tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

net: bridge: Flush multicast groups when snooping is disabled

When forwarding multicast packets, the bridge takes MDB into account when
IGMP / MLD snooping is enabled. Currently, when snooping is disabled, the
MDB is retained, even though it is not used anymore.

At the same time, during the time that snooping is disabled, the IGMP / MLD
control packets are obviously ignored, and after the snooping is reenabled,
the administrator has to assume it is out of sync. In particular, missed
join and leave messages would lead to traffic being forwarded to wrong
interfaces.

Keeping the MDB entries around thus serves no purpose, and just takes
memory. Note also that disabling per-VLAN snooping does actually flush the
relevant MDB entries.

This patch flushes non-permanent MDB entries as global snooping is
disabled.

Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://patch.msgid.link/5e992df1bb93b88e19c0ea5819e23b669e3dde5d.1761228273.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Petr Machata and committed by
Jakub Kicinski 68800bbf 5f30bc47

+9
+9
net/bridge/br_multicast.c
··· 4649 4649 rcu_read_unlock(); 4650 4650 } 4651 4651 4652 + static void br_multicast_del_grps(struct net_bridge *br) 4653 + { 4654 + struct net_bridge_port *port; 4655 + 4656 + list_for_each_entry(port, &br->port_list, list) 4657 + __br_multicast_disable_port_ctx(&port->multicast_ctx); 4658 + } 4659 + 4652 4660 int br_multicast_toggle(struct net_bridge *br, unsigned long val, 4653 4661 struct netlink_ext_ack *extack) 4654 4662 { ··· 4677 4669 br_opt_toggle(br, BROPT_MULTICAST_ENABLED, !!val); 4678 4670 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) { 4679 4671 change_snoopers = true; 4672 + br_multicast_del_grps(br); 4680 4673 goto unlock; 4681 4674 } 4682 4675