bridge: suppress nd pkts on BR_NEIGH_SUPPRESS ports

This patch avoids flooding and proxies ndisc packets for BR_NEIGH_SUPPRESS ports. Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Roopa Prabhu <roopa@cumulusnetworks.com> 2017-10-06 22:12:39 -0700
committer: David S. Miller <davem@davemloft.net> 2017-10-08 21:12:04 -0700
commit: ed842faeb2bd49256f00485402f3113205f91d30 (patch)
tree: 029596be24ac5a1203381c0661d35115b82e5d97 /net/bridge/br_device.c
parent: 057658cb33fbf4d4309f01fe8845903b1cd07fad (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index eb30c6a274c3..28bb22186fa0 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -69,6 +69,17 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
 	     eth->h_proto == htons(ETH_P_RARP)) &&
 	    br->neigh_suppress_enabled) {
 		br_do_proxy_suppress_arp(skb, br, vid, NULL);
+	} else if (IS_ENABLED(CONFIG_IPV6) &&
+		   skb->protocol == htons(ETH_P_IPV6) &&
+		   br->neigh_suppress_enabled &&
+		   pskb_may_pull(skb, sizeof(struct ipv6hdr) +
+				 sizeof(struct nd_msg)) &&
+		   ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) {
+			struct nd_msg *msg, _msg;
+
+			msg = br_is_nd_neigh_msg(skb, &_msg);
+			if (msg)
+				br_do_suppress_nd(skb, br, vid, NULL, msg);
 	}
 
 	dest = eth_hdr(skb)->h_dest;
author	Roopa Prabhu <roopa@cumulusnetworks.com>	2017-10-06 22:12:39 -0700
committer	David S. Miller <davem@davemloft.net>	2017-10-08 21:12:04 -0700
commit	ed842faeb2bd49256f00485402f3113205f91d30 (patch)
tree	029596be24ac5a1203381c0661d35115b82e5d97 /net/bridge/br_device.c
parent	057658cb33fbf4d4309f01fe8845903b1cd07fad (diff)