From: Ido Schimmel <idosch@mellanox.com>
To: David Ahern <dsahern@gmail.com>
Cc: "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"stephen@networkplumber.org" <stephen@networkplumber.org>
Subject: Re: [PATCH iproute2-next] bridge: fdb: Fix filtering with strict checking enabled / disabled
Date: Fri, 4 Jan 2019 11:25:34 +0000 [thread overview]
Message-ID: <20190104112532.GA3471@splinter> (raw)
In-Reply-To: <74ba42e9-2efe-9c4d-666b-9b224089c2bd@gmail.com>
On Wed, Jan 02, 2019 at 09:34:28PM -0700, David Ahern wrote:
> On 1/1/19 12:18 AM, Ido Schimmel wrote:
> > When strict checking is enabled the kernel expects to receive the
> > ifindex of the bridge device using 'NDA_MASTER', but iproute2 currently
> > uses 'IFLA_MASTER' which the kernel expects when strict checking is
> > disabled. Therefore, using iproute2 on current kernels while filtering
> > on bridge results in the following error:
> >
> > # bridge fdb show br br0
> > Error: Unsupported attribute in fdb dump request.
> > Dump terminated
> >
> > Additionally, when strict checking is disabled and the bridge is
> > specified via 'IFLA_MASTER', we need to make sure that the message
> > length actually corresponds to 'struct ifinfomsg' and a potential
> > attribute.
> >
> > Fix this by adding a new flag to the RTNL handle which indicates whether
> > strict checking is enabled on the socket or not. If it is enabled,
> > specify 'NDA_MASTER'. Otherwise, specify 'IFLA_MASTER' and set the
> > message length accordingly.
> >
> > Tested with and without strict checking on net-next and on older kernels
> > (v4.18, v4.17, v4.9).
> >
> > Fixes: 66e8e73edc65 ("bridge: fdb: Use 'struct ndmsg' for FDB dumping")
> > Fixes: aea41afcfd6d ("ip bridge: Set NETLINK_GET_STRICT_CHK on socket")
> > Signed-off-by: Ido Schimmel <idosch@mellanox.com>
> > ---
> > bridge/fdb.c | 11 ++++++++++-
> > include/libnetlink.h | 1 +
> > lib/libnetlink.c | 6 ++++--
> > 3 files changed, 15 insertions(+), 3 deletions(-)
> >
> > diff --git a/bridge/fdb.c b/bridge/fdb.c
> > index a7a0d8052307..f898b20918fb 100644 I
> > --- a/bridge/fdb.c
> > +++ b/bridge/fdb.c
> > @@ -271,6 +271,11 @@ static int fdb_show(int argc, char **argv)
> > char *br = NULL;
> > int msg_size = sizeof(struct ndmsg);
> >
> > + if (!(rth.flags & RTNL_HANDLE_F_STRICT_CHK)) {
> > + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
> > + msg_size = sizeof(struct ifinfomsg);
> > + }
> > +
> > while (argc > 0) {
> > if ((strcmp(*argv, "brport") == 0) || strcmp(*argv, "dev") == 0) {
> > NEXT_ARG();
> > @@ -304,7 +309,11 @@ static int fdb_show(int argc, char **argv)
> > fprintf(stderr, "Cannot find bridge device \"%s\"\n", br);
> > return -1;
> > }
> > - addattr32(&req.n, sizeof(req), IFLA_MASTER, br_ifindex);
> > +
> > + if (rth.flags & RTNL_HANDLE_F_STRICT_CHK)
> > + addattr32(&req.n, sizeof(req), NDA_MASTER, br_ifindex);
> > + else
> > + addattr32(&req.n, sizeof(req), IFLA_MASTER, br_ifindex);
> > msg_size += RTA_LENGTH(4);
> > }
> >
>
> I like the addition of the flag to rth as a way for commands to know if
> the kernel supports strict checking.
>
> Couple of things. first, the patch (at least when I saved it to file)
> has html codes in it. New for a patch from you so not sure what
> happened. An example:
No clue. I didn't do anything differently.
>
> diff --git a/bridge/fdb.c b/bridge/fdb.c
> index a7a0d8052307..f898b20918fb 100644
> --- a/bridge/fdb.c
> +++ b/bridge/fdb.c
> @@ -271,6 +271,11 @@ static int fdb_show(int argc, char **argv)
> char *br =3D NULL;
> int msg_size =3D sizeof(struct ndmsg);
> =20
> + if (!(rth.flags & RTNL_HANDLE_F_STRICT_CHK)) {
> + req.n.nlmsg_len =3D NLMSG_LENGTH(sizeof(struct ifinfomsg));
> + msg_size =3D sizeof(struct ifinfomsg);
> + }
> +
> while (argc > 0) {
> if ((strcmp(*argv, "brport") =3D=3D 0) || strcmp(*argv,
> "dev") =3D=3D 0)=
> {
> NEXT_ARG();
>
>
> Second, the current code after your last patch sets the ifindex in the
> ancillary header based on ndmsg versus ifinfomsg. While the offset is
> the same, it seems odd and a challenge for future readers that the
> master attribute toggles between IFLA and NDA but the struct entry does
> not matter.
Yes, I agree it's not pretty.
> I think long term the code should be consistent with other dump
> commands. I missed neigh and fdb dumps in my first round. Specifically,
> removing the req from the list functions and instead using the type
> specific dump functions with a filter function that can append to the
> request when it makes sense. I have that coded and seems to work fine on
> latest kernel and older (4.1). If you have some time another
> verification would be great. Thanks,
I'll take a look.
prev parent reply other threads:[~2019-01-04 11:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-01 7:18 [PATCH iproute2-next] bridge: fdb: Fix filtering with strict checking enabled / disabled Ido Schimmel
2019-01-03 4:34 ` David Ahern
2019-01-04 11:25 ` Ido Schimmel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190104112532.GA3471@splinter \
--to=idosch@mellanox.com \
--cc=dsahern@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.