From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C52C441ECF DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org D80AA401DB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1695727367; x=1695813767; bh=+JlMwL7peYxkx bAOj7Omdxd33gxKlbj7HQtEwxgZzWE=; b=cKtLQu23NwBKm/8ULa+QXLjcUNspZ wW75f+V9km5/McnePuQ8zxBaVc1EUavIkjlNmr9ed6/0nWKDmB4t69EI62hnQoLc OskoRIIVRcs/cxPjRZEwX2ImPVQW9hhZwPpYj9xjZ7oeNn5lgrH+jQ7eG08rltjm rMhcL4q6EyFQBDBqnd5IyIwz8/dU3sDJNE2GRvWwTZySynVdwcrqnbAB1Sf9kFBV 6bIVnKw1vm3EHdIKD7MKO2ZJ0X+b1oXfWN8h8wz8unZoTYmwDVAJC0A2iz2HGsZV Mmkj8R8N8S4nyOPEbc1r2u5jUqrj23+6L1OunXCD8vjqbQf29o5/pHH+w== Date: Tue, 26 Sep 2023 14:22:42 +0300 From: Ido Schimmel Message-ID: References: <20230919-fdb_limit-v4-0-39f0293807b8@avm.de> <20230919-fdb_limit-v4-3-39f0293807b8@avm.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230919-fdb_limit-v4-3-39f0293807b8@avm.de> Subject: Re: [Bridge] [PATCH net-next v4 3/6] net: bridge: Track and limit dynamically learned FDB entries List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Johannes Nixdorf Cc: Andrew Lunn , Florian Fainelli , bridge@lists.linux-foundation.org, Ido Schimmel , Nikolay Aleksandrov , Roopa Prabhu , linux-kernel@vger.kernel.org, Oleksij Rempel , Vladimir Oltean , Eric Dumazet , netdev@vger.kernel.org, linux-kselftest@vger.kernel.org, David Ahern , Jakub Kicinski , Paolo Abeni , Shuah Khan , "David S. Miller" On Tue, Sep 19, 2023 at 10:12:50AM +0200, Johannes Nixdorf wrote: > A malicious actor behind one bridge port may spam the kernel with packets > with a random source MAC address, each of which will create an FDB entry, > each of which is a dynamic allocation in the kernel. > > There are roughly 2^48 different MAC addresses, further limited by the > rhashtable they are stored in to 2^31. Each entry is of the type struct > net_bridge_fdb_entry, which is currently 128 bytes big. This means the > maximum amount of memory allocated for FDB entries is 2^31 * 128B = > 256GiB, which is too much for most computers. > > Mitigate this by maintaining a per bridge count of those automatically > generated entries in fdb_n_learned, and a limit in fdb_max_learned. If > the limit is hit new entries are not learned anymore. > > For backwards compatibility the default setting of 0 disables the limit. > > User-added entries by netlink or from bridge or bridge port addresses > are never blocked and do not count towards that limit. > > Introduce a new fdb entry flag BR_FDB_DYNAMIC_LEARNED to keep track of > whether an FDB entry is included in the count. The flag is enabled for > dynamically learned entries, and disabled for all other entries. This > should be equivalent to BR_FDB_ADDED_BY_USER and BR_FDB_LOCAL being unset, > but contrary to the two flags it can be toggled atomically. > > Atomicity is required here, as there are multiple callers that modify the > flags, but are not under a common lock (br_fdb_update is the exception > for br->hash_lock, br_fdb_external_learn_add for RTNL). > > Signed-off-by: Johannes Nixdorf Reviewed-by: Ido Schimmel