diff options
author | thompsa <thompsa@FreeBSD.org> | 2007-11-04 08:32:27 +0000 |
---|---|---|
committer | thompsa <thompsa@FreeBSD.org> | 2007-11-04 08:32:27 +0000 |
commit | f765e28012affda0090592dc7a820df5864b8b20 (patch) | |
tree | b63d44c299536c2f6aad3362b164ab8559609d99 /sbin | |
parent | ccb1f6f9ac5a17e2a1ba3fe37ba9fad66b2eb111 (diff) | |
download | FreeBSD-src-f765e28012affda0090592dc7a820df5864b8b20.zip FreeBSD-src-f765e28012affda0090592dc7a820df5864b8b20.tar.gz |
Add an option to limit the number of source MACs that can be behind a bridge
interface. Once the limit is reached packets with unknown source addresses are
dropped until an existing host cache entry expires or is removed. Useful to
use with the STICKY cache option.
Sponsored by: miniSuperHappyDevHouse NZ
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ifconfig/ifbridge.c | 34 | ||||
-rw-r--r-- | sbin/ifconfig/ifconfig.8 | 5 |
2 files changed, 33 insertions, 6 deletions
diff --git a/sbin/ifconfig/ifbridge.c b/sbin/ifconfig/ifbridge.c index d8176a8..65c3317 100644 --- a/sbin/ifconfig/ifbridge.c +++ b/sbin/ifconfig/ifbridge.c @@ -177,12 +177,14 @@ bridge_interfaces(int s, const char *prefix) printf("%s%s ", prefix, req->ifbr_ifsname); printb("flags", req->ifbr_ifsflags, IFBIFBITS); printf("\n"); - + + printf("%s", pad); + printf("ifmaxaddr %u", req->ifbr_addrmax); + printf(" port %u priority %u", req->ifbr_portno, + req->ifbr_priority); + printf(" path cost %u", req->ifbr_path_cost); + if (req->ifbr_ifsflags & IFBIF_STP) { - printf("%s", pad); - printf("port %u priority %u", - req->ifbr_portno, req->ifbr_priority); - printf(" path cost %u", req->ifbr_path_cost); if (req->ifbr_proto < sizeof(stpproto) / sizeof(stpproto[0])) printf(" proto %s", stpproto[req->ifbr_proto]); @@ -203,8 +205,8 @@ bridge_interfaces(int s, const char *prefix) else printf(" <unknown state %d>", req->ifbr_state); - printf("\n"); } + printf("\n"); } free(inbuf); @@ -651,6 +653,25 @@ setbridge_ifpathcost(const char *ifn, const char *cost, int s, } static void +setbridge_ifmaxaddr(const char *ifn, const char *arg, int s, + const struct afswtch *afp) +{ + struct ifbreq req; + u_long val; + + memset(&req, 0, sizeof(req)); + + if (get_val(arg, &val) < 0 || (val & ~0xffffffff) != 0) + errx(1, "invalid value: %s", arg); + + strlcpy(req.ifbr_ifsname, ifn, sizeof(req.ifbr_ifsname)); + req.ifbr_addrmax = val & 0xffffffff; + + if (do_cmd(s, BRDGSIFAMAX, &req, sizeof(req), 1) < 0) + err(1, "BRDGSIFAMAX %s", arg); +} + +static void setbridge_timeout(const char *arg, int d, int s, const struct afswtch *afp) { struct ifbrparam param; @@ -714,6 +735,7 @@ static struct cmd bridge_cmds[] = { DEF_CMD_ARG("holdcnt", setbridge_holdcount), DEF_CMD_ARG2("ifpriority", setbridge_ifpriority), DEF_CMD_ARG2("ifpathcost", setbridge_ifpathcost), + DEF_CMD_ARG2("ifmaxaddr", setbridge_ifmaxaddr), DEF_CMD_ARG("timeout", setbridge_timeout), DEF_CMD_ARG("private", setbridge_private), DEF_CMD_ARG("-private", unsetbridge_private), diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index 9d3cc6a..05f0dc1 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1623,6 +1623,11 @@ The default is calculated from the link speed. To change a previously selected path cost back to automatic, set the cost to 0. The minimum is 1 and the maximum is 200000000. +.It Cm ifmaxaddr Ar interface Ar size +Set the maximum number of hosts allowed from an interface, packets with unknown +source addresses are dropped until an existing host cache entry expires or is +removed. +Set to 0 to disable. .El .Pp The following parameters are specific to lagg interfaces: |