Re: [PATCH RFC net-next 00/10] MC Flood disable and snooping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/5/2024 5:15 PM, Vladimir Oltean wrote:

On Fri, Apr 05, 2024 at 04:22:43PM -0400, Joseph Huang wrote:

Like this?

bridge link set dev swp0 mcast_flood off
   - all flooding disabled

bridge link set dev swp0 mcast_flood on
   - all flooding enabled

bridge link set dev swp0 mcast_flood on mcast_ipv4_data_flood off
mcast_ipv6_data_flood off
   - IPv4 data packets flooding disabled, IPv6 data packets flooding
disabled, everything else floods (that is to say, only allow IPv4 local
subnet and IPv6 link-local to flood)

?


Yeah.


The syntax seems to be counterintuitive.

Or like this?

bridge link set dev swp0 mcast_flood on mcast_ipv4_ctrl_flood on
   - only allow IPv4 local subnet to flood, everything else off

?


Nope.


So basically the question is, what should the behavior be when something is
omitted from the command line?


The answer is always: "new options should default to behaving exactly
like before". It's not just about the command line arguments, but also
about the actual netlink attributes that iproute2 (and other tooling)
creates when communicating with the kernel. Old user space has no idea
about the existence of mcast_ipv4_ctrl_flood et. al. So, if netlink
attributes specifying their value are not sent by user space, their
value in the kernel must mimic the value of mcast_flood.
How about the following syntax? I think it satisfies all the "not breaking existing behavior" requirements (new option defaults to off, and missing user space netlink attributes does not change the existing behavior): 

mcast_flood off
  all off
mcast_flood off mcast_flood_rfc4541 off
  all off
mcast_flood off mcast_flood_rfc4541 on
  224.0.0.X and ff02::1 on, the rest off
mcast_flood on
  all on
mcast_flood on mcast_flood_rfc4541 off
  all on (mcast_flood on overrides mcast_flood_rfc4541)
mcast_flood on mcast_flood_rfc4541 on
  all on
mcast_flood_rfc4541 off
invalid (mcast_flood_rfc4541 is only valid if mcast_flood [on | off] is specified first) 
mcast_flood_rfc4541 on
invalid (mcast_flood_rfc4541 is only valid if mcast_flood [on | off] is specified first) 

Think of mcast_flood_rfc4541 like a pet door if you will.
[Index of Archives]     [Netdev]     [AoE Tools]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux