On 1/1/19 12:18 AM, Ido Schimmel wrote:
> When strict checking is enabled the kernel expects to receive the
> ifindex of the bridge device using 'NDA_MASTER', but iproute2 currently
> uses 'IFLA_MASTER' which the kernel expects when strict checking is
> disabled. Therefore, using iproute2 on current kernels while filtering
> on bridge results in the following error:
>
> # bridge fdb show br br0
> Error: Unsupported attribute in fdb dump request.
> Dump terminated
>
> Additionally, when strict checking is disabled and the bridge is
> specified via 'IFLA_MASTER', we need to make sure that the message
> length actually corresponds to 'struct ifinfomsg' and a potential
> attribute.
>
> Fix this by adding a new flag to the RTNL handle which indicates whether
> strict checking is enabled on the socket or not. If it is enabled,
> specify 'NDA_MASTER'. Otherwise, specify 'IFLA_MASTER' and set the
> message length accordingly.
>
> Tested with and without strict checking on net-next and on older kernels
> (v4.18, v4.17, v4.9).
>
> Fixes: 66e8e73edc65 ("bridge: fdb: Use 'struct ndmsg' for FDB dumping")
> Fixes: aea41afcfd6d ("ip bridge: Set NETLINK_GET_STRICT_CHK on socket")
> Signed-off-by: Ido Schimmel <ido...@mellanox.com>
> ---
> bridge/fdb.c | 11 ++++++++++-
> include/libnetlink.h | 1 +
> lib/libnetlink.c | 6 ++++--
> 3 files changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/bridge/fdb.c b/bridge/fdb.c
> index a7a0d8052307..f898b20918fb 100644 I
> --- a/bridge/fdb.c
> +++ b/bridge/fdb.c
> @@ -271,6 +271,11 @@ static int fdb_show(int argc, char **argv)
> char *br = NULL;
> int msg_size = sizeof(struct ndmsg);
>
> + if (!(rth.flags & RTNL_HANDLE_F_STRICT_CHK)) {
> + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
> + msg_size = sizeof(struct ifinfomsg);
> + }
> +
> while (argc > 0) {
> if ((strcmp(*argv, "brport") == 0) || strcmp(*argv, "dev") ==
> 0) {
> NEXT_ARG();
> @@ -304,7 +309,11 @@ static int fdb_show(int argc, char **argv)
> fprintf(stderr, "Cannot find bridge device \"%s\"\n",
> br);
> return -1;
> }
> - addattr32(&req.n, sizeof(req), IFLA_MASTER, br_ifindex);
> +
> + if (rth.flags & RTNL_HANDLE_F_STRICT_CHK)
> + addattr32(&req.n, sizeof(req), NDA_MASTER, br_ifindex);
> + else
> + addattr32(&req.n, sizeof(req), IFLA_MASTER, br_ifindex);
> msg_size += RTA_LENGTH(4);
> }
>
I like the addition of the flag to rth as a way for commands to know if
the kernel supports strict checking.
Couple of things. first, the patch (at least when I saved it to file)
has html codes in it. New for a patch from you so not sure what
happened. An example:
diff --git a/bridge/fdb.c b/bridge/fdb.c
index a7a0d8052307..f898b20918fb 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -271,6 +271,11 @@ static int fdb_show(int argc, char **argv)
char *br =3D NULL;
int msg_size =3D sizeof(struct ndmsg);
=20
+ if (!(rth.flags & RTNL_HANDLE_F_STRICT_CHK)) {
+ req.n.nlmsg_len =3D NLMSG_LENGTH(sizeof(struct ifinfomsg));
+ msg_size =3D sizeof(struct ifinfomsg);
+ }
+
while (argc > 0) {
if ((strcmp(*argv, "brport") =3D=3D 0) || strcmp(*argv,
"dev") =3D=3D 0)=
{
NEXT_ARG();
Second, the current code after your last patch sets the ifindex in the
ancillary header based on ndmsg versus ifinfomsg. While the offset is
the same, it seems odd and a challenge for future readers that the
master attribute toggles between IFLA and NDA but the struct entry does
not matter.
I think long term the code should be consistent with other dump
commands. I missed neigh and fdb dumps in my first round. Specifically,
removing the req from the list functions and instead using the type
specific dump functions with a filter function that can append to the
request when it makes sense. I have that coded and seems to work fine on
latest kernel and older (4.1). If you have some time another
verification would be great. Thanks,
