device: always enforce bridge properties limits

...also when the connection is created at NetworkManager startup to map an already configured bridge. Ensure the device has configuration values that fall inside NetworkManager boundaries, otherwise map the value with a default. (cherry picked from commit 30d9744534)
2026-01-29 17:00:29 +01:00 · 2019-01-03 11:40:13 +01:00 · 2019-01-03 11:40:13 +01:00 · 6a0f828405
commit 6a0f828405
parent 5a49f7ee77
1 changed files with 60 additions and 21 deletions
--- a/src/devices/nm-device-bridge.c
+++ b/src/devices/nm-device-bridge.c
@ -168,26 +168,51 @@ complete_connection (NMDevice *device,
 typedef struct {
 	const char *name;
 	const char *sysname;
+	uint nm_min;
+	uint nm_max;
+	uint nm_default;
 	gboolean default_if_zero;
 	gboolean user_hz_compensate;
 } Option;

 static const Option master_options[] = {
-	{ NM_SETTING_BRIDGE_STP, "stp_state", FALSE, FALSE },
-	{ NM_SETTING_BRIDGE_PRIORITY, "priority", TRUE, FALSE },
-	{ NM_SETTING_BRIDGE_FORWARD_DELAY, "forward_delay", TRUE, TRUE },
-	{ NM_SETTING_BRIDGE_HELLO_TIME, "hello_time", TRUE, TRUE },
-	{ NM_SETTING_BRIDGE_MAX_AGE, "max_age", TRUE, TRUE },
-	{ NM_SETTING_BRIDGE_AGEING_TIME, "ageing_time", TRUE, TRUE },
-	{ NM_SETTING_BRIDGE_GROUP_FORWARD_MASK, "group_fwd_mask", TRUE, FALSE },
-	{ NM_SETTING_BRIDGE_MULTICAST_SNOOPING, "multicast_snooping", FALSE, FALSE },
+	{ NM_SETTING_BRIDGE_STP,                "stp_state",
+	                                        0, 1, 1,
+	                                        FALSE, FALSE },
+	{ NM_SETTING_BRIDGE_PRIORITY,           "priority",
+	                                        0, G_MAXUINT16, 0x8000,
+	                                        TRUE, FALSE },
+	{ NM_SETTING_BRIDGE_FORWARD_DELAY,      "forward_delay",
+	                                        0, NM_BR_MAX_FORWARD_DELAY, 15,
+	                                        TRUE, TRUE },
+	{ NM_SETTING_BRIDGE_HELLO_TIME,         "hello_time",
+	                                        0, NM_BR_MAX_HELLO_TIME, 2,
+	                                        TRUE, TRUE },
+	{ NM_SETTING_BRIDGE_MAX_AGE,            "max_age",
+	                                        0, NM_BR_MAX_MAX_AGE, 20,
+	                                        TRUE, TRUE },
+	{ NM_SETTING_BRIDGE_AGEING_TIME,        "ageing_time",
+	                                        NM_BR_MIN_AGEING_TIME, NM_BR_MAX_AGEING_TIME, 300,
+	                                        TRUE, TRUE },
+	{ NM_SETTING_BRIDGE_GROUP_FORWARD_MASK, "group_fwd_mask",
+	                                        0, 0xFFFF, 0,
+	                                        TRUE, FALSE },
+	{ NM_SETTING_BRIDGE_MULTICAST_SNOOPING, "multicast_snooping",
+	                                        0, 1, 1,
+	                                        FALSE, FALSE },
 	{ NULL, NULL }
 };

 static const Option slave_options[] = {
-	{ NM_SETTING_BRIDGE_PORT_PRIORITY, "priority", TRUE, FALSE },
-	{ NM_SETTING_BRIDGE_PORT_PATH_COST, "path_cost", TRUE, FALSE },
-	{ NM_SETTING_BRIDGE_PORT_HAIRPIN_MODE, "hairpin_mode", FALSE, FALSE },
+	{ NM_SETTING_BRIDGE_PORT_PRIORITY,     "priority",
+	                                       0, NM_BR_PORT_MAX_PRIORITY, NM_BR_PORT_DEF_PRIORITY,
+	                                       TRUE, FALSE },
+	{ NM_SETTING_BRIDGE_PORT_PATH_COST,    "path_cost",
+	                                       0, NM_BR_PORT_MAX_PATH_COST, 100,
+	                                       TRUE, FALSE },
+	{ NM_SETTING_BRIDGE_PORT_HAIRPIN_MODE, "hairpin_mode",
+	                                       0, 1, 0,
+	                                       FALSE, FALSE },
 	{ NULL, NULL }
 };

@ -283,15 +308,22 @@ update_connection (NMDevice *device, NMConnection *connection)

 	for (option = master_options; option->name; option++) {
 		gs_free char *str = nm_platform_sysctl_master_get_option (nm_device_get_platform (device), ifindex, option->sysname);
-		int value;
+		uint value;

 		if (str) {
-			value = strtol (str, NULL, 10);
-
 			/* See comments in set_sysfs_uint() about centiseconds. */
-			if (option->user_hz_compensate)
+			if (option->user_hz_compensate) {
+				value = _nm_utils_ascii_str_to_int64 (str, 10,
+				                                      option->nm_min * 100,
+				                                      option->nm_max * 100,
+				                                      option->nm_default * 100);
 				value /= 100;
-
+			} else {
+				value = _nm_utils_ascii_str_to_int64 (str, 10,
+				                                      option->nm_min,
+				                                      option->nm_max,
+				                                      option->nm_default);
+			}
 			g_object_set (s_bridge, option->name, value, NULL);
 		} else
 			_LOGW (LOGD_BRIDGE, "failed to read bridge setting '%s'", option->sysname);
@ -322,15 +354,22 @@ master_update_slave_connection (NMDevice *device,

 	for (option = slave_options; option->name; option++) {
 		gs_free char *str = nm_platform_sysctl_slave_get_option (nm_device_get_platform (device), ifindex_slave, option->sysname);
-		int value;
+		uint value;

 		if (str) {
-			value = strtol (str, NULL, 10);
-
 			/* See comments in set_sysfs_uint() about centiseconds. */
-			if (option->user_hz_compensate)
+			if (option->user_hz_compensate) {
+				value = _nm_utils_ascii_str_to_int64 (str, 10,
+				                                      option->nm_min * 100,
+				                                      option->nm_max * 100,
+				                                      option->nm_default * 100);
 				value /= 100;
-
+			} else {
+				value = _nm_utils_ascii_str_to_int64 (str, 10,
+				                                      option->nm_min,
+				                                      option->nm_max,
+				                                      option->nm_default);
+			}
 			g_object_set (s_port, option->name, value, NULL);
 		} else
 			_LOGW (LOGD_BRIDGE, "failed to read bridge port setting '%s'", option->sysname);