summaryrefslogtreecommitdiffstats
path: root/net/bridge/br_input.c
diff options
context:
space:
mode:
authorRoopa Prabhu <roopa@cumulusnetworks.com>2017-10-07 07:12:39 +0200
committerDavid S. Miller <davem@davemloft.net>2017-10-09 06:12:04 +0200
commited842faeb2bd49256f00485402f3113205f91d30 (patch)
tree029596be24ac5a1203381c0661d35115b82e5d97 /net/bridge/br_input.c
parentbridge: suppress arp pkts on BR_NEIGH_SUPPRESS ports (diff)
downloadlinux-ed842faeb2bd49256f00485402f3113205f91d30.tar.xz
linux-ed842faeb2bd49256f00485402f3113205f91d30.zip
bridge: suppress nd pkts on BR_NEIGH_SUPPRESS ports
This patch avoids flooding and proxies ndisc packets for BR_NEIGH_SUPPRESS ports. Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_input.c')
-rw-r--r--net/bridge/br_input.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 4b8d2ec2fa23..a096d3e189da 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -119,6 +119,17 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb
(skb->protocol == htons(ETH_P_ARP) ||
skb->protocol == htons(ETH_P_RARP))) {
br_do_proxy_suppress_arp(skb, br, vid, p);
+ } else if (IS_ENABLED(CONFIG_IPV6) &&
+ skb->protocol == htons(ETH_P_IPV6) &&
+ br->neigh_suppress_enabled &&
+ pskb_may_pull(skb, sizeof(struct ipv6hdr) +
+ sizeof(struct nd_msg)) &&
+ ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) {
+ struct nd_msg *msg, _msg;
+
+ msg = br_is_nd_neigh_msg(skb, &_msg);
+ if (msg)
+ br_do_suppress_nd(skb, br, vid, p, msg);
}
switch (pkt_type) {