Thread (16 messages) 16 messages, 5 authors, 2013-10-18

Re: [PATCH v2 net 4/4] bridge: Fix updating FDB entries when the PVID is applied

From: Toshiaki Makita <hidden>
Date: 2013-10-17 12:53:02

On Wed, 2013-10-16 at 12:11 -0400, Vlad Yasevich wrote:
On 10/16/2013 11:57 AM, Stephen Hemminger wrote:
quoted
On Wed, 16 Oct 2013 17:07:16 +0900
Toshiaki Makita [off-list ref] wrote:
quoted
We currently set the value that variable vid is pointing, which will be
used in FDB later, to 0 at br_allowed_ingress() when we receive untagged
or priority-tagged frames, even though the PVID is valid.
This leads to FDB updates in such a wrong way that they are learned with
VID 0.
Update the value to that of PVID if the PVID is applied.

Signed-off-by: Toshiaki Makita <redacted>
Reviewed-by: Vlad Yasevich <redacted>
---
  net/bridge/br_vlan.c | 1 +
  1 file changed, 1 insertion(+)
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index 5a9c44a..53f0990 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -217,6 +217,7 @@ bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
  		/* PVID is set on this port.  Any untagged or priority-tagged
  		 * ingress frame is considered to belong to this vlan.
  		 */
+		*vid = pvid;
  		if (likely(err))
  			/* Untagged Frame. */
  			__vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid);

Ok, but side-effects seem like an indication of poor code logic
flow design. Not your fault but part of the the per-vlan filtering code.
I'll see if I can re-work the code to get rid of the side-effects.
I'm thinking br_allowed_ingress() might have too many roles.
- Determine whether an incoming frame is acceptable.
- Update skb->vlan_tci if PVID is applied.
- Update the argument 'vid'.

Besides, 'vid' is actually updated by not br_allowed_ingress() but
br_vlan_get_tag().

I think this complicated implementation could lead to missing expected
code for updating vid.

At least we can remove the third role from br_allowed_ingress() because
the required vid is recorded in skb->vlan_tci when we exit the function.

So, we can write the caller of br_allowed_ingress() like
	...
	if (!br_allowed_ingress(br, v, skb))
		goto drop;
	vid = br_vlan_get_tag(skb);

(Assuming br_vlan_get_tag() has been changed to return vid.)

However, this will require br_vlan_get_tag() to check br->vlan_enabled.
Does this change reduce complexity of current implementation?

BTW, some codes in mdb, such as br_multicast_ipv4_rcv(), seem to call
br_vlan_get_tag() without checking br->vlan_enabled.
Is this right way?
Or does br_vlan_get_tag() originally need to check br->vlan_enabled?

Thanks,

Toshiaki Makita
-vlad
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help