1. Patchew
  2. linux
  3. View series

[PATCH net v2] net: bridge: mst: Check vlan state for egress decision

Elliot Ayrey posted 1 patch 1 year, 5 months ago
There is a newer version of this series
net/bridge/br_forward.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH net v2] net: bridge: mst: Check vlan state for egress decision
Posted by Elliot Ayrey 1 year, 5 months ago 
If a port is blocking in the common instance but forwarding in an MST
instance, traffic egressing the bridge will be dropped because the
state of the common instance is overriding that of the MST instance.

Fix this by skipping the port state check in MST mode to allow
checking the vlan state via br_allowed_egress(). This is similar to
what happens in br_handle_frame_finish() when checking ingress
traffic, which was introduced in the change below.

Fixes: ec7328b59176 ("net: bridge: mst: Multiple Spanning Tree (MST) mode")
Signed-off-by: Elliot Ayrey <elliot.ayrey@alliedtelesis.co.nz>
---

v2:
  - Restructure the MST mode check to make it read better
v1: https://lore.kernel.org/all/20240705030041.1248472-1-elliot.ayrey@alliedtelesis.co.nz/

 net/bridge/br_forward.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index d97064d460dc..e63d6f6308f8 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -25,8 +25,8 @@ static inline int should_deliver(const struct net_bridge_port *p,
 
 	vg = nbp_vlan_group_rcu(p);
 	return ((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) &&
-		p->state == BR_STATE_FORWARDING && br_allowed_egress(vg, skb) &&
-		nbp_switchdev_allowed_egress(p, skb) &&
+		(br_mst_is_enabled(p->br) || state == BR_STATE_FORWARDING) &&
+		br_allowed_egress(vg, skb) && nbp_switchdev_allowed_egress(p, skb) &&
 		!br_skb_isolated(p, skb);
 }
 
-- 
2.45.2
Re: [PATCH net v2] net: bridge: mst: Check vlan state for egress decision
Posted by Nikolay Aleksandrov 1 year, 5 months ago 
On 11/07/2024 07:59, Elliot Ayrey wrote:
> If a port is blocking in the common instance but forwarding in an MST
> instance, traffic egressing the bridge will be dropped because the
> state of the common instance is overriding that of the MST instance.
> 
> Fix this by skipping the port state check in MST mode to allow
> checking the vlan state via br_allowed_egress(). This is similar to
> what happens in br_handle_frame_finish() when checking ingress
> traffic, which was introduced in the change below.
> 
> Fixes: ec7328b59176 ("net: bridge: mst: Multiple Spanning Tree (MST) mode")
> Signed-off-by: Elliot Ayrey <elliot.ayrey@alliedtelesis.co.nz>
> ---
> 
> v2:
>   - Restructure the MST mode check to make it read better
> v1: https://lore.kernel.org/all/20240705030041.1248472-1-elliot.ayrey@alliedtelesis.co.nz/
> 
>  net/bridge/br_forward.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
> index d97064d460dc..e63d6f6308f8 100644
> --- a/net/bridge/br_forward.c
> +++ b/net/bridge/br_forward.c
> @@ -25,8 +25,8 @@ static inline int should_deliver(const struct net_bridge_port *p,
>  
>  	vg = nbp_vlan_group_rcu(p);
>  	return ((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) &&
> -		p->state == BR_STATE_FORWARDING && br_allowed_egress(vg, skb) &&
> -		nbp_switchdev_allowed_egress(p, skb) &&
> +		(br_mst_is_enabled(p->br) || state == BR_STATE_FORWARDING) &&

Does this compile at all? How exactly did you test this change?
There is no "state" variable in that context.
Re: [PATCH net v2] net: bridge: mst: Check vlan state for egress decision
Posted by Elliot Ayrey 1 year, 5 months ago 

On Thu, 11 Jul 2024, Nikolay Aleksandrov wrote:

> On 11/07/2024 07:59, Elliot Ayrey wrote:
> > If a port is blocking in the common instance but forwarding in an MST
> > instance, traffic egressing the bridge will be dropped because the
> > state of the common instance is overriding that of the MST instance.
> > 
> > Fix this by skipping the port state check in MST mode to allow
> > checking the vlan state via br_allowed_egress(). This is similar to
> > what happens in br_handle_frame_finish() when checking ingress
> > traffic, which was introduced in the change below.
> > 
> > Fixes: ec7328b59176 ("net: bridge: mst: Multiple Spanning Tree (MST) mode")
> > Signed-off-by: Elliot Ayrey <elliot.ayrey@alliedtelesis.co.nz>
> > ---
> > 
> > v2:
> >   - Restructure the MST mode check to make it read better
> > v1: https://scanmail.trustwave.com/?c=20988&d=i-GP5uRIMfh6vd5ovR02aBzmN2wu2NxHqGSNFOAFMA&u=https%3a%2f%2flore%2ekernel%2eorg%2fall%2f20240705030041%2e1248472-1-elliot%2eayrey%40alliedtelesis%2eco%2enz%2f
> > 
> >  net/bridge/br_forward.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
> > index d97064d460dc..e63d6f6308f8 100644
> > --- a/net/bridge/br_forward.c
> > +++ b/net/bridge/br_forward.c
> > @@ -25,8 +25,8 @@ static inline int should_deliver(const struct net_bridge_port *p,
> >  
> >  	vg = nbp_vlan_group_rcu(p);
> >  	return ((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) &&
> > -		p->state == BR_STATE_FORWARDING && br_allowed_egress(vg, skb) &&
> > -		nbp_switchdev_allowed_egress(p, skb) &&
> > +		(br_mst_is_enabled(p->br) || state == BR_STATE_FORWARDING) &&
> 
> Does this compile at all? How exactly did you test this change?
> There is no "state" variable in that context.
> 

My apologies I must have sent an older patch. I will re-test and submit a 
v3.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.