[PATCH iproute2-next v2 0/8] Extend flush command to support VXLAN attributes

[PATCH iproute2-next v2 0/8] Extend flush command to support VXLAN attributes

[Amit Cohen]

The merge commit f84e3f8cced9 ("Merge branch 'bridge-fdb-flush' into next")
added support for fdb flushing.

The kernel was extended to support flush for VXLAN device, so the
"bridge fdb flush" command should support new attributes.

Add support for flushing FDB entries based on the following:
* Source VNI
* Nexthop ID
* Destination VNI
* Destination Port
* Destination IP
* 'router' flag

With this set, flush works with attributes which are relevant for VXLAN
FDBs, for example:

$ bridge fdb flush dev vx10 vni 5000 dst 192.2.2.1
< flush all vx10 entries with VNI 5000 and destination IP 192.2.2.1 >

There are examples for each attribute in the respective commit messages.

Patch set overview:
Patch #1 prepares the code for adding support for 'port' keyword
Patches #2-#7 add support for new keywords in flush command
Patch #8 adds a note in man page

v2:
	* Print 'nhid' instead of 'id' in the error in patch #3
	* Use capital letters for 'ECMP' in man page in patch #3

Amit Cohen (8):
  bridge: fdb: rename some variables to contain 'brport'
  bridge: fdb: support match on source VNI in flush command
  bridge: fdb: support match on nexthop ID in flush command
  bridge: fdb: support match on destination VNI in flush command
  bridge: fdb: support match on destination port in flush command
  bridge: fdb: support match on destination IP in flush command
  bridge: fdb: support match on [no]router flag in flush command
  man: bridge: add a note about using 'master' and 'self' with flush

 bridge/fdb.c      | 88 ++++++++++++++++++++++++++++++++++++++++-------
 man/man8/bridge.8 | 53 +++++++++++++++++++++++++++-
 2 files changed, 127 insertions(+), 14 deletions(-)

-- 
2.41.0

[PATCH iproute2-next v2 1/8] bridge: fdb: rename some variables to contain 'brport'

[Amit Cohen]

Currently, the flush command supports the keyword 'brport'. To handle
this argument the variables 'port_ifidx' and 'port' are used.

A following patch will add support for 'port' keyword in flush command,
rename the existing variables to include 'brport' prefix, so then it
will be clear that they are used to parse 'brport' argument.

Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
---
 bridge/fdb.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/bridge/fdb.c b/bridge/fdb.c
index d7ef26fd..e01e14f1 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -696,10 +696,10 @@ static int fdb_flush(int argc, char **argv)
 	};
 	unsigned short ndm_state_mask = 0;
 	unsigned short ndm_flags_mask = 0;
-	short vid = -1, port_ifidx = -1;
+	short vid = -1, brport_ifidx = -1;
+	char *d = NULL, *brport = NULL;
 	unsigned short ndm_flags = 0;
 	unsigned short ndm_state = 0;
-	char *d = NULL, *port = NULL;
 
 	while (argc > 0) {
 		if (strcmp(*argv, "dev") == 0) {
@@ -752,10 +752,10 @@ static int fdb_flush(int argc, char **argv)
 			ndm_flags &= ~NTF_OFFLOADED;
 			ndm_flags_mask |= NTF_OFFLOADED;
 		} else if (strcmp(*argv, "brport") == 0) {
-			if (port)
+			if (brport)
 				duparg2("brport", *argv);
 			NEXT_ARG();
-			port = *argv;
+			brport = *argv;
 		} else if (strcmp(*argv, "vlan") == 0) {
 			if (vid >= 0)
 				duparg2("vlan", *argv);
@@ -783,11 +783,11 @@ static int fdb_flush(int argc, char **argv)
 		return -1;
 	}
 
-	if (port) {
-		port_ifidx = ll_name_to_index(port);
-		if (port_ifidx == 0) {
+	if (brport) {
+		brport_ifidx = ll_name_to_index(brport);
+		if (brport_ifidx == 0) {
 			fprintf(stderr, "Cannot find bridge port device \"%s\"\n",
-				port);
+				brport);
 			return -1;
 		}
 	}
@@ -803,8 +803,8 @@ static int fdb_flush(int argc, char **argv)
 
 	req.ndm.ndm_flags = ndm_flags;
 	req.ndm.ndm_state = ndm_state;
-	if (port_ifidx > -1)
-		addattr32(&req.n, sizeof(req), NDA_IFINDEX, port_ifidx);
+	if (brport_ifidx > -1)
+		addattr32(&req.n, sizeof(req), NDA_IFINDEX, brport_ifidx);
 	if (vid > -1)
 		addattr16(&req.n, sizeof(req), NDA_VLAN, vid);
 	if (ndm_flags_mask)
-- 
2.41.0

[PATCH iproute2-next v2 2/8] bridge: fdb: support match on source VNI in flush command

[Amit Cohen]

Extend "fdb flush" command to match fdb entries with a specific source VNI.

Example:
$ bridge fdb flush dev vx10 src_vni 1000
This will flush all fdb entries pointing to vx10 with source VNI 1000.

Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
---
 bridge/fdb.c      | 12 +++++++++++-
 man/man8/bridge.8 |  8 ++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/bridge/fdb.c b/bridge/fdb.c
index e01e14f1..12d19f08 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -45,7 +45,7 @@ static void usage(void)
 		"              [ state STATE ] [ dynamic ] ]\n"
 		"       bridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV\n"
 		"              [ vlan VID ] [ vni VNI ] [ self ] [ master ] [ dynamic ]\n"
-		"       bridge fdb flush dev DEV [ brport DEV ] [ vlan VID ]\n"
+		"       bridge fdb flush dev DEV [ brport DEV ] [ vlan VID ] [ src_vni VNI ]\n"
 		"              [ self ] [ master ] [ [no]permanent | [no]static | [no]dynamic ]\n"
 		"              [ [no]added_by_user ] [ [no]extern_learn ] [ [no]sticky ]\n"
 		"              [ [no]offloaded ]\n");
@@ -700,6 +700,8 @@ static int fdb_flush(int argc, char **argv)
 	char *d = NULL, *brport = NULL;
 	unsigned short ndm_flags = 0;
 	unsigned short ndm_state = 0;
+	unsigned long src_vni = ~0;
+	char *endptr;
 
 	while (argc > 0) {
 		if (strcmp(*argv, "dev") == 0) {
@@ -761,6 +763,12 @@ static int fdb_flush(int argc, char **argv)
 				duparg2("vlan", *argv);
 			NEXT_ARG();
 			vid = atoi(*argv);
+		} else if (strcmp(*argv, "src_vni") == 0) {
+			NEXT_ARG();
+			src_vni = strtoul(*argv, &endptr, 0);
+			if ((endptr && *endptr) ||
+			    (src_vni >> 24) || src_vni == ULONG_MAX)
+				invarg("invalid src VNI\n", *argv);
 		} else if (strcmp(*argv, "help") == 0) {
 			NEXT_ARG();
 		} else {
@@ -807,6 +815,8 @@ static int fdb_flush(int argc, char **argv)
 		addattr32(&req.n, sizeof(req), NDA_IFINDEX, brport_ifidx);
 	if (vid > -1)
 		addattr16(&req.n, sizeof(req), NDA_VLAN, vid);
+	if (src_vni != ~0)
+		addattr32(&req.n, sizeof(req), NDA_SRC_VNI, src_vni);
 	if (ndm_flags_mask)
 		addattr8(&req.n, sizeof(req), NDA_NDM_FLAGS_MASK,
 			 ndm_flags_mask);
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index c52c9331..b1e96327 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -128,6 +128,8 @@ bridge \- show / manipulate bridge addresses and devices
 .IR DEV " ] [ "
 .B vlan
 .IR VID " ] [ "
+.B src_vni
+.IR VNI " ] [ "
 .BR self " ] [ " master " ] [ "
 .BR [no]permanent " | " [no]static " | " [no]dynamic " ] [ "
 .BR [no]added_by_user " ] [ " [no]extern_learn " ] [ "
@@ -892,6 +894,12 @@ specified by this option will override the one specified by dev above.
 the target VLAN ID for the operation. Match forwarding table entries only with the
 specified VLAN ID.
 
+.TP
+.BI src_vni " VNI"
+the src VNI Network Identifier (or VXLAN Segment ID) for the operation. Match
+forwarding table entries only with the specified VNI. Valid if the referenced
+device is a VXLAN type device.
+
 .TP
 .B self
 the operation is fulfilled directly by the driver for the specified network
-- 
2.41.0

[PATCH iproute2-next v2 3/8] bridge: fdb: support match on nexthop ID in flush command

[Amit Cohen]

Extend "fdb flush" command to match fdb entries with a specific nexthop ID.

Example:
$ bridge fdb flush dev vx10 nhid 2
This will flush all fdb entries pointing to vx10 with nexthop ID 2.

Signed-off-by: Amit Cohen <amcohen@nvidia.com>
---

Notes:
    v2:
    	* Print 'nhid' instead of 'id' in the error
    	* Use capital letters for 'ECMP' in man page

 bridge/fdb.c      | 10 +++++++++-
 man/man8/bridge.8 |  7 +++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/bridge/fdb.c b/bridge/fdb.c
index 12d19f08..22a86922 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -46,7 +46,8 @@ static void usage(void)
 		"       bridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV\n"
 		"              [ vlan VID ] [ vni VNI ] [ self ] [ master ] [ dynamic ]\n"
 		"       bridge fdb flush dev DEV [ brport DEV ] [ vlan VID ] [ src_vni VNI ]\n"
-		"              [ self ] [ master ] [ [no]permanent | [no]static | [no]dynamic ]\n"
+		"              [ nhid NHID ] [ self ] [ master ]\n"
+		"	       [ [no]permanent | [no]static | [no]dynamic ]\n"
 		"              [ [no]added_by_user ] [ [no]extern_learn ] [ [no]sticky ]\n"
 		"              [ [no]offloaded ]\n");
 	exit(-1);
@@ -701,6 +702,7 @@ static int fdb_flush(int argc, char **argv)
 	unsigned short ndm_flags = 0;
 	unsigned short ndm_state = 0;
 	unsigned long src_vni = ~0;
+	__u32 nhid = 0;
 	char *endptr;
 
 	while (argc > 0) {
@@ -769,6 +771,10 @@ static int fdb_flush(int argc, char **argv)
 			if ((endptr && *endptr) ||
 			    (src_vni >> 24) || src_vni == ULONG_MAX)
 				invarg("invalid src VNI\n", *argv);
+		} else if (strcmp(*argv, "nhid") == 0) {
+			NEXT_ARG();
+			if (get_u32(&nhid, *argv, 0))
+				invarg("\"nid\" value is invalid\n", *argv);
 		} else if (strcmp(*argv, "help") == 0) {
 			NEXT_ARG();
 		} else {
@@ -817,6 +823,8 @@ static int fdb_flush(int argc, char **argv)
 		addattr16(&req.n, sizeof(req), NDA_VLAN, vid);
 	if (src_vni != ~0)
 		addattr32(&req.n, sizeof(req), NDA_SRC_VNI, src_vni);
+	if (nhid > 0)
+		addattr32(&req.n, sizeof(req), NDA_NH_ID, nhid);
 	if (ndm_flags_mask)
 		addattr8(&req.n, sizeof(req), NDA_NDM_FLAGS_MASK,
 			 ndm_flags_mask);
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index b1e96327..254b2fe9 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -130,6 +130,8 @@ bridge \- show / manipulate bridge addresses and devices
 .IR VID " ] [ "
 .B src_vni
 .IR VNI " ] [ "
+.B nhid
+.IR NHID " ] ["
 .BR self " ] [ " master " ] [ "
 .BR [no]permanent " | " [no]static " | " [no]dynamic " ] [ "
 .BR [no]added_by_user " ] [ " [no]extern_learn " ] [ "
@@ -900,6 +902,11 @@ the src VNI Network Identifier (or VXLAN Segment ID) for the operation. Match
 forwarding table entries only with the specified VNI. Valid if the referenced
 device is a VXLAN type device.
 
+.TP
+.BI nhid " NHID"
+the ECMP nexthop group for the operation. Match forwarding table entries only
+with the specified NHID. Valid if the referenced device is a VXLAN type device.
+
 .TP
 .B self
 the operation is fulfilled directly by the driver for the specified network
-- 
2.41.0

[PATCH iproute2-next v2 4/8] bridge: fdb: support match on destination VNI in flush command

[Amit Cohen]

Extend "fdb flush" command to match fdb entries with a specific destination
VNI.

Example:
$ bridge fdb flush dev vx10 vni 1000
This will flush all fdb entries pointing to vx10 with destination VNI 1000.

Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
---
 bridge/fdb.c      | 11 ++++++++++-
 man/man8/bridge.8 |  8 ++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/bridge/fdb.c b/bridge/fdb.c
index 22a86922..16cd7660 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -46,7 +46,7 @@ static void usage(void)
 		"       bridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV\n"
 		"              [ vlan VID ] [ vni VNI ] [ self ] [ master ] [ dynamic ]\n"
 		"       bridge fdb flush dev DEV [ brport DEV ] [ vlan VID ] [ src_vni VNI ]\n"
-		"              [ nhid NHID ] [ self ] [ master ]\n"
+		"              [ nhid NHID ] [ vni VNI ] [ self ] [ master ]\n"
 		"	       [ [no]permanent | [no]static | [no]dynamic ]\n"
 		"              [ [no]added_by_user ] [ [no]extern_learn ] [ [no]sticky ]\n"
 		"              [ [no]offloaded ]\n");
@@ -702,6 +702,7 @@ static int fdb_flush(int argc, char **argv)
 	unsigned short ndm_flags = 0;
 	unsigned short ndm_state = 0;
 	unsigned long src_vni = ~0;
+	unsigned long vni = ~0;
 	__u32 nhid = 0;
 	char *endptr;
 
@@ -775,6 +776,12 @@ static int fdb_flush(int argc, char **argv)
 			NEXT_ARG();
 			if (get_u32(&nhid, *argv, 0))
 				invarg("\"nid\" value is invalid\n", *argv);
+		} else if (strcmp(*argv, "vni") == 0) {
+			NEXT_ARG();
+			vni = strtoul(*argv, &endptr, 0);
+			if ((endptr && *endptr) ||
+			    (vni >> 24) || vni == ULONG_MAX)
+				invarg("invalid VNI\n", *argv);
 		} else if (strcmp(*argv, "help") == 0) {
 			NEXT_ARG();
 		} else {
@@ -825,6 +832,8 @@ static int fdb_flush(int argc, char **argv)
 		addattr32(&req.n, sizeof(req), NDA_SRC_VNI, src_vni);
 	if (nhid > 0)
 		addattr32(&req.n, sizeof(req), NDA_NH_ID, nhid);
+	if (vni != ~0)
+		addattr32(&req.n, sizeof(req), NDA_VNI, vni);
 	if (ndm_flags_mask)
 		addattr8(&req.n, sizeof(req), NDA_NDM_FLAGS_MASK,
 			 ndm_flags_mask);
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index 254b2fe9..9341c77b 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -132,6 +132,8 @@ bridge \- show / manipulate bridge addresses and devices
 .IR VNI " ] [ "
 .B nhid
 .IR NHID " ] ["
+.B vni
+.IR VNI " ] [ "
 .BR self " ] [ " master " ] [ "
 .BR [no]permanent " | " [no]static " | " [no]dynamic " ] [ "
 .BR [no]added_by_user " ] [ " [no]extern_learn " ] [ "
@@ -907,6 +909,12 @@ device is a VXLAN type device.
 the ECMP nexthop group for the operation. Match forwarding table entries only
 with the specified NHID. Valid if the referenced device is a VXLAN type device.
 
+.TP
+.BI vni " VNI"
+the VXLAN VNI Network Identifier (or VXLAN Segment ID) for the operation. Match
+forwarding table entries only with the specified VNI. Valid if the referenced
+device is a VXLAN type device.
+
 .TP
 .B self
 the operation is fulfilled directly by the driver for the specified network
-- 
2.41.0

[PATCH iproute2-next v2 5/8] bridge: fdb: support match on destination port in flush command

[Amit Cohen]

Extend "fdb flush" command to match fdb entries with a specific destination
port.

Example:
$ bridge fdb flush dev vx10 port 1111
This will flush all fdb entries pointing to vx10 with destination port
1111.

Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
---
 bridge/fdb.c      | 21 ++++++++++++++++++++-
 man/man8/bridge.8 |  8 ++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/bridge/fdb.c b/bridge/fdb.c
index 16cd7660..f2d882ed 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -46,7 +46,7 @@ static void usage(void)
 		"       bridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV\n"
 		"              [ vlan VID ] [ vni VNI ] [ self ] [ master ] [ dynamic ]\n"
 		"       bridge fdb flush dev DEV [ brport DEV ] [ vlan VID ] [ src_vni VNI ]\n"
-		"              [ nhid NHID ] [ vni VNI ] [ self ] [ master ]\n"
+		"              [ nhid NHID ] [ vni VNI ] [ port PORT ] [ self ] [ master ]\n"
 		"	       [ [no]permanent | [no]static | [no]dynamic ]\n"
 		"              [ [no]added_by_user ] [ [no]extern_learn ] [ [no]sticky ]\n"
 		"              [ [no]offloaded ]\n");
@@ -703,6 +703,7 @@ static int fdb_flush(int argc, char **argv)
 	unsigned short ndm_state = 0;
 	unsigned long src_vni = ~0;
 	unsigned long vni = ~0;
+	unsigned long port = 0;
 	__u32 nhid = 0;
 	char *endptr;
 
@@ -782,6 +783,18 @@ static int fdb_flush(int argc, char **argv)
 			if ((endptr && *endptr) ||
 			    (vni >> 24) || vni == ULONG_MAX)
 				invarg("invalid VNI\n", *argv);
+		} else if (strcmp(*argv, "port") == 0) {
+			NEXT_ARG();
+			port = strtoul(*argv, &endptr, 0);
+			if (endptr && *endptr) {
+				struct servent *pse;
+
+				pse = getservbyname(*argv, "udp");
+				if (!pse)
+					invarg("invalid port\n", *argv);
+				port = ntohs(pse->s_port);
+			} else if (port > 0xffff)
+				invarg("invalid port\n", *argv);
 		} else if (strcmp(*argv, "help") == 0) {
 			NEXT_ARG();
 		} else {
@@ -834,6 +847,12 @@ static int fdb_flush(int argc, char **argv)
 		addattr32(&req.n, sizeof(req), NDA_NH_ID, nhid);
 	if (vni != ~0)
 		addattr32(&req.n, sizeof(req), NDA_VNI, vni);
+	if (port) {
+		unsigned short dport;
+
+		dport = htons((unsigned short)port);
+		addattr16(&req.n, sizeof(req), NDA_PORT, dport);
+	}
 	if (ndm_flags_mask)
 		addattr8(&req.n, sizeof(req), NDA_NDM_FLAGS_MASK,
 			 ndm_flags_mask);
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index 9341c77b..cf23094c 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -134,6 +134,8 @@ bridge \- show / manipulate bridge addresses and devices
 .IR NHID " ] ["
 .B vni
 .IR VNI " ] [ "
+.B port
+.IR PORT " ] ["
 .BR self " ] [ " master " ] [ "
 .BR [no]permanent " | " [no]static " | " [no]dynamic " ] [ "
 .BR [no]added_by_user " ] [ " [no]extern_learn " ] [ "
@@ -915,6 +917,12 @@ the VXLAN VNI Network Identifier (or VXLAN Segment ID) for the operation. Match
 forwarding table entries only with the specified VNI. Valid if the referenced
 device is a VXLAN type device.
 
+.TP
+.BI port " PORT"
+the UDP destination PORT number for the operation. Match forwarding table
+entries only with the specified PORT. Valid if the referenced device is a VXLAN
+type device.
+
 .TP
 .B self
 the operation is fulfilled directly by the driver for the specified network
-- 
2.41.0

[PATCH iproute2-next v2 6/8] bridge: fdb: support match on destination IP in flush command

[Amit Cohen]

Extend "fdb flush" command to match fdb entries with a specific destination
IP.

Example:
$ bridge fdb flush dev vx10 dst 192.1.1.1
This will flush all fdb entries pointing to vx10 with destination IP
192.1.1.1

Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
---
 bridge/fdb.c      | 14 ++++++++++++--
 man/man8/bridge.8 |  8 ++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/bridge/fdb.c b/bridge/fdb.c
index f2d882ed..8311fa08 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -46,8 +46,8 @@ static void usage(void)
 		"       bridge fdb get [ to ] LLADDR [ br BRDEV ] { brport | dev } DEV\n"
 		"              [ vlan VID ] [ vni VNI ] [ self ] [ master ] [ dynamic ]\n"
 		"       bridge fdb flush dev DEV [ brport DEV ] [ vlan VID ] [ src_vni VNI ]\n"
-		"              [ nhid NHID ] [ vni VNI ] [ port PORT ] [ self ] [ master ]\n"
-		"	       [ [no]permanent | [no]static | [no]dynamic ]\n"
+		"              [ nhid NHID ] [ vni VNI ] [ port PORT ] [ dst IPADDR ] [ self ]\n"
+		"	       [ master ] [ [no]permanent | [no]static | [no]dynamic ]\n"
 		"              [ [no]added_by_user ] [ [no]extern_learn ] [ [no]sticky ]\n"
 		"              [ [no]offloaded ]\n");
 	exit(-1);
@@ -704,6 +704,8 @@ static int fdb_flush(int argc, char **argv)
 	unsigned long src_vni = ~0;
 	unsigned long vni = ~0;
 	unsigned long port = 0;
+	inet_prefix dst;
+	int dst_ok = 0;
 	__u32 nhid = 0;
 	char *endptr;
 
@@ -795,6 +797,12 @@ static int fdb_flush(int argc, char **argv)
 				port = ntohs(pse->s_port);
 			} else if (port > 0xffff)
 				invarg("invalid port\n", *argv);
+		} else if (strcmp(*argv, "dst") == 0) {
+			NEXT_ARG();
+			if (dst_ok)
+				duparg2("dst", *argv);
+			get_addr(&dst, *argv, preferred_family);
+			dst_ok = 1;
 		} else if (strcmp(*argv, "help") == 0) {
 			NEXT_ARG();
 		} else {
@@ -853,6 +861,8 @@ static int fdb_flush(int argc, char **argv)
 		dport = htons((unsigned short)port);
 		addattr16(&req.n, sizeof(req), NDA_PORT, dport);
 	}
+	if (dst_ok)
+		addattr_l(&req.n, sizeof(req), NDA_DST, &dst.data, dst.bytelen);
 	if (ndm_flags_mask)
 		addattr8(&req.n, sizeof(req), NDA_NDM_FLAGS_MASK,
 			 ndm_flags_mask);
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index cf23094c..e3051f89 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -136,6 +136,8 @@ bridge \- show / manipulate bridge addresses and devices
 .IR VNI " ] [ "
 .B port
 .IR PORT " ] ["
+.B dst
+.IR IPADDR " ] [ "
 .BR self " ] [ " master " ] [ "
 .BR [no]permanent " | " [no]static " | " [no]dynamic " ] [ "
 .BR [no]added_by_user " ] [ " [no]extern_learn " ] [ "
@@ -923,6 +925,12 @@ the UDP destination PORT number for the operation. Match forwarding table
 entries only with the specified PORT. Valid if the referenced device is a VXLAN
 type device.
 
+.TP
+.BI dst " IPADDR"
+the IP address of the destination VXLAN tunnel endpoint for the operation. Match
+forwarding table entries only with the specified IPADDR. Valid if the referenced
+device is a VXLAN type device.
+
 .TP
 .B self
 the operation is fulfilled directly by the driver for the specified network
-- 
2.41.0

[PATCH iproute2-next v2 7/8] bridge: fdb: support match on [no]router flag in flush command

[Amit Cohen]

Extend "fdb flush" command to match entries with or without (if "no" is
prepended) router flag.

Examples:
$ bridge fdb flush dev vx10 router
This will delete all fdb entries pointing to vx10 with router flag.

$ bridge fdb flush dev vx10 norouter
This will delete all fdb entries pointing to vx10, except the ones with
router flag.

Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
---
 bridge/fdb.c      | 8 +++++++-
 man/man8/bridge.8 | 9 ++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/bridge/fdb.c b/bridge/fdb.c
index 8311fa08..7b444366 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -49,7 +49,7 @@ static void usage(void)
 		"              [ nhid NHID ] [ vni VNI ] [ port PORT ] [ dst IPADDR ] [ self ]\n"
 		"	       [ master ] [ [no]permanent | [no]static | [no]dynamic ]\n"
 		"              [ [no]added_by_user ] [ [no]extern_learn ] [ [no]sticky ]\n"
-		"              [ [no]offloaded ]\n");
+		"              [ [no]offloaded ] [ [no]router ]\n");
 	exit(-1);
 }
 
@@ -759,6 +759,12 @@ static int fdb_flush(int argc, char **argv)
 		} else if (strcmp(*argv, "nooffloaded") == 0) {
 			ndm_flags &= ~NTF_OFFLOADED;
 			ndm_flags_mask |= NTF_OFFLOADED;
+		} else if (strcmp(*argv, "router") == 0) {
+			ndm_flags |= NTF_ROUTER;
+			ndm_flags_mask |= NTF_ROUTER;
+		} else if (strcmp(*argv, "norouter") == 0) {
+			ndm_flags &= ~NTF_ROUTER;
+			ndm_flags_mask |= NTF_ROUTER;
 		} else if (strcmp(*argv, "brport") == 0) {
 			if (brport)
 				duparg2("brport", *argv);
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index e3051f89..e5c6064c 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -141,7 +141,7 @@ bridge \- show / manipulate bridge addresses and devices
 .BR self " ] [ " master " ] [ "
 .BR [no]permanent " | " [no]static " | " [no]dynamic " ] [ "
 .BR [no]added_by_user " ] [ " [no]extern_learn " ] [ "
-.BR [no]sticky " ] [ " [no]offloaded " ]"
+.BR [no]sticky " ] [ " [no]offloaded " ] [ " [no]router " ]"
 
 .ti -8
 .BR "bridge mdb" " { " add " | " del " | " replace " } "
@@ -980,6 +980,13 @@ if specified then only entries with offloaded flag will be deleted or respective
 if "no" is prepended then only entries without offloaded flag will be deleted.
 .sp
 
+.TP
+.B [no]router
+if specified then only entries with router flag will be deleted or respectively
+if "no" is prepended then only entries without router flag will be deleted. Valid
+if the referenced device is a VXLAN type device.
+.sp
+
 .SH bridge mdb - multicast group database management
 
 .B mdb
-- 
2.41.0

[PATCH iproute2-next v2 8/8] man: bridge: add a note about using 'master' and 'self' with flush

[Amit Cohen]

When 'master' and 'self' keywords are used, the command will be handled
by the driver of the device itself and by the driver that the device is
master on. For VXLAN, such command will be handled by VXLAN driver and by
bridge driver in case that the VXLAN is master on a bridge.

The bridge driver and VXLAN driver do not support the same arguments for
flush command, for example - "vlan" is supported by bridge and not by
VXLAN and "vni" is supported by VXLAN and not by bridge.

The following command returns an error:
$ bridge fdb flush dev vx10 vlan 1 self master
Error: Unsupported attribute.

This error comes from the VXLAN driver, which does not support flush by
VLAN, but this command is handled by bridge driver, so entries in bridge
are flushed even though user gets an error.

Note in the man page that such command is not recommended, instead, user
should run flush command twice - once with 'self' and once with 'master',
and each one with the supported attributes.

Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
---
 man/man8/bridge.8 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index e5c6064c..07bb9787 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -943,6 +943,11 @@ command can also be used on the bridge device itself. The flag is set by default
 .B master
 if the specified network device is a port that belongs to a master device
 such as a bridge, the operation is fulfilled by the master device's driver.
+Flush with both 'master' and 'self' is not recommended with attributes that are
+not supported by all devices (e.g., vlan, vni). Such command will be handled by
+bridge or VXLAN driver, but will return an error from the driver that does not
+support the attribute. Instead, run flush twice - once with 'self' and once
+with 'master', and each one with the supported attributes.
 
 .TP
 .B [no]permanent
-- 
2.41.0

Re: [PATCH iproute2-next v2 3/8] bridge: fdb: support match on nexthop ID in flush command

[Nikolay Aleksandrov]

On 10/17/23 13:55, Amit Cohen wrote:
> Extend "fdb flush" command to match fdb entries with a specific nexthop ID.
> 
> Example:
> $ bridge fdb flush dev vx10 nhid 2
> This will flush all fdb entries pointing to vx10 with nexthop ID 2.
> 
> Signed-off-by: Amit Cohen <amcohen@nvidia.com>
> ---
> 
> Notes:
>      v2:
>      	* Print 'nhid' instead of 'id' in the error
>      	* Use capital letters for 'ECMP' in man page
> 
>   bridge/fdb.c      | 10 +++++++++-
>   man/man8/bridge.8 |  7 +++++++
>   2 files changed, 16 insertions(+), 1 deletion(-)
> 

Acked-by: Nikolay Aleksandrov <razor@blackwall.org>

Re: [PATCH iproute2-next v2 0/8] Extend flush command to support VXLAN attributes

[patchwork-bot+netdevbpf]

Hello:

This series was applied to iproute2/iproute2-next.git (main)
by David Ahern <dsahern@kernel.org>:

On Tue, 17 Oct 2023 13:55:24 +0300 you wrote:
> The merge commit f84e3f8cced9 ("Merge branch 'bridge-fdb-flush' into next")
> added support for fdb flushing.
> 
> The kernel was extended to support flush for VXLAN device, so the
> "bridge fdb flush" command should support new attributes.
> 
> Add support for flushing FDB entries based on the following:
> * Source VNI
> * Nexthop ID
> * Destination VNI
> * Destination Port
> * Destination IP
> * 'router' flag
> 
> [...]

Here is the summary with links:
  - [iproute2-next,v2,1/8] bridge: fdb: rename some variables to contain 'brport'
    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=c1904631bb84
  - [iproute2-next,v2,2/8] bridge: fdb: support match on source VNI in flush command
    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=69b0310e82c6
  - [iproute2-next,v2,3/8] bridge: fdb: support match on nexthop ID in flush command
    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=f3c34db4be1d
  - [iproute2-next,v2,4/8] bridge: fdb: support match on destination VNI in flush command
    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=9107073a78e4
  - [iproute2-next,v2,5/8] bridge: fdb: support match on destination port in flush command
    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=1b429388aaa3
  - [iproute2-next,v2,6/8] bridge: fdb: support match on destination IP in flush command
    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=994bf05ee265
  - [iproute2-next,v2,7/8] bridge: fdb: support match on [no]router flag in flush command
    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=958eecd2d05a
  - [iproute2-next,v2,8/8] man: bridge: add a note about using 'master' and 'self' with flush
    https://git.kernel.org/pub/scm/network/iproute2/iproute2-next.git/commit/?id=734a82a15e1a

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html