Question

IFLA_BR_VLAN_FILTERING netlink attribute ineffective


Hi,

We have some code that is attempting to set up a Cumulus switch through netlink. As a part of this setup process, vlan filtering is set up on the bridge. The strace of the netlink message that creates the bridge looks like this (called muffin in this example)

code:
{
msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000},
msg_namelen=12,
msg_iov=[{
iov_base={
{
len=72,
type=RTM_NEWLINK,
flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE,
seq=3021544948, pid=84633
},
{
ifi_family=AF_UNSPEC,
ifi_type=ARPHRD_NETROM,
ifi_index=0,
ifi_flags=0, ifi_change=0},
[
{{nla_len=11, nla_type=IFLA_IFNAME}, "muffin"},
{
{nla_len=28, nla_type=IFLA_LINKINFO},
[
{{nla_len=10, nla_type=IFLA_INFO_KIND}, "bridge"...},
{
{nla_len=12, nla_type=IFLA_INFO_DATA},
{{nla_len=5, nla_type=IFLA_BR_VLAN_FILTERING}, 1}
}
]
}
]
},
iov_len=72
}],
msg_iovlen=1, msg_controllen=0, msg_flags=0
},


But the bridge does not get created with vlan filtering enabled. This has been tested and works on current Debian 10 machines (kernel 4.19.0). Right now I am testing this code out in CumulusVX 3.7.3.

Notably, when we create a bridge via the `net` tool or set vlan_filtering through iproute2 it works, and we can use our tools to inspect the bridge and receive the IFLA_BR_VLAN_FILTERING tag. But for some reason sending it is not working.

I tried strace in iproute2 when setting the vlan filtering that way, but got messages that seemed somewhat unrelated to the issue of vlan filtering, for example:

code:
{'attrs': [('RTA_UNSPEC', None),
('RTA_VIA', {'addr': '01:00:62:72:69:64:67:65:00:00:0c:00:02:00:05:00:07:00:01:00:00:00', 'family': 10})],
'dst_len': 0,
'family': 0,
'flags': 0,
'header': {'flags': 5,
'length': 60,
'pid': 0,
'sequence_number': 1552678736,
'type': 16},
'proto': 0,
'scope': 0,
'src_len': 0,
'table': 26,
'tos': 0,
'type': 0}


1 reply

Hello @Ryan Goodfellow

Julien from the Cumulus engineering team here. I apologize for the delay of our response.

Cumulus 3.X is based on Debian Jessie with a 4.1 kernel. It seems like this kernel is ignoring all bridge parameters configuration on bridge creation.

To set filtering (and other bridge attributes), a second RTM_NEWLINK or RTM_SETLINK request is needed.
As far as I can tell, kernel 4.9 and higher are supporting bridge attributes configuration with the creation request.

Let us know if you have more questions.

Julien.

Reply