diff options
| author | Lutz Donnerhacke <donner@FreeBSD.org> | 2021-02-06 10:25:04 +0000 |
|---|---|---|
| committer | Lutz Donnerhacke <donner@FreeBSD.org> | 2021-02-06 14:01:15 +0000 |
| commit | c869d905baa4e329dfd6793e7487b5985248ddb6 (patch) | |
| tree | 1b3a9d610a989df670ff8983b6bd10066f7501ba /sys | |
| parent | 689561d4032233bc171cff30d6756c3cf3b22720 (diff) | |
| download | src-c869d905baa4e329dfd6793e7487b5985248ddb6.tar.gz src-c869d905baa4e329dfd6793e7487b5985248ddb6.zip | |
netgraph/ng_bridge: Derive forwarding mode from first attached hook
Handling of unknown MACs on an bridge with incomplete learning
capabilites (aka uplink ports) can be defined in different ways.
The classical approach is to broadcast unicast frames send to an
unknown MAC, because the unknown devices can be everywhere. This mode
is default for ng_bridge(4).
In the case of dedicated uplink ports, which prohibit learning of MAC
addresses in order to save memory and CPU cycles, the broadcast
approach is dangerous. All traffic to the uplink port is broadcasted
to every downlink port, too. In this case, it's better to restrict the
distribution of frames to unknown MAC to the uplink ports only.
In order to keep the chance small and the handling as natural as
possible, the first attached link is used to determine the behaviour
of the bridge: If it is an "uplink" port, then the bridge switch from
classical mode to restricted mode.
Reviewed By: kp
Approved by: kp (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D28487
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netgraph/ng_bridge.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sys/netgraph/ng_bridge.c b/sys/netgraph/ng_bridge.c index a21da545e210..ed08020ead70 100644 --- a/sys/netgraph/ng_bridge.c +++ b/sys/netgraph/ng_bridge.c @@ -105,7 +105,8 @@ struct ng_bridge_private { u_int numBuckets; /* num buckets in table */ u_int hashMask; /* numBuckets - 1 */ int numLinks; /* num connected links */ - int persistent; /* can exist w/o hooks */ + unsigned int persistent : 1, /* can exist w/o hooks */ + sendUnknown : 1;/* links receive unknowns by default */ struct callout timer; /* one second periodic timer */ }; typedef struct ng_bridge_private *priv_p; @@ -309,6 +310,7 @@ ng_bridge_constructor(node_p node) priv->conf.loopTimeout = DEFAULT_LOOP_TIMEOUT; priv->conf.maxStaleness = DEFAULT_MAX_STALENESS; priv->conf.minStableAge = DEFAULT_MIN_STABLE_AGE; + priv->sendUnknown = 1; /* classic bridge */ /* * This node has all kinds of stuff that could be screwed by SMP. @@ -371,9 +373,11 @@ ng_bridge_newhook(node_p node, hook_p hook, const char *name) if (isUplink) { link->learnMac = 0; link->sendUnknown = 1; + if (priv->numLinks == 0) /* if the first link is an uplink */ + priv->sendUnknown = 0; /* switch to restrictive mode */ } else { link->learnMac = 1; - link->sendUnknown = 1; + link->sendUnknown = priv->sendUnknown; } NG_HOOK_SET_PRIVATE(hook, link); |