The existing neighbor suppression unconditionally suppresses gratuitous ARPs and unsolicited Neighbor Advertisements, which prevents fast mobility of hosts between VTEPs.
This series adds a new neigh_forward_grat option that provides independent control of gratuitous ARP and unsolicited NA forwarding. When neigh_suppress is enabled but neigh_forward_grat is enabled, regular neighbor discovery is suppressed while gratuitous announcements are forwarded. The implementation marks gratuitous ARPs and unsolicited NAs in BR_INPUT_SKB_CB during input processing, then checks the per-output-port neigh_forward_grat setting during flooding. This allows gratuitous announcements from any input port to be selectively forwarded based on each output port's individual configuration. Both port-level control (via IFLA_BRPORT_NEIGH_FORWARD_GRAT) and per-VLAN control (via BRIDGE_VLANDB_ENTRY_NEIGH_FORWARD_GRAT) are provided. The default value of OFF preserves existing behavior. This behavior is in accordance with RFC 9161 (Section 3.6), which recommends that VTEPs forward gratuitous ARP and unsolicited NA messages to avoid traffic disruption during host mobility events. The new attributes use NLA_U8, although the kernel netlink guideline recommends NLA_U32 as the minimum integer type on the grounds that alignment makes smaller types equivalent on the wire. For a simple on/off attribute there is no technical advantage to u32 over u8, and keeping u8 preserves consistency with all surrounding bridge port attributes and avoids introducing new helpers alongside the existing infrastructure. Patchset overview: Patch #1: adds uapi headers. Patches #2-#3: support selective forwarding of gratuitous ARP. Patches #4-#5: add netlink handling. Patch #6: adds tests. Please see iproute related patches in the last 3 commits of: https://github.com/daniellerts/iproute2 Danielle Ratson (6): bridge: uapi: Add neigh_forward_grat netlink attributes bridge: Add internal flags for neigh_forward_grat bridge: Add selective forwarding of gratuitous neighbor announcements bridge: Add port-level netlink handling for neigh_forward_grat bridge: Add per-VLAN netlink handling for neigh_forward_grat selftests: net: Add tests for neigh_forward_grat option Documentation/netlink/specs/rt-link.yaml | 3 + include/linux/if_bridge.h | 1 + include/uapi/linux/if_bridge.h | 1 + include/uapi/linux/if_link.h | 17 + net/bridge/br_arp_nd_proxy.c | 22 ++ net/bridge/br_forward.c | 15 +- net/bridge/br_netlink.c | 8 +- net/bridge/br_private.h | 3 + net/bridge/br_vlan.c | 1 + net/bridge/br_vlan_options.c | 24 +- net/core/rtnetlink.c | 2 +- .../net/test_bridge_neigh_suppress.sh | 298 +++++++++++++++++- 12 files changed, 385 insertions(+), 10 deletions(-) -- 2.51.0
