BR_GROUP_ADDR, llabuf, len);
+		} else if (strcmp(*argv, "no_linklocal_learn") == 0) {
+			__u32 no_ll_learn_bit = 1 << BR_BOOLOPT_NO_LL_LEARN;
+			__u8 no_ll_learn;
+
+			NEXT_ARG();
+			if (get_u8(&no_ll_learn, *argv, 0))
+				invarg("invalid no_linklocal_learn", *argv);
+			bm.optmask |= 1 << BR_BOOLOPT_NO_LL_LEARN;
+			if (no_ll_learn)
+				bm.optval |= no_ll_learn_bit;
+			else
+				bm.optval &= ~no_ll_learn_bit;
 		} else if (matches(*argv, "fdb_flush") == 0) {
 			addattr(n, 1024, IFLA_BR_FDB_FLUSH);
 		} else if (matches(*argv, "vlan_default_pvid") == 0) {
@ -578,9 +591,15 @@ static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])

 	if (tb[IFLA_BR_MULTI_BOOLOPT]) {
 		__u32 mcvl_bit = 1 << BR_BOOLOPT_MCAST_VLAN_SNOOPING;
+		__u32 no_ll_learn_bit = 1 << BR_BOOLOPT_NO_LL_LEARN;
 		struct br_boolopt_multi *bm;

 		bm = RTA_DATA(tb[IFLA_BR_MULTI_BOOLOPT]);
+		if (bm->optmask & no_ll_learn_bit)
+			print_uint(PRINT_ANY,
+				   "no_linklocal_learn",
+				   "no_linklocal_learn %u ",
+				    !!(bm->optval & no_ll_learn_bit));
 		if (bm->optmask & mcvl_bit)
 			print_uint(PRINT_ANY,
 				   "mcast_vlan_snooping",
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@ -1572,6 +1572,8 @@ the following additional arguments are supported:
 ] [
 .BI priority " PRIORITY "
 ] [
+.BI no_linklocal_learn " NO_LINKLOCAL_LEARN "
+] [
 .BI vlan_filtering " VLAN_FILTERING "
 ] [
 .BI vlan_protocol " VLAN_PROTOCOL "
@ -1675,6 +1677,14 @@ bridge election.
 .I PRIORITY
 is a 16bit unsigned integer.

+.BI no_linklocal_learn " NO_LINKLOCAL_LEARN "
+- turn link-local learning on
+.RI ( NO_LINKLOCAL_LEARN " == 0) "
+or off
+.RI ( NO_LINKLOCAL_LEARN " > 0). "
+When disabled, the bridge will not learn from link-local frames (default:
+enabled).
+
 .BI vlan_filtering " VLAN_FILTERING "
 - turn VLAN filtering on
 .RI ( VLAN_FILTERING " > 0) "