Re: [PATCH v2 net 4/4] bridge: Fix updating FDB entries when the PVID is applied
From: Toshiaki Makita <hidden>
Date: 2013-10-17 12:53:02
On Wed, 2013-10-16 at 12:11 -0400, Vlad Yasevich wrote:
On 10/16/2013 11:57 AM, Stephen Hemminger wrote:quoted
On Wed, 16 Oct 2013 17:07:16 +0900 Toshiaki Makita [off-list ref] wrote:quoted
We currently set the value that variable vid is pointing, which will be used in FDB later, to 0 at br_allowed_ingress() when we receive untagged or priority-tagged frames, even though the PVID is valid. This leads to FDB updates in such a wrong way that they are learned with VID 0. Update the value to that of PVID if the PVID is applied. Signed-off-by: Toshiaki Makita <redacted> Reviewed-by: Vlad Yasevich <redacted> --- net/bridge/br_vlan.c | 1 + 1 file changed, 1 insertion(+)diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 5a9c44a..53f0990 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c@@ -217,6 +217,7 @@ bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, /* PVID is set on this port. Any untagged or priority-tagged * ingress frame is considered to belong to this vlan. */ + *vid = pvid; if (likely(err)) /* Untagged Frame. */ __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), pvid);Ok, but side-effects seem like an indication of poor code logic flow design. Not your fault but part of the the per-vlan filtering code.I'll see if I can re-work the code to get rid of the side-effects.
I'm thinking br_allowed_ingress() might have too many roles. - Determine whether an incoming frame is acceptable. - Update skb->vlan_tci if PVID is applied. - Update the argument 'vid'. Besides, 'vid' is actually updated by not br_allowed_ingress() but br_vlan_get_tag(). I think this complicated implementation could lead to missing expected code for updating vid. At least we can remove the third role from br_allowed_ingress() because the required vid is recorded in skb->vlan_tci when we exit the function. So, we can write the caller of br_allowed_ingress() like ... if (!br_allowed_ingress(br, v, skb)) goto drop; vid = br_vlan_get_tag(skb); (Assuming br_vlan_get_tag() has been changed to return vid.) However, this will require br_vlan_get_tag() to check br->vlan_enabled. Does this change reduce complexity of current implementation? BTW, some codes in mdb, such as br_multicast_ipv4_rcv(), seem to call br_vlan_get_tag() without checking br->vlan_enabled. Is this right way? Or does br_vlan_get_tag() originally need to check br->vlan_enabled? Thanks, Toshiaki Makita
-vlad