[openwrt/openwrt] generic vxlan: don't learn non-unicast L2 destinations
LEDE Commits
lede-commits at lists.infradead.org
Mon Feb 26 13:18:14 PST 2024
blocktrron pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/0985262fd0f0b9c33e1fb559e71c041379199a91
commit 0985262fd0f0b9c33e1fb559e71c041379199a91
Author: David Bauer <mail at david-bauer.net>
AuthorDate: Sat Feb 17 22:37:05 2024 +0100
generic vxlan: don't learn non-unicast L2 destinations
This patch avoids learning non-unicast targets in the vxlan FDB. They
are non-unicast and thus should be sent to the broadcast-IPv6 instead of
a unicast address
Link: https://lore.kernel.org/netdev/15ee0cc7-9252-466b-8ce7-5225d605dde8@david-bauer.net/
Link: https://github.com/freifunk-gluon/gluon/issues/3191
Signed-off-by: David Bauer <mail at david-bauer.net>
---
...n-don-t-learn-non-unicast-L2-destinations.patch | 30 ++++++++++++++++++++++
...n-don-t-learn-non-unicast-L2-destinations.patch | 30 ++++++++++++++++++++++
2 files changed, 60 insertions(+)
diff --git a/target/linux/generic/pending-5.15/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch b/target/linux/generic/pending-5.15/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch
new file mode 100644
index 0000000000..6c1f596759
--- /dev/null
+++ b/target/linux/generic/pending-5.15/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch
@@ -0,0 +1,30 @@
+From 3f1a227cb071f65f6ecc4db9f399649869735a7c Mon Sep 17 00:00:00 2001
+From: David Bauer <mail at david-bauer.net>
+Date: Sat, 17 Feb 2024 22:34:59 +0100
+Subject: [PATCH] net vxlan: don't learn non-unicast L2 destinations
+
+This patch avoids learning non-unicast targets in the vxlan FDB.
+They are non-unicast and thus should be sent to the broadcast-IPv6
+instead of a unicast address.
+
+Link: https://lore.kernel.org/netdev/15ee0cc7-9252-466b-8ce7-5225d605dde8@david-bauer.net/
+Link: https://github.com/freifunk-gluon/gluon/issues/3191
+
+Signed-off-by: David Bauer <mail at david-bauer.net>
+---
+ drivers/net/vxlan.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/net/vxlan/vxlan_core.c
++++ b/drivers/net/vxlan/vxlan_core.c
+@@ -1493,6 +1493,10 @@ static bool vxlan_snoop(struct net_devic
+ struct vxlan_fdb *f;
+ u32 ifindex = 0;
+
++ /* Don't learn broadcast packets */
++ if (is_multicast_ether_addr(src_mac) || is_zero_ether_addr(src_mac))
++ return false;
++
+ #if IS_ENABLED(CONFIG_IPV6)
+ if (src_ip->sa.sa_family == AF_INET6 &&
+ (ipv6_addr_type(&src_ip->sin6.sin6_addr) & IPV6_ADDR_LINKLOCAL))
diff --git a/target/linux/generic/pending-6.1/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch b/target/linux/generic/pending-6.1/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch
new file mode 100644
index 0000000000..6c1f596759
--- /dev/null
+++ b/target/linux/generic/pending-6.1/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch
@@ -0,0 +1,30 @@
+From 3f1a227cb071f65f6ecc4db9f399649869735a7c Mon Sep 17 00:00:00 2001
+From: David Bauer <mail at david-bauer.net>
+Date: Sat, 17 Feb 2024 22:34:59 +0100
+Subject: [PATCH] net vxlan: don't learn non-unicast L2 destinations
+
+This patch avoids learning non-unicast targets in the vxlan FDB.
+They are non-unicast and thus should be sent to the broadcast-IPv6
+instead of a unicast address.
+
+Link: https://lore.kernel.org/netdev/15ee0cc7-9252-466b-8ce7-5225d605dde8@david-bauer.net/
+Link: https://github.com/freifunk-gluon/gluon/issues/3191
+
+Signed-off-by: David Bauer <mail at david-bauer.net>
+---
+ drivers/net/vxlan.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/net/vxlan/vxlan_core.c
++++ b/drivers/net/vxlan/vxlan_core.c
+@@ -1493,6 +1493,10 @@ static bool vxlan_snoop(struct net_devic
+ struct vxlan_fdb *f;
+ u32 ifindex = 0;
+
++ /* Don't learn broadcast packets */
++ if (is_multicast_ether_addr(src_mac) || is_zero_ether_addr(src_mac))
++ return false;
++
+ #if IS_ENABLED(CONFIG_IPV6)
+ if (src_ip->sa.sa_family == AF_INET6 &&
+ (ipv6_addr_type(&src_ip->sin6.sin6_addr) & IPV6_ADDR_LINKLOCAL))
More information about the lede-commits
mailing list