Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp1457136rdb; Wed, 20 Sep 2023 09:34:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEH+QZpDZU/5xIKLAdYViJBJO5wzPelmHss0uKit7HnCTJTN31kPN7iAEc2LOJdmtR6lN/A X-Received: by 2002:a17:902:ea8b:b0:1c3:73aa:618b with SMTP id x11-20020a170902ea8b00b001c373aa618bmr2808329plb.9.1695227640698; Wed, 20 Sep 2023 09:34:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695227640; cv=none; d=google.com; s=arc-20160816; b=C983W1fcYq9pcCuFgr8nSnbYAK7UrCfsdmCJSsLgigX5X3QoCpTyxNymo2U5FpJfo2 rBkEB6Bg36y2B7t/s8+OL7wBNVi1+CD5UkwvB7Ea7o0GnHqBhydPw5GCHj2WyC9itw0Z nIYErXDv9okGaZ1jLRskxXbvkHYBbd4xBH5nybIOBgokNHm11IzKkR2rO7ErZdoTyTfh bpzdj/+CqReyg7Uz3EjfOaaCkuRQYFS7sQpSTqqg+EJiPg5m9ekQ829IyPZR1GCYzw+V auKUw3mEzAgHipZ0J++dQHBze3Qw+E6cT17/G8SmxxzqQeQWbo3OPINR0SqiwIaKOGDX WIvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=WfoVQLFTyBMz6qdJ4HQf6iMKbD5VVKNiCRlsodiIXlQ=; fh=r8zpVSSoSO6PfqQy7ooLS7GpPkua5AzwTepuYCrhBPo=; b=XvMwWrQrfkQTcJgHvSap3D+AaJML4R9h4138petMPZD4E5lA2EbNpjIG+1qCHG6yhZ 8+xTnzq9HSvTvlE7ktEsCgYaKRtenfpUSI9oju+iDOQz5kFphhywmGCg/eNFdfT/S4hr kxMEwGJug82fUwGtJy39jCb+R6EhHkWiWnZrS47gTMUIgg+JmRMvc+XH2VPFGgPNzVP6 tc0oUyUOOExLTOZEjQKvfZnk1NT97HxmnJOemnpBdxJGEMHlUcIwRmNv4utf44AfDAqA 3VvANN+FxN1DifvZmDixna22+5QRMrIIbO0x1Sesj3ke7udetPxULdCAT2gk0ejmDabQ wq2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@blackwall-org.20230601.gappssmtp.com header.s=20230601 header.b=RazleXos; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id x9-20020a170902b40900b001bbb39ffe06si11598333plr.69.2023.09.20.09.34.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Sep 2023 09:34:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@blackwall-org.20230601.gappssmtp.com header.s=20230601 header.b=RazleXos; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 308B783457F7; Wed, 20 Sep 2023 03:50:01 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233125AbjITKt4 (ORCPT + 99 others); Wed, 20 Sep 2023 06:49:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234036AbjITKte (ORCPT ); Wed, 20 Sep 2023 06:49:34 -0400 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2BC80CF4 for ; Wed, 20 Sep 2023 03:49:05 -0700 (PDT) Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-99c3d3c3db9so919911266b.3 for ; Wed, 20 Sep 2023 03:49:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blackwall-org.20230601.gappssmtp.com; s=20230601; t=1695206943; x=1695811743; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=WfoVQLFTyBMz6qdJ4HQf6iMKbD5VVKNiCRlsodiIXlQ=; b=RazleXos7/k53GEoTRbGsHzMX9JT1DA51tFBZ3TYPXQeK02nojwcfEvtKhThwk0g8M OvIua8Ana6XbAIrjagYg9R65I2oLsi7VatOXOqZ/jp05kJJcCaQnlsjCvKjtgaSKniBp kdQ00CxPkWdHRmAtTG6Vohb/MtRvmFibKLunTXsfkCgE7cjy/qQZPjKENA7TsO4kg7xs 8XL9ldy45vWFtAsw00TZrwTXm4dAS/8Yn5FvAUNhsJhNPad8JF8Pg6pgAnkC3+2amoNk iCvx+vmSwo8oBuBTyg9JsgwKcw2UCn03NpVnskrr2UciHNjkIZk7ImQ2yoMBbrFXudxc D8Tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695206943; x=1695811743; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WfoVQLFTyBMz6qdJ4HQf6iMKbD5VVKNiCRlsodiIXlQ=; b=hY9gbyzj5GcI8VYkLCPgeatm1nqSWfLnNtmfZffoPzJRhJPLV15GLtSTRjxFgQYOZJ OxLCWgzHDDMwvvwIdumMMckgccTdpZmeMI3WH5czirWse9q7dss6z56GLb3IU4BS7Xyv 211qWYKSJBlqjTIi4XlV+7bHjvsw71YCv/l136nVNbgorYJtGWndkTgNb2SWJSHJuLc8 TYe6qhzKyaStz8cAyexvItIzaRA//VrBkeWmMOVQ3aDySXlLHDD7uHmmQ/6JsYv7xSU1 U33U9+oJpy+Jcnwof0t0C8B7VHXpAfSjh/ZDYbJnBvO7g2BH53d4ZTrgY9GE09QM6dWJ r9tg== X-Gm-Message-State: AOJu0YxMzPYPTznRUPylSdFbG0s4v3QHSt/GLMPcP4f6V8lhlqX+ffSb 3xEn+jb4lhai/hDS/781K+a4Mw== X-Received: by 2002:a17:906:3d21:b0:9a2:1e14:86bd with SMTP id l1-20020a1709063d2100b009a21e1486bdmr1622513ejf.65.1695206943489; Wed, 20 Sep 2023 03:49:03 -0700 (PDT) Received: from [192.168.0.105] (haunt.prize.volia.net. [93.72.109.136]) by smtp.gmail.com with ESMTPSA id qb18-20020a1709077e9200b009adc5802d08sm8191805ejc.190.2023.09.20.03.49.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 20 Sep 2023 03:49:03 -0700 (PDT) Message-ID: <5146e687-f5b8-86b2-e4e3-29871fe4fa5c@blackwall.org> Date: Wed, 20 Sep 2023 13:49:01 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Subject: Re: [PATCH net-next v4 3/6] net: bridge: Track and limit dynamically learned FDB entries Content-Language: en-US To: Johannes Nixdorf , "David S. Miller" , Andrew Lunn , David Ahern , Eric Dumazet , Florian Fainelli , Ido Schimmel , Jakub Kicinski , Oleksij Rempel , Paolo Abeni , Roopa Prabhu , Shuah Khan , Vladimir Oltean Cc: bridge@lists.linux-foundation.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org References: <20230919-fdb_limit-v4-0-39f0293807b8@avm.de> <20230919-fdb_limit-v4-3-39f0293807b8@avm.de> From: Nikolay Aleksandrov In-Reply-To: <20230919-fdb_limit-v4-3-39f0293807b8@avm.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 20 Sep 2023 03:50:01 -0700 (PDT) On 9/19/23 11:12, Johannes Nixdorf wrote: > A malicious actor behind one bridge port may spam the kernel with packets > with a random source MAC address, each of which will create an FDB entry, > each of which is a dynamic allocation in the kernel. > > There are roughly 2^48 different MAC addresses, further limited by the > rhashtable they are stored in to 2^31. Each entry is of the type struct > net_bridge_fdb_entry, which is currently 128 bytes big. This means the > maximum amount of memory allocated for FDB entries is 2^31 * 128B = > 256GiB, which is too much for most computers. > > Mitigate this by maintaining a per bridge count of those automatically > generated entries in fdb_n_learned, and a limit in fdb_max_learned. If > the limit is hit new entries are not learned anymore. > > For backwards compatibility the default setting of 0 disables the limit. > > User-added entries by netlink or from bridge or bridge port addresses > are never blocked and do not count towards that limit. > > Introduce a new fdb entry flag BR_FDB_DYNAMIC_LEARNED to keep track of > whether an FDB entry is included in the count. The flag is enabled for > dynamically learned entries, and disabled for all other entries. This > should be equivalent to BR_FDB_ADDED_BY_USER and BR_FDB_LOCAL being unset, > but contrary to the two flags it can be toggled atomically. > > Atomicity is required here, as there are multiple callers that modify the > flags, but are not under a common lock (br_fdb_update is the exception > for br->hash_lock, br_fdb_external_learn_add for RTNL). > > Signed-off-by: Johannes Nixdorf > --- > net/bridge/br_fdb.c | 35 +++++++++++++++++++++++++++++++++-- > net/bridge/br_private.h | 4 ++++ > 2 files changed, 37 insertions(+), 2 deletions(-) > I think this is a good counting start. :) It'd be nice to get more eyes on this one. Acked-by: Nikolay Aleksandrov