diff options
| author |   Roopa Prabhu <roopa@cumulusnetworks.com> | 2017-10-06 22:12:38 -0700 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2017-10-08 21:12:04 -0700 |
| commit | 057658cb33fbf4d4309f01fe8845903b1cd07fad (patch) | |
| tree | 348002eed28b529bc36a2e1e054b71d234848526 /net/bridge/br_device.c | |
| parent | bridge: add new BR_NEIGH_SUPPRESS port flag to suppress arp and nd flood (diff) | |
| download | linux-dev-057658cb33fbf4d4309f01fe8845903b1cd07fad.tar.xz linux-dev-057658cb33fbf4d4309f01fe8845903b1cd07fad.zip | |
bridge: suppress arp pkts on BR_NEIGH_SUPPRESS ports
This patch avoids flooding and proxies arp packets
for BR_NEIGH_SUPPRESS ports.
Moves existing br_do_proxy_arp to br_do_proxy_suppress_arp
to support both proxy arp and neigh suppress.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_device.c')
| -rw-r--r-- | net/bridge/br_device.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 7acb77c9bd65..eb30c6a274c3 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -39,6 +39,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) struct pcpu_sw_netstats *brstats = this_cpu_ptr(br->stats); const struct nf_br_ops *nf_ops; const unsigned char *dest; + struct ethhdr *eth; u16 vid = 0; rcu_read_lock(); @@ -57,11 +58,19 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) BR_INPUT_SKB_CB(skb)->brdev = dev; skb_reset_mac_header(skb); + eth = eth_hdr(skb); skb_pull(skb, ETH_HLEN); if (!br_allowed_ingress(br, br_vlan_group_rcu(br), skb, &vid)) goto out; + if (IS_ENABLED(CONFIG_INET) && + (eth->h_proto == htons(ETH_P_ARP) || + eth->h_proto == htons(ETH_P_RARP)) && + br->neigh_suppress_enabled) { + br_do_proxy_suppress_arp(skb, br, vid, NULL); + } + dest = eth_hdr(skb)->h_dest; if (is_broadcast_ether_addr(dest)) { br_flood(br, skb, BR_PKT_BROADCAST, false, true); |