| Message ID | 20220409105857.803667-1-razor@blackwall.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | net: bridge: add flush filtering support | expand |
On 9 April 2022 13:58:51 EEST, Nikolay Aleksandrov <razor@blackwall.org> wrote: >Hi, >This patch-set adds support to specify filtering conditions for a flush >operation. Initially only FDB flush filtering is added, later MDB >support will be added as well. Some user-space applications need a way >to delete only a specific set of entries, e.g. mlag implementations need >a way to flush only dynamic entries excluding externally learned ones >or only externally learned ones without static entries etc. Also apps >usually want to target only a specific vlan or port/vlan combination. >The current 2 flush operations (per port and bridge-wide) are not >extensible and cannot provide such filtering, so a new bridge af >attribute is added (IFLA_BRIDGE_FLUSH) which contains the filtering >information for each object type which has to be flushed. >An example structure for fdbs: > [ IFLA_BRIDGE_FLUSH ] > `[ BRIDGE_FDB_FLUSH ] > `[ FDB_FLUSH_NDM_STATE ] > `[ FDB_FLUSH_NDM_FLAGS ] > >I decided against embedding these into the old flush attributes for >multiple reasons - proper error handling on unsupported attributes, >older kernels silently flushing all, need for a second mechanism to >signal that the attribute should be parsed (e.g. using boolopts), >special treatment for permanent entries. > >Examples: >$ bridge fdb flush dev bridge vlan 100 static >< flush all static entries on vlan 100 > >$ bridge fdb flush dev bridge vlan 1 dynamic >< flush all dynamic entries on vlan 1 > >$ bridge fdb flush dev bridge port ens16 vlan 1 dynamic >< flush all dynamic entries on port ens16 and vlan 1 > >$ bridge fdb flush dev bridge nooffloaded nopermanent >< flush all non-offloaded and non-permanent entries > >$ bridge fdb flush dev bridge static noextern_learn >< flush all static entries which are not externally learned > >$ bridge fdb flush dev bridge permanent >< flush all permanent entries > > >Note that all flags have their negated version (static vs nostatic etc) >and there are some tricky cases to handle like "static" which in flag >terms means fdbs that have NUD_NOARP but *not* NUD_PERMANENT, so the >mask matches on both but we need only NUD_NOARP to be set. That's >because permanent entries have both set so we can't just match on >NUD_NOARP. Also note that this flush operation doesn't treat permanent >entries in a special way (fdb_delete vs fdb_delete_local), it will >delete them regardless if any port is using them. We can extend the api >with a flag to do that if needed in the future. > >Patches in this set: > 1. adds the new IFLA_BRIDGE_FLUSH bridge af attribute > 2. adds a basic structure to describe an fdb flush filter > 3. adds fdb netlink flush call via BRIDGE_FDB_FLUSH attribute > 4 - 6. add support for specifying various fdb fields to filter > >Patch-sets (in order): > - Initial flush infra and fdb flush filtering (this set) > - iproute2 support > - selftests > >Future work: > - mdb flush support > >Thanks, > Nik > >Nikolay Aleksandrov (6): > net: bridge: add a generic flush operation > net: bridge: fdb: add support for fine-grained flushing > net: bridge: fdb: add new nl attribute-based flush call > net: bridge: fdb: add support for flush filtering based on ndm flags > and state > net: bridge: fdb: add support for flush filtering based on ifindex > net: bridge: fdb: add support for flush filtering based on vlan id > > include/uapi/linux/if_bridge.h | 22 ++++++ > net/bridge/br_fdb.c | 128 +++++++++++++++++++++++++++++++-- > net/bridge/br_netlink.c | 59 ++++++++++++++- > net/bridge/br_private.h | 12 +++- > net/bridge/br_sysfs_br.c | 6 +- > 5 files changed, 215 insertions(+), 12 deletions(-) > Actually if you prefer I can send the selftests with this set, I'm used to sending them last after the iproute2 support is finalised. :) Cheers, Nik
On 09/04/2022 13:58, Nikolay Aleksandrov wrote: > Hi, > This patch-set adds support to specify filtering conditions for a flush > operation. Initially only FDB flush filtering is added, later MDB > support will be added as well. Some user-space applications need a way > to delete only a specific set of entries, e.g. mlag implementations need > a way to flush only dynamic entries excluding externally learned ones > or only externally learned ones without static entries etc. Also apps > usually want to target only a specific vlan or port/vlan combination. > The current 2 flush operations (per port and bridge-wide) are not > extensible and cannot provide such filtering, so a new bridge af > attribute is added (IFLA_BRIDGE_FLUSH) which contains the filtering > information for each object type which has to be flushed. > An example structure for fdbs: > [ IFLA_BRIDGE_FLUSH ] > `[ BRIDGE_FDB_FLUSH ] > `[ FDB_FLUSH_NDM_STATE ] > `[ FDB_FLUSH_NDM_FLAGS ] > [snip] > Note that all flags have their negated version (static vs nostatic etc) > and there are some tricky cases to handle like "static" which in flag > terms means fdbs that have NUD_NOARP but *not* NUD_PERMANENT, so the > mask matches on both but we need only NUD_NOARP to be set. That's > because permanent entries have both set so we can't just match on > NUD_NOARP. Also note that this flush operation doesn't treat permanent > entries in a special way (fdb_delete vs fdb_delete_local), it will > delete them regardless if any port is using them. We can extend the api > with a flag to do that if needed in the future. > > Patches in this set: > 1. adds the new IFLA_BRIDGE_FLUSH bridge af attribute > 2. adds a basic structure to describe an fdb flush filter > 3. adds fdb netlink flush call via BRIDGE_FDB_FLUSH attribute > 4 - 6. add support for specifying various fdb fields to filter > > Patch-sets (in order): > - Initial flush infra and fdb flush filtering (this set) > - iproute2 support > - selftests > > Future work: > - mdb flush support > > Thanks, > Nik > > Nikolay Aleksandrov (6): > net: bridge: add a generic flush operation > net: bridge: fdb: add support for fine-grained flushing > net: bridge: fdb: add new nl attribute-based flush call > net: bridge: fdb: add support for flush filtering based on ndm flags > and state > net: bridge: fdb: add support for flush filtering based on ifindex > net: bridge: fdb: add support for flush filtering based on vlan id > > include/uapi/linux/if_bridge.h | 22 ++++++ > net/bridge/br_fdb.c | 128 +++++++++++++++++++++++++++++++-- > net/bridge/br_netlink.c | 59 ++++++++++++++- > net/bridge/br_private.h | 12 +++- > net/bridge/br_sysfs_br.c | 6 +- > 5 files changed, 215 insertions(+), 12 deletions(-) > Just FYI I plan to send v2 tomorrow with a few cleanups suggested by Ido. Please don't apply this one, I'll wait for more feedback and will resubmit. Thanks, Nik
On Sat, Apr 09, 2022 at 01:58:51PM +0300, Nikolay Aleksandrov wrote: > Hi, > This patch-set adds support to specify filtering conditions for a flush > operation. Initially only FDB flush filtering is added, later MDB > support will be added as well. Some user-space applications need a way > to delete only a specific set of entries, e.g. mlag implementations need > a way to flush only dynamic entries excluding externally learned ones > or only externally learned ones without static entries etc. Also apps > usually want to target only a specific vlan or port/vlan combination. > The current 2 flush operations (per port and bridge-wide) are not > extensible and cannot provide such filtering, so a new bridge af > attribute is added (IFLA_BRIDGE_FLUSH) which contains the filtering > information for each object type which has to be flushed. > An example structure for fdbs: > [ IFLA_BRIDGE_FLUSH ] > `[ BRIDGE_FDB_FLUSH ] > `[ FDB_FLUSH_NDM_STATE ] > `[ FDB_FLUSH_NDM_FLAGS ] > > I decided against embedding these into the old flush attributes for > multiple reasons - proper error handling on unsupported attributes, > older kernels silently flushing all, need for a second mechanism to > signal that the attribute should be parsed (e.g. using boolopts), > special treatment for permanent entries. > > Examples: > $ bridge fdb flush dev bridge vlan 100 static > < flush all static entries on vlan 100 > > $ bridge fdb flush dev bridge vlan 1 dynamic > < flush all dynamic entries on vlan 1 > > $ bridge fdb flush dev bridge port ens16 vlan 1 dynamic > < flush all dynamic entries on port ens16 and vlan 1 > > $ bridge fdb flush dev bridge nooffloaded nopermanent > < flush all non-offloaded and non-permanent entries > > $ bridge fdb flush dev bridge static noextern_learn > < flush all static entries which are not externally learned > > $ bridge fdb flush dev bridge permanent > < flush all permanent entries > IIUC, the new IFLA_BRIDGE_FLUSH attribute is supposed to be passed in RTM_SETLINK messages, but the current 'bridge fdb' commands all correspond to RTM_{NEW,DEL,GET}NEIGH messages. To continue following this pattern, did you consider turning the above examples to the following? $ ip link set dev bridge type bridge fdb_flush vlan 100 static $ ip link set dev bridge type bridge fdb_flush vlan 1 dynamic $ ip link set dev ens16 type bridge_slave fdb_flush vlan 1 dynamic $ ip link set dev bridge type bridge fdb_flush nooffloaded nopermanent $ ip link set dev bridge type bridge fdb_flush static noextern_learn $ ip link set dev bridge type bridge fdb_flush permanent It's not critical, but I like the correspondence between iproute2 commands and the underlying netlink messages. > > Note that all flags have their negated version (static vs nostatic etc) > and there are some tricky cases to handle like "static" which in flag > terms means fdbs that have NUD_NOARP but *not* NUD_PERMANENT, so the > mask matches on both but we need only NUD_NOARP to be set. That's > because permanent entries have both set so we can't just match on > NUD_NOARP. Also note that this flush operation doesn't treat permanent > entries in a special way (fdb_delete vs fdb_delete_local), it will > delete them regardless if any port is using them. We can extend the api > with a flag to do that if needed in the future. > > Patches in this set: > 1. adds the new IFLA_BRIDGE_FLUSH bridge af attribute > 2. adds a basic structure to describe an fdb flush filter > 3. adds fdb netlink flush call via BRIDGE_FDB_FLUSH attribute > 4 - 6. add support for specifying various fdb fields to filter > > Patch-sets (in order): > - Initial flush infra and fdb flush filtering (this set) > - iproute2 support > - selftests > > Future work: > - mdb flush support > > Thanks, > Nik > > Nikolay Aleksandrov (6): > net: bridge: add a generic flush operation > net: bridge: fdb: add support for fine-grained flushing > net: bridge: fdb: add new nl attribute-based flush call > net: bridge: fdb: add support for flush filtering based on ndm flags > and state > net: bridge: fdb: add support for flush filtering based on ifindex > net: bridge: fdb: add support for flush filtering based on vlan id > > include/uapi/linux/if_bridge.h | 22 ++++++ > net/bridge/br_fdb.c | 128 +++++++++++++++++++++++++++++++-- > net/bridge/br_netlink.c | 59 ++++++++++++++- > net/bridge/br_private.h | 12 +++- > net/bridge/br_sysfs_br.c | 6 +- > 5 files changed, 215 insertions(+), 12 deletions(-) > > -- > 2.35.1 >
On 11/04/2022 10:47, Ido Schimmel wrote: > On Sat, Apr 09, 2022 at 01:58:51PM +0300, Nikolay Aleksandrov wrote: >> Hi, >> This patch-set adds support to specify filtering conditions for a flush >> operation. Initially only FDB flush filtering is added, later MDB >> support will be added as well. Some user-space applications need a way >> to delete only a specific set of entries, e.g. mlag implementations need >> a way to flush only dynamic entries excluding externally learned ones >> or only externally learned ones without static entries etc. Also apps >> usually want to target only a specific vlan or port/vlan combination. >> The current 2 flush operations (per port and bridge-wide) are not >> extensible and cannot provide such filtering, so a new bridge af >> attribute is added (IFLA_BRIDGE_FLUSH) which contains the filtering >> information for each object type which has to be flushed. >> An example structure for fdbs: >> [ IFLA_BRIDGE_FLUSH ] >> `[ BRIDGE_FDB_FLUSH ] >> `[ FDB_FLUSH_NDM_STATE ] >> `[ FDB_FLUSH_NDM_FLAGS ] >> >> I decided against embedding these into the old flush attributes for >> multiple reasons - proper error handling on unsupported attributes, >> older kernels silently flushing all, need for a second mechanism to >> signal that the attribute should be parsed (e.g. using boolopts), >> special treatment for permanent entries. >> >> Examples: >> $ bridge fdb flush dev bridge vlan 100 static >> < flush all static entries on vlan 100 > >> $ bridge fdb flush dev bridge vlan 1 dynamic >> < flush all dynamic entries on vlan 1 > >> $ bridge fdb flush dev bridge port ens16 vlan 1 dynamic >> < flush all dynamic entries on port ens16 and vlan 1 > >> $ bridge fdb flush dev bridge nooffloaded nopermanent >> < flush all non-offloaded and non-permanent entries > >> $ bridge fdb flush dev bridge static noextern_learn >> < flush all static entries which are not externally learned > >> $ bridge fdb flush dev bridge permanent >> < flush all permanent entries > > > IIUC, the new IFLA_BRIDGE_FLUSH attribute is supposed to be passed in > RTM_SETLINK messages, but the current 'bridge fdb' commands all > correspond to RTM_{NEW,DEL,GET}NEIGH messages. To continue following > this pattern, did you consider turning the above examples to the > following? > Yes, I did think about that but when I think about ip link set, I think about configuring the bridge, while flush is an action similar to dump/show. Also it's a special setlink with bridge address family similar to bridge/link.c. More below.. > $ ip link set dev bridge type bridge fdb_flush vlan 100 static > $ ip link set dev bridge type bridge fdb_flush vlan 1 dynamic > $ ip link set dev ens16 type bridge_slave fdb_flush vlan 1 dynamic > $ ip link set dev bridge type bridge fdb_flush nooffloaded nopermanent > $ ip link set dev bridge type bridge fdb_flush static noextern_learn > $ ip link set dev bridge type bridge fdb_flush permanent > > It's not critical, but I like the correspondence between iproute2 > commands and the underlying netlink messages. > Generally I agree with you, but in this case I'd prefer to keep them in bridge/(fdb|mdb).c. Semantically I think fdb/mdb actions should be done through "bridge fdb/mdb" sub-commands. All of the flush options are fdb/mdb-specific attributes which already exist there and shouldn't be exposed in ip/. I know there are counterexamples of actions being done through ip link (e.g. current flush) but those exist due to historic reasons. Another thing is that if it becomes an ip link subcommand I'll either have to move the bridge family setlink into ip/ or I'd have to make it a bridge attribute (i.e. extend the bridge option attributes). I don't like the duplication that has been happening recently (same options added to bridge link and to ip link set type bridge_slave for example), let's try and keep ip link set for bridge/bridge_slave configuration only. Although it's still a SETLINK just in the bridge AF, we do have actions being done through it already. That being said I don't mind changing it to DELLINK given that it's a special case. >> >> Note that all flags have their negated version (static vs nostatic etc) >> and there are some tricky cases to handle like "static" which in flag >> terms means fdbs that have NUD_NOARP but *not* NUD_PERMANENT, so the >> mask matches on both but we need only NUD_NOARP to be set. That's >> because permanent entries have both set so we can't just match on >> NUD_NOARP. Also note that this flush operation doesn't treat permanent >> entries in a special way (fdb_delete vs fdb_delete_local), it will >> delete them regardless if any port is using them. We can extend the api >> with a flag to do that if needed in the future. >> >> Patches in this set: >> 1. adds the new IFLA_BRIDGE_FLUSH bridge af attribute >> 2. adds a basic structure to describe an fdb flush filter >> 3. adds fdb netlink flush call via BRIDGE_FDB_FLUSH attribute >> 4 - 6. add support for specifying various fdb fields to filter >> >> Patch-sets (in order): >> - Initial flush infra and fdb flush filtering (this set) >> - iproute2 support >> - selftests >> >> Future work: >> - mdb flush support >> >> Thanks, >> Nik >> >> Nikolay Aleksandrov (6): >> net: bridge: add a generic flush operation >> net: bridge: fdb: add support for fine-grained flushing >> net: bridge: fdb: add new nl attribute-based flush call >> net: bridge: fdb: add support for flush filtering based on ndm flags >> and state >> net: bridge: fdb: add support for flush filtering based on ifindex >> net: bridge: fdb: add support for flush filtering based on vlan id >> >> include/uapi/linux/if_bridge.h | 22 ++++++ >> net/bridge/br_fdb.c | 128 +++++++++++++++++++++++++++++++-- >> net/bridge/br_netlink.c | 59 ++++++++++++++- >> net/bridge/br_private.h | 12 +++- >> net/bridge/br_sysfs_br.c | 6 +- >> 5 files changed, 215 insertions(+), 12 deletions(-) >> >> -- >> 2.35.1 >>
On Mon, Apr 11, 2022 at 10:47:38AM +0300, Ido Schimmel wrote: > On Sat, Apr 09, 2022 at 01:58:51PM +0300, Nikolay Aleksandrov wrote: > > Hi, > > This patch-set adds support to specify filtering conditions for a flush > > operation. Initially only FDB flush filtering is added, later MDB > > support will be added as well. Some user-space applications need a way > > to delete only a specific set of entries, e.g. mlag implementations need > > a way to flush only dynamic entries excluding externally learned ones > > or only externally learned ones without static entries etc. Also apps > > usually want to target only a specific vlan or port/vlan combination. > > The current 2 flush operations (per port and bridge-wide) are not > > extensible and cannot provide such filtering, so a new bridge af > > attribute is added (IFLA_BRIDGE_FLUSH) which contains the filtering > > information for each object type which has to be flushed. > > An example structure for fdbs: > > [ IFLA_BRIDGE_FLUSH ] > > `[ BRIDGE_FDB_FLUSH ] > > `[ FDB_FLUSH_NDM_STATE ] > > `[ FDB_FLUSH_NDM_FLAGS ] > > > > I decided against embedding these into the old flush attributes for > > multiple reasons - proper error handling on unsupported attributes, > > older kernels silently flushing all, need for a second mechanism to > > signal that the attribute should be parsed (e.g. using boolopts), > > special treatment for permanent entries. > > > > Examples: > > $ bridge fdb flush dev bridge vlan 100 static > > < flush all static entries on vlan 100 > > > $ bridge fdb flush dev bridge vlan 1 dynamic > > < flush all dynamic entries on vlan 1 > > > $ bridge fdb flush dev bridge port ens16 vlan 1 dynamic > > < flush all dynamic entries on port ens16 and vlan 1 > > > $ bridge fdb flush dev bridge nooffloaded nopermanent > > < flush all non-offloaded and non-permanent entries > > > $ bridge fdb flush dev bridge static noextern_learn > > < flush all static entries which are not externally learned > > > $ bridge fdb flush dev bridge permanent > > < flush all permanent entries > > > IIUC, the new IFLA_BRIDGE_FLUSH attribute is supposed to be passed in > RTM_SETLINK messages, but the current 'bridge fdb' commands all > correspond to RTM_{NEW,DEL,GET}NEIGH messages. To continue following > this pattern, did you consider turning the above examples to the > following? > > $ ip link set dev bridge type bridge fdb_flush vlan 100 static > $ ip link set dev bridge type bridge fdb_flush vlan 1 dynamic > $ ip link set dev ens16 type bridge_slave fdb_flush vlan 1 dynamic Thinking about it again, I guess this is more appropriate: $ ip link set dev bridge type bridge fdb_flush port ens16 vlan 1 dynamic > $ ip link set dev bridge type bridge fdb_flush nooffloaded nopermanent > $ ip link set dev bridge type bridge fdb_flush static noextern_learn > $ ip link set dev bridge type bridge fdb_flush permanent > > It's not critical, but I like the correspondence between iproute2 > commands and the underlying netlink messages. > > > > > Note that all flags have their negated version (static vs nostatic etc) > > and there are some tricky cases to handle like "static" which in flag > > terms means fdbs that have NUD_NOARP but *not* NUD_PERMANENT, so the > > mask matches on both but we need only NUD_NOARP to be set. That's > > because permanent entries have both set so we can't just match on > > NUD_NOARP. Also note that this flush operation doesn't treat permanent > > entries in a special way (fdb_delete vs fdb_delete_local), it will > > delete them regardless if any port is using them. We can extend the api > > with a flag to do that if needed in the future. > > > > Patches in this set: > > 1. adds the new IFLA_BRIDGE_FLUSH bridge af attribute > > 2. adds a basic structure to describe an fdb flush filter > > 3. adds fdb netlink flush call via BRIDGE_FDB_FLUSH attribute > > 4 - 6. add support for specifying various fdb fields to filter > > > > Patch-sets (in order): > > - Initial flush infra and fdb flush filtering (this set) > > - iproute2 support > > - selftests > > > > Future work: > > - mdb flush support > > > > Thanks, > > Nik > > > > Nikolay Aleksandrov (6): > > net: bridge: add a generic flush operation > > net: bridge: fdb: add support for fine-grained flushing > > net: bridge: fdb: add new nl attribute-based flush call > > net: bridge: fdb: add support for flush filtering based on ndm flags > > and state > > net: bridge: fdb: add support for flush filtering based on ifindex > > net: bridge: fdb: add support for flush filtering based on vlan id > > > > include/uapi/linux/if_bridge.h | 22 ++++++ > > net/bridge/br_fdb.c | 128 +++++++++++++++++++++++++++++++-- > > net/bridge/br_netlink.c | 59 ++++++++++++++- > > net/bridge/br_private.h | 12 +++- > > net/bridge/br_sysfs_br.c | 6 +- > > 5 files changed, 215 insertions(+), 12 deletions(-) > > > > -- > > 2.35.1 > >
Hi, This patch-set adds support to specify filtering conditions for a flush operation. Initially only FDB flush filtering is added, later MDB support will be added as well. Some user-space applications need a way to delete only a specific set of entries, e.g. mlag implementations need a way to flush only dynamic entries excluding externally learned ones or only externally learned ones without static entries etc. Also apps usually want to target only a specific vlan or port/vlan combination. The current 2 flush operations (per port and bridge-wide) are not extensible and cannot provide such filtering, so a new bridge af attribute is added (IFLA_BRIDGE_FLUSH) which contains the filtering information for each object type which has to be flushed. An example structure for fdbs: [ IFLA_BRIDGE_FLUSH ] `[ BRIDGE_FDB_FLUSH ] `[ FDB_FLUSH_NDM_STATE ] `[ FDB_FLUSH_NDM_FLAGS ] I decided against embedding these into the old flush attributes for multiple reasons - proper error handling on unsupported attributes, older kernels silently flushing all, need for a second mechanism to signal that the attribute should be parsed (e.g. using boolopts), special treatment for permanent entries. Examples: $ bridge fdb flush dev bridge vlan 100 static < flush all static entries on vlan 100 > $ bridge fdb flush dev bridge vlan 1 dynamic < flush all dynamic entries on vlan 1 > $ bridge fdb flush dev bridge port ens16 vlan 1 dynamic < flush all dynamic entries on port ens16 and vlan 1 > $ bridge fdb flush dev bridge nooffloaded nopermanent < flush all non-offloaded and non-permanent entries > $ bridge fdb flush dev bridge static noextern_learn < flush all static entries which are not externally learned > $ bridge fdb flush dev bridge permanent < flush all permanent entries > Note that all flags have their negated version (static vs nostatic etc) and there are some tricky cases to handle like "static" which in flag terms means fdbs that have NUD_NOARP but *not* NUD_PERMANENT, so the mask matches on both but we need only NUD_NOARP to be set. That's because permanent entries have both set so we can't just match on NUD_NOARP. Also note that this flush operation doesn't treat permanent entries in a special way (fdb_delete vs fdb_delete_local), it will delete them regardless if any port is using them. We can extend the api with a flag to do that if needed in the future. Patches in this set: 1. adds the new IFLA_BRIDGE_FLUSH bridge af attribute 2. adds a basic structure to describe an fdb flush filter 3. adds fdb netlink flush call via BRIDGE_FDB_FLUSH attribute 4 - 6. add support for specifying various fdb fields to filter Patch-sets (in order): - Initial flush infra and fdb flush filtering (this set) - iproute2 support - selftests Future work: - mdb flush support Thanks, Nik Nikolay Aleksandrov (6): net: bridge: add a generic flush operation net: bridge: fdb: add support for fine-grained flushing net: bridge: fdb: add new nl attribute-based flush call net: bridge: fdb: add support for flush filtering based on ndm flags and state net: bridge: fdb: add support for flush filtering based on ifindex net: bridge: fdb: add support for flush filtering based on vlan id include/uapi/linux/if_bridge.h | 22 ++++++ net/bridge/br_fdb.c | 128 +++++++++++++++++++++++++++++++-- net/bridge/br_netlink.c | 59 ++++++++++++++- net/bridge/br_private.h | 12 +++- net/bridge/br_sysfs_br.c | 6 +- 5 files changed, 215 insertions(+), 12 deletions(-)