diff options
| author | Paolo Abeni <pabeni@redhat.com> | 2026-05-14 13:42:16 +0300 |
|---|---|---|
| committer | Paolo Abeni <pabeni@redhat.com> | 2026-05-14 13:42:16 +0300 |
| commit | f3f7760afe65292e83f182696130efb983278d04 (patch) | |
| tree | 8ea43533165b385851f60e4f9e97275441ec4f79 /include | |
| parent | 84f817c1c86e36f7b8ebd39fb0fe4446cb0628b5 (diff) | |
| parent | 4620aa6527d3ef452b7b3eb1123cbdf2fa7d82e2 (diff) | |
| download | linux-f3f7760afe65292e83f182696130efb983278d04.tar.xz | |
Merge branch 'bridge-add-selective-forwarding-of-gratuitous-neighbor-announcements'
Danielle Ratson says:
====================
bridge: Add selective forwarding of gratuitous neighbor announcements
The existing neighbor suppression unconditionally suppresses gratuitous
ARPs and unsolicited Neighbor Advertisements, which prevents fast
mobility of hosts between VTEPs.
This series adds a new neigh_forward_grat option that provides
independent control of gratuitous ARP and unsolicited NA forwarding.
When neigh_suppress is enabled but neigh_forward_grat is enabled,
regular neighbor discovery is suppressed while gratuitous announcements
are forwarded.
The implementation marks gratuitous ARPs and unsolicited NAs in
BR_INPUT_SKB_CB during input processing, then checks the per-output-port
neigh_forward_grat setting during flooding. This allows gratuitous
announcements from any input port to be selectively forwarded based on
each output port's individual configuration.
Both port-level control (via IFLA_BRPORT_NEIGH_FORWARD_GRAT) and
per-VLAN control (via BRIDGE_VLANDB_ENTRY_NEIGH_FORWARD_GRAT) are
provided. The default value of OFF preserves existing behavior.
This behavior is in accordance with RFC 9161 (Section 3.6), which
recommends that VTEPs forward gratuitous ARP and unsolicited NA messages
to avoid traffic disruption during host mobility events.
The new attributes use NLA_U8, although the kernel netlink guideline
recommends NLA_U32 as the minimum integer type on the grounds that
alignment makes smaller types equivalent on the wire. For a simple
on/off attribute there is no technical advantage to u32 over u8, and
keeping u8 preserves consistency with all surrounding bridge port
attributes and avoids introducing new helpers alongside the existing
infrastructure.
Patchset overview:
Patch #1: adds uapi headers.
Patches #2-#3: support selective forwarding of gratuitous ARP.
Patches #4-#5: add netlink handling.
Patch #6: adds tests.
Please see iproute related patches in the last 3 commits of:
https://github.com/daniellerts/iproute2
====================
Link: https://patch.msgid.link/20260511065936.4173106-1-danieller@nvidia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/if_bridge.h | 1 | ||||
| -rw-r--r-- | include/uapi/linux/if_bridge.h | 1 | ||||
| -rw-r--r-- | include/uapi/linux/if_link.h | 17 |
3 files changed, 19 insertions, 0 deletions
diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h index c5fe3b2a53e8..ec9ffea1e46e 100644 --- a/include/linux/if_bridge.h +++ b/include/linux/if_bridge.h @@ -61,6 +61,7 @@ struct br_ip_list { #define BR_PORT_LOCKED BIT(21) #define BR_PORT_MAB BIT(22) #define BR_NEIGH_VLAN_SUPPRESS BIT(23) +#define BR_NEIGH_FORWARD_GRAT BIT(24) #define BR_DEFAULT_AGEING_TIME (300 * HZ) diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h index e52f8207ab27..21a700c02ef7 100644 --- a/include/uapi/linux/if_bridge.h +++ b/include/uapi/linux/if_bridge.h @@ -526,6 +526,7 @@ enum { BRIDGE_VLANDB_ENTRY_MCAST_N_GROUPS, BRIDGE_VLANDB_ENTRY_MCAST_MAX_GROUPS, BRIDGE_VLANDB_ENTRY_NEIGH_SUPPRESS, + BRIDGE_VLANDB_ENTRY_NEIGH_FORWARD_GRAT, __BRIDGE_VLANDB_ENTRY_MAX, }; #define BRIDGE_VLANDB_ENTRY_MAX (__BRIDGE_VLANDB_ENTRY_MAX - 1) diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 79ce4bc24cba..46413392b402 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -1085,6 +1085,22 @@ enum { * Note that this option only takes effect when *IFLA_BRPORT_NEIGH_SUPPRESS* * is enabled for a given port. * + * @IFLA_BRPORT_NEIGH_FORWARD_GRAT + * Controls whether gratuitous ARP packets and unsolicited Neighbor + * Advertisement packets are forwarded on a given port even when neighbor + * suppression is enabled. + * By default this flag is off, meaning gratuitous ARP and unsolicited NA + * packets will be suppressed when neighbor suppression is enabled. + * Setting this flag to on allows these packets to be forwarded even + * when *IFLA_BRPORT_NEIGH_SUPPRESS* or *IFLA_BRPORT_NEIGH_VLAN_SUPPRESS* + * is enabled. + * + * Note that this option only takes effect when *IFLA_BRPORT_NEIGH_SUPPRESS* + * or *IFLA_BRPORT_NEIGH_VLAN_SUPPRESS* is enabled for a given port. + * When *IFLA_BRPORT_NEIGH_VLAN_SUPPRESS* is set, this port-level flag is + * ignored and per-VLAN control is available via + * *BRIDGE_VLANDB_ENTRY_NEIGH_FORWARD_GRAT*. + * * @IFLA_BRPORT_BACKUP_NHID * The FDB nexthop object ID to attach to packets being redirected to a * backup port that has VLAN tunnel mapping enabled (via the @@ -1137,6 +1153,7 @@ enum { IFLA_BRPORT_MCAST_MAX_GROUPS, IFLA_BRPORT_NEIGH_VLAN_SUPPRESS, IFLA_BRPORT_BACKUP_NHID, + IFLA_BRPORT_NEIGH_FORWARD_GRAT, __IFLA_BRPORT_MAX }; #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) |