From 0985262fd0f0b9c33e1fb559e71c041379199a91 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Sat, 17 Feb 2024 22:37:05 +0100 Subject: [PATCH] generic vxlan: don't learn non-unicast L2 destinations This patch avoids learning non-unicast targets in the vxlan FDB. They are non-unicast and thus should be sent to the broadcast-IPv6 instead of a unicast address Link: https://lore.kernel.org/netdev/15ee0cc7-9252-466b-8ce7-5225d605dde8@david-bauer.net/ Link: https://github.com/freifunk-gluon/gluon/issues/3191 Signed-off-by: David Bauer --- ...-t-learn-non-unicast-L2-destinations.patch | 30 +++++++++++++++++++ ...-t-learn-non-unicast-L2-destinations.patch | 30 +++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 target/linux/generic/pending-5.15/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch create mode 100644 target/linux/generic/pending-6.1/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch diff --git a/target/linux/generic/pending-5.15/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch b/target/linux/generic/pending-5.15/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch new file mode 100644 index 0000000000..6c1f596759 --- /dev/null +++ b/target/linux/generic/pending-5.15/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch @@ -0,0 +1,30 @@ +From 3f1a227cb071f65f6ecc4db9f399649869735a7c Mon Sep 17 00:00:00 2001 +From: David Bauer +Date: Sat, 17 Feb 2024 22:34:59 +0100 +Subject: [PATCH] net vxlan: don't learn non-unicast L2 destinations + +This patch avoids learning non-unicast targets in the vxlan FDB. +They are non-unicast and thus should be sent to the broadcast-IPv6 +instead of a unicast address. + +Link: https://lore.kernel.org/netdev/15ee0cc7-9252-466b-8ce7-5225d605dde8@david-bauer.net/ +Link: https://github.com/freifunk-gluon/gluon/issues/3191 + +Signed-off-by: David Bauer +--- + drivers/net/vxlan.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/net/vxlan/vxlan_core.c ++++ b/drivers/net/vxlan/vxlan_core.c +@@ -1493,6 +1493,10 @@ static bool vxlan_snoop(struct net_devic + struct vxlan_fdb *f; + u32 ifindex = 0; + ++ /* Don't learn broadcast packets */ ++ if (is_multicast_ether_addr(src_mac) || is_zero_ether_addr(src_mac)) ++ return false; ++ + #if IS_ENABLED(CONFIG_IPV6) + if (src_ip->sa.sa_family == AF_INET6 && + (ipv6_addr_type(&src_ip->sin6.sin6_addr) & IPV6_ADDR_LINKLOCAL)) diff --git a/target/linux/generic/pending-6.1/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch b/target/linux/generic/pending-6.1/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch new file mode 100644 index 0000000000..6c1f596759 --- /dev/null +++ b/target/linux/generic/pending-6.1/779-net-vxlan-don-t-learn-non-unicast-L2-destinations.patch @@ -0,0 +1,30 @@ +From 3f1a227cb071f65f6ecc4db9f399649869735a7c Mon Sep 17 00:00:00 2001 +From: David Bauer +Date: Sat, 17 Feb 2024 22:34:59 +0100 +Subject: [PATCH] net vxlan: don't learn non-unicast L2 destinations + +This patch avoids learning non-unicast targets in the vxlan FDB. +They are non-unicast and thus should be sent to the broadcast-IPv6 +instead of a unicast address. + +Link: https://lore.kernel.org/netdev/15ee0cc7-9252-466b-8ce7-5225d605dde8@david-bauer.net/ +Link: https://github.com/freifunk-gluon/gluon/issues/3191 + +Signed-off-by: David Bauer +--- + drivers/net/vxlan.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/net/vxlan/vxlan_core.c ++++ b/drivers/net/vxlan/vxlan_core.c +@@ -1493,6 +1493,10 @@ static bool vxlan_snoop(struct net_devic + struct vxlan_fdb *f; + u32 ifindex = 0; + ++ /* Don't learn broadcast packets */ ++ if (is_multicast_ether_addr(src_mac) || is_zero_ether_addr(src_mac)) ++ return false; ++ + #if IS_ENABLED(CONFIG_IPV6) + if (src_ip->sa.sa_family == AF_INET6 && + (ipv6_addr_type(&src_ip->sin6.sin6_addr) & IPV6_ADDR_LINKLOCAL)) -- 2.30.2