[Bridge question] Issue with removing MDB entry after enabling VLAN filtering

[Bridge question] Issue with removing MDB entry after enabling VLAN filtering

[Hangbin Liu]

Hi everyone,

Our QE team reported that after adding an MDB entry, enabling VLAN filtering,
and then removing the MDB entry, the removal fails. e.g.

+ ip link add dev br0 type bridge
+ ip link add dev vethin type veth peer name vethout
+ ip link add dev vethin1 type veth peer name vethout1
+ ip link set vethout up && ip link set vethout1 up && ip link set vethin up  && ip link set vethin1 up && ip link set br0 up
+ ip link set vethout master br0
+ ip link set vethout1 master br0
+ echo 1 > /sys/class/net/br0/bridge/multicast_snooping
+ echo 1 > /sys/class/net/br0/bridge/multicast_querier
+ bridge mdb add dev br0 port vethout1 grp 225.1.1.10 src 192.168.2.1
+ echo 1 > /sys/class/net/br0/bridge/vlan_filtering
+ bridge mdb del dev br0 port vethout1 grp  225.1.1.10  src 192.168.2.1
RTNETLINK answers: Invalid argument

From reviewing the code in br_mdb_del(), I noticed that it sets the VLAN tag
if VLAN filtering is enabled and the VLAN is not specified.

I'm not sure if the QE’s operation is valid under these circumstances.
Do we need to disable VLAN filtering before removing the MDB entry if
it was added without VLAN filtering?

Thanks
Hangbin

Re: [Bridge question] Issue with removing MDB entry after enabling VLAN filtering

[Nikolay Aleksandrov]

On 2/19/25 11:43, Hangbin Liu wrote:
> Hi everyone,
> 
> Our QE team reported that after adding an MDB entry, enabling VLAN filtering,
> and then removing the MDB entry, the removal fails. e.g.
> 
> + ip link add dev br0 type bridge
> + ip link add dev vethin type veth peer name vethout
> + ip link add dev vethin1 type veth peer name vethout1
> + ip link set vethout up && ip link set vethout1 up && ip link set vethin up  && ip link set vethin1 up && ip link set br0 up
> + ip link set vethout master br0
> + ip link set vethout1 master br0
> + echo 1 > /sys/class/net/br0/bridge/multicast_snooping
> + echo 1 > /sys/class/net/br0/bridge/multicast_querier
> + bridge mdb add dev br0 port vethout1 grp 225.1.1.10 src 192.168.2.1
> + echo 1 > /sys/class/net/br0/bridge/vlan_filtering
> + bridge mdb del dev br0 port vethout1 grp  225.1.1.10  src 192.168.2.1
> RTNETLINK answers: Invalid argument
> 
> From reviewing the code in br_mdb_del(), I noticed that it sets the VLAN tag
> if VLAN filtering is enabled and the VLAN is not specified.
> 
> I'm not sure if the QE’s operation is valid under these circumstances.
> Do we need to disable VLAN filtering before removing the MDB entry if
> it was added without VLAN filtering?
> 
> Thanks
> Hangbin

Hi,
It seems you did not specify a vlan when trying to delete the entry after enabling vlan filtering
so the bridge code tries to delete it from all vlans on the port and some of them don't have
that mdb entry so you get the -EINVAL, but it should delete it from any vlans that have
the entry.

In this case since the entry was added before vlan filtering was enabled it won't have any
vlan set making it unreachable for a delete after filtering was enabled. It is a corner case
for sure and TBH I don't see any value in adding more logic to resolve it (it would require
some special way to signal the kernel that we want to delete an entry that doesn't have a
vlan after filtering was enabled), instead you can just disable vlan filtering and
delete the entry. So IMO it is just wrong config and not worth the extra complexity to be
able to delete such entries.

Thanks,
 Nik

Re: [Bridge question] Issue with removing MDB entry after enabling VLAN filtering

[Hangbin Liu]

On Wed, Feb 19, 2025 at 11:56:08AM +0200, Nikolay Aleksandrov wrote:
> On 2/19/25 11:43, Hangbin Liu wrote:
> > Hi everyone,
> > 
> > Our QE team reported that after adding an MDB entry, enabling VLAN filtering,
> > and then removing the MDB entry, the removal fails. e.g.
> > 
> > + ip link add dev br0 type bridge
> > + ip link add dev vethin type veth peer name vethout
> > + ip link add dev vethin1 type veth peer name vethout1
> > + ip link set vethout up && ip link set vethout1 up && ip link set vethin up  && ip link set vethin1 up && ip link set br0 up
> > + ip link set vethout master br0
> > + ip link set vethout1 master br0
> > + echo 1 > /sys/class/net/br0/bridge/multicast_snooping
> > + echo 1 > /sys/class/net/br0/bridge/multicast_querier
> > + bridge mdb add dev br0 port vethout1 grp 225.1.1.10 src 192.168.2.1
> > + echo 1 > /sys/class/net/br0/bridge/vlan_filtering
> > + bridge mdb del dev br0 port vethout1 grp  225.1.1.10  src 192.168.2.1
> > RTNETLINK answers: Invalid argument
> > 
> > From reviewing the code in br_mdb_del(), I noticed that it sets the VLAN tag
> > if VLAN filtering is enabled and the VLAN is not specified.
> > 
> > I'm not sure if the QE’s operation is valid under these circumstances.
> > Do we need to disable VLAN filtering before removing the MDB entry if
> > it was added without VLAN filtering?
> > 
> > Thanks
> > Hangbin
> 
> Hi,
> It seems you did not specify a vlan when trying to delete the entry after enabling vlan filtering
> so the bridge code tries to delete it from all vlans on the port and some of them don't have
> that mdb entry so you get the -EINVAL, but it should delete it from any vlans that have
> the entry.
> 
> In this case since the entry was added before vlan filtering was enabled it won't have any
> vlan set making it unreachable for a delete after filtering was enabled. It is a corner case
> for sure and TBH I don't see any value in adding more logic to resolve it (it would require
> some special way to signal the kernel that we want to delete an entry that doesn't have a
> vlan after filtering was enabled), instead you can just disable vlan filtering and
> delete the entry. So IMO it is just wrong config and not worth the extra complexity to be
> able to delete such entries.

Thanks, I agree this is a config issue and does not worth to fix.

Regards
Hangbin