The br_vlan_opts_eq_range() function determines if consecutive VLANs can
be grouped together in a range for compact netlink notifications. It
currently checks state, tunnel info, and multicast router configuration,
but misses two categories of per-VLAN options that affect the output:
1. User-visible priv_flags (neigh_suppress, mcast_enabled)
2. Port multicast context (mcast_max_groups, mcast_n_groups)
When VLANs have different settings for these options, they are incorrectly
grouped into ranges, causing netlink notifications to report only one
VLAN's settings for the entire range.
Fix by checking priv_flags equality, but only for flags that affect netlink
output (BR_VLFLAG_NEIGH_SUPPRESS_ENABLED and BR_VLFLAG_MCAST_ENABLED),
and comparing multicast context (mcast_max_groups and mcast_n_groups).
Example showing the bugs before the fix:
$ bridge vlan set vid 10 dev dummy1 neigh_suppress on
$ bridge vlan set vid 11 dev dummy1 neigh_suppress off
$ bridge -d vlan show dev dummy1
port vlan-id
dummy1 10-11
... neigh_suppress on
$ bridge vlan set vid 10 dev dummy1 mcast_max_groups 100
$ bridge vlan set vid 11 dev dummy1 mcast_max_groups 200
$ bridge -d vlan show dev dummy1
port vlan-id
dummy1 10-11
... mcast_max_groups 100
After the fix, VLANs 10 and 11 are shown as separate entries with their
correct individual settings.
Fixes: a1aee20d5db2 ("net: bridge: Add netlink knobs for number / maximum MDB entries")
Fixes: 83f6d600796c ("bridge: vlan: Allow setting VLAN neighbor suppression state")
Signed-off-by: Danielle Ratson <danieller@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://patch.msgid.link/20260225143956.3995415-2-danieller@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
true;
}
+static inline bool
+br_multicast_port_ctx_options_equal(const struct net_bridge_mcast_port *pmctx1,
+ const struct net_bridge_mcast_port *pmctx2)
+{
+ return br_multicast_ngroups_get(pmctx1) ==
+ br_multicast_ngroups_get(pmctx2) &&
+ br_multicast_ngroups_get_max(pmctx1) ==
+ br_multicast_ngroups_get_max(pmctx2);
+}
+
static inline bool
br_multicast_ctx_matches_vlan_snooping(const struct net_bridge_mcast *brmctx)
{
u8 range_mc_rtr = br_vlan_multicast_router(range_end);
u8 curr_mc_rtr = br_vlan_multicast_router(v_curr);
- return v_curr->state == range_end->state &&
- __vlan_tun_can_enter_range(v_curr, range_end) &&
- curr_mc_rtr == range_mc_rtr;
+ if (v_curr->state != range_end->state)
+ return false;
+
+ if (!__vlan_tun_can_enter_range(v_curr, range_end))
+ return false;
+
+ if (curr_mc_rtr != range_mc_rtr)
+ return false;
+
+ /* Check user-visible priv_flags that affect output */
+ if ((v_curr->priv_flags ^ range_end->priv_flags) &
+ (BR_VLFLAG_NEIGH_SUPPRESS_ENABLED | BR_VLFLAG_MCAST_ENABLED))
+ return false;
+
+#ifdef CONFIG_BRIDGE_IGMP_SNOOPING
+ if (!br_vlan_is_master(v_curr) &&
+ !br_multicast_port_ctx_vlan_disabled(&v_curr->port_mcast_ctx) &&
+ !br_multicast_port_ctx_options_equal(&v_curr->port_mcast_ctx,
+ &range_end->port_mcast_ctx))
+ return false;
+#endif
+
+ return true;
}
bool br_vlan_opts_fill(struct sk_buff *skb, const struct net_bridge_vlan *v,
projects / thirdparty / kernel / linux.git / commitdiff
