Skip to content

Commit

Permalink
bridge: Add extack warning when enabling STP in netns.
Browse files Browse the repository at this point in the history
When we create an L2 loop on a bridge in netns, we will see packets storm
even if STP is enabled.

  # unshare -n
  # ip link add br0 type bridge
  # ip link add veth0 type veth peer name veth1
  # ip link set veth0 master br0 up
  # ip link set veth1 master br0 up
  # ip link set br0 type bridge stp_state 1
  # ip link set br0 up
  # sleep 30
  # ip -s link show br0
  2: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
      link/ether b6:61:98:1c:1c:b5 brd ff:ff:ff:ff:ff:ff
      RX: bytes  packets  errors  dropped missed  mcast
      956553768  12861249 0       0       0       12861249  <-. Keep
      TX: bytes  packets  errors  dropped carrier collsns     |  increasing
      1027834    11951    0       0       0       0         <-'   rapidly

This is because llc_rcv() drops all packets in non-root netns and BPDU
is dropped.

Let's add extack warning when enabling STP in netns.

  # unshare -n
  # ip link add br0 type bridge
  # ip link set br0 type bridge stp_state 1
  Warning: bridge: STP does not work in non-root netns.

Note this commit will be reverted later when we namespacify the whole LLC
infra.

Fixes: e730c15 ("[NET]: Make packet reception network namespace safe")
Suggested-by: Harry Coin <[email protected]>
Link: https://lore.kernel.org/netdev/[email protected]/
Suggested-by: Ido Schimmel <[email protected]>
Signed-off-by: Kuniyuki Iwashima <[email protected]>
Acked-by: Nikolay Aleksandrov <[email protected]>
Reviewed-by: Ido Schimmel <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
  • Loading branch information
q2ven authored and davem330 committed Jul 14, 2023
1 parent b685f1a commit 56a1603
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/bridge/br_stp_if.c
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,9 @@ int br_stp_set_enabled(struct net_bridge *br, unsigned long val,
{
ASSERT_RTNL();

if (!net_eq(dev_net(br->dev), &init_net))
NL_SET_ERR_MSG_MOD(extack, "STP does not work in non-root netns");

if (br_mrp_enabled(br)) {
NL_SET_ERR_MSG_MOD(extack,
"STP can't be enabled if MRP is already enabled");
Expand Down

0 comments on commit 56a1603

Please sign in to comment.