Merge pull request #19605 from yuwata/network-fdb-outgoing-interface

network: bridge-fdb: add support to specify outgoing interface
2024-10-15 12:34:37 +00:00 · 2021-05-20 21:33:14 +02:00 · 2021-05-20 21:33:14 +02:00 · f9e60ff9ad
parent e6655fbe40 db5486b450
commit f9e60ff9ad
14 changed files with 255 additions and 106 deletions
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@ -2857,6 +2857,13 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
            device is a VXLAN type device and has route shortcircuit enabled. Defaults to <literal>self</literal>.</para>
          </listitem>
        </varlistentry>
+        <varlistentry>
+          <term><varname>OutgoingInterface=</varname></term>
+          <listitem>
+            <para>Specifies the name or index of the outgoing interface for the VXLAN device driver to
+            reach the remote VXLAN tunnel endpoint. Defaults to unset.</para>
+          </listitem>
+        </varlistentry>
      </variablelist>
  </refsect1>
  <refsect1>
--- a/src/network/meson.build
+++ b/src/network/meson.build
@ -57,6 +57,8 @@ sources = files('''
        networkd-address-pool.h
        networkd-address.c
        networkd-address.h
+        networkd-bridge-fdb.c
+        networkd-bridge-fdb.h
        networkd-brvlan.c
        networkd-brvlan.h
        networkd-can.c
@ -73,8 +75,6 @@ sources = files('''
        networkd-dhcp4.h
        networkd-dhcp6.c
        networkd-dhcp6.h
-        networkd-fdb.c
-        networkd-fdb.h
        networkd-ipv4ll.c
        networkd-ipv4ll.h
        networkd-ipv6-proxy-ndp.c
--- a/src/network/networkd-bridge-fdb.c
+++ b/src/network/networkd-bridge-fdb.c
@ -9,42 +9,46 @@
 #include "alloc-util.h"
 #include "bridge.h"
 #include "netlink-util.h"
-#include "networkd-fdb.h"
+#include "networkd-bridge-fdb.h"
 #include "networkd-link.h"
 #include "networkd-manager.h"
 #include "networkd-network.h"
+#include "networkd-queue.h"
+#include "networkd-util.h"
 #include "parse-util.h"
 #include "string-table.h"
 #include "vlan-util.h"
 #include "vxlan.h"

-#define STATIC_FDB_ENTRIES_PER_NETWORK_MAX 1024U
+#define STATIC_BRIDGE_FDB_ENTRIES_PER_NETWORK_MAX 1024U

 /* remove and FDB entry. */
-FdbEntry *fdb_entry_free(FdbEntry *fdb_entry) {
-        if (!fdb_entry)
+BridgeFDB *bridge_fdb_free(BridgeFDB *fdb) {
+        if (!fdb)
                return NULL;

-        if (fdb_entry->network) {
-                assert(fdb_entry->section);
-                hashmap_remove(fdb_entry->network->fdb_entries_by_section, fdb_entry->section);
+        if (fdb->network) {
+                assert(fdb->section);
+                hashmap_remove(fdb->network->bridge_fdb_entries_by_section, fdb->section);
        }

-        network_config_section_free(fdb_entry->section);
-        return mfree(fdb_entry);
+        network_config_section_free(fdb->section);
+
+        free(fdb->outgoing_ifname);
+        return mfree(fdb);
 }

-DEFINE_NETWORK_SECTION_FUNCTIONS(FdbEntry, fdb_entry_free);
+DEFINE_NETWORK_SECTION_FUNCTIONS(BridgeFDB, bridge_fdb_free);

 /* create a new FDB entry or get an existing one. */
-static int fdb_entry_new_static(
+static int bridge_fdb_new_static(
                Network *network,
                const char *filename,
                unsigned section_line,
-                FdbEntry **ret) {
+                BridgeFDB **ret) {

        _cleanup_(network_config_section_freep) NetworkConfigSection *n = NULL;
-        _cleanup_(fdb_entry_freep) FdbEntry *fdb_entry = NULL;
+        _cleanup_(bridge_fdb_freep) BridgeFDB *fdb = NULL;
        int r;

        assert(network);
@ -57,72 +61,82 @@ static int fdb_entry_new_static(
                return r;

        /* search entry in hashmap first. */
-        fdb_entry = hashmap_get(network->fdb_entries_by_section, n);
-        if (fdb_entry) {
-                *ret = TAKE_PTR(fdb_entry);
+        fdb = hashmap_get(network->bridge_fdb_entries_by_section, n);
+        if (fdb) {
+                *ret = TAKE_PTR(fdb);
                return 0;
        }

-        if (hashmap_size(network->fdb_entries_by_section) >= STATIC_FDB_ENTRIES_PER_NETWORK_MAX)
+        if (hashmap_size(network->bridge_fdb_entries_by_section) >= STATIC_BRIDGE_FDB_ENTRIES_PER_NETWORK_MAX)
                return -E2BIG;

        /* allocate space for and FDB entry. */
-        fdb_entry = new(FdbEntry, 1);
-        if (!fdb_entry)
+        fdb = new(BridgeFDB, 1);
+        if (!fdb)
                return -ENOMEM;

        /* init FDB structure. */
-        *fdb_entry = (FdbEntry) {
+        *fdb = (BridgeFDB) {
                .network = network,
                .section = TAKE_PTR(n),
                .vni = VXLAN_VID_MAX + 1,
-                .fdb_ntf_flags = NEIGHBOR_CACHE_ENTRY_FLAGS_SELF,
+                .ntf_flags = NEIGHBOR_CACHE_ENTRY_FLAGS_SELF,
        };

-        r = hashmap_ensure_put(&network->fdb_entries_by_section, &network_config_hash_ops, fdb_entry->section, fdb_entry);
+        r = hashmap_ensure_put(&network->bridge_fdb_entries_by_section, &network_config_hash_ops, fdb->section, fdb);
        if (r < 0)
                return r;

        /* return allocated FDB structure. */
-        *ret = TAKE_PTR(fdb_entry);
+        *ret = TAKE_PTR(fdb);

        return 0;
 }

-static int set_fdb_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
+static int bridge_fdb_configure_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
        int r;

        assert(link);
+        assert(link->static_bridge_fdb_messages > 0);
+
+        link->static_bridge_fdb_messages--;

        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
-                return 1;
+                return 0;

        r = sd_netlink_message_get_errno(m);
        if (r < 0 && r != -EEXIST) {
-                log_link_message_warning_errno(link, m, r, "Could not add FDB entry");
+                log_link_message_warning_errno(link, m, r, "Could not add bridge FDB entry");
                link_enter_failed(link);
-                return 1;
+                return 0;
        }

-        return 1;
+        if (link->static_bridge_fdb_messages == 0) {
+                log_link_debug(link, "Bridge FDB entries set");
+                link->static_bridge_fdb_configured = true;
+                link_check_ready(link);
+        }
+
+        return 0;
 }

 /* send a request to the kernel to add a FDB entry in its static MAC table. */
-static int fdb_entry_configure(Link *link, FdbEntry *fdb_entry) {
+static int bridge_fdb_configure(const BridgeFDB *fdb, Link *link, link_netlink_message_handler_t callback) {
        _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
        int r;

+        assert(fdb);
        assert(link);
-        assert(link->network);
        assert(link->manager);
-        assert(fdb_entry);
+        assert(link->manager->rtnl);
+        assert(callback);

        /* create new RTM message */
        r = sd_rtnl_message_new_neigh(link->manager->rtnl, &req, RTM_NEWNEIGH, link->ifindex, AF_BRIDGE);
        if (r < 0)
                return log_link_error_errno(link, r, "Could not create RTM_NEWNEIGH message: %m");

-        r = sd_rtnl_message_neigh_set_flags(req, fdb_entry->fdb_ntf_flags);
+        r = sd_rtnl_message_neigh_set_flags(req, fdb->ntf_flags);
        if (r < 0)
                return log_link_error_errno(link, r, "Could not set neighbor flags: %m");

@ -131,31 +145,37 @@ static int fdb_entry_configure(Link *link, FdbEntry *fdb_entry) {
        if (r < 0)
                return log_link_error_errno(link, r, "Could not set neighbor state: %m");

-        r = sd_netlink_message_append_data(req, NDA_LLADDR, &fdb_entry->mac_addr, sizeof(fdb_entry->mac_addr));
+        r = sd_netlink_message_append_data(req, NDA_LLADDR, &fdb->mac_addr, sizeof(fdb->mac_addr));
        if (r < 0)
                return log_link_error_errno(link, r, "Could not append NDA_LLADDR attribute: %m");

        /* VLAN Id is optional. We'll add VLAN Id only if it's specified. */
-        if (fdb_entry->vlan_id > 0) {
-                r = sd_netlink_message_append_u16(req, NDA_VLAN, fdb_entry->vlan_id);
+        if (fdb->vlan_id > 0) {
+                r = sd_netlink_message_append_u16(req, NDA_VLAN, fdb->vlan_id);
                if (r < 0)
                        return log_link_error_errno(link, r, "Could not append NDA_VLAN attribute: %m");
        }

-        if (in_addr_is_set(fdb_entry->family, &fdb_entry->destination_addr)) {
-                r = netlink_message_append_in_addr_union(req, NDA_DST, fdb_entry->family, &fdb_entry->destination_addr);
+        if (fdb->outgoing_ifindex > 0) {
+                r = sd_netlink_message_append_u32(req, NDA_IFINDEX, fdb->outgoing_ifindex);
+                if (r < 0)
+                        return log_link_error_errno(link, r, "Could not append NDA_IFINDEX attribute: %m");
+        }
+
+        if (in_addr_is_set(fdb->family, &fdb->destination_addr)) {
+                r = netlink_message_append_in_addr_union(req, NDA_DST, fdb->family, &fdb->destination_addr);
                if (r < 0)
                        return log_link_error_errno(link, r, "Could not append NDA_DST attribute: %m");
        }

-        if (fdb_entry->vni <= VXLAN_VID_MAX) {
-                r = sd_netlink_message_append_u32(req, NDA_VNI, fdb_entry->vni);
+        if (fdb->vni <= VXLAN_VID_MAX) {
+                r = sd_netlink_message_append_u32(req, NDA_VNI, fdb->vni);
                if (r < 0)
                        return log_link_error_errno(link, r, "Could not append NDA_VNI attribute: %m");
        }

        /* send message to the kernel to update its internal static MAC table. */
-        r = netlink_call_async(link->manager->rtnl, NULL, req, set_fdb_handler,
+        r = netlink_call_async(link->manager->rtnl, NULL, req, callback,
                               link_netlink_destroy_callback, link);
        if (r < 0)
                return log_link_error_errno(link, r, "Could not send rtnetlink message: %m");
@ -165,30 +185,78 @@ static int fdb_entry_configure(Link *link, FdbEntry *fdb_entry) {
        return 1;
 }

-int link_set_bridge_fdb(Link *link) {
-        FdbEntry *fdb_entry;
+int link_request_static_bridge_fdb(Link *link) {
+        BridgeFDB *fdb;
        int r;

        assert(link);
        assert(link->network);

-        HASHMAP_FOREACH(fdb_entry, link->network->fdb_entries_by_section) {
-                r = fdb_entry_configure(link, fdb_entry);
+        link->static_bridge_fdb_configured = false;
+
+        HASHMAP_FOREACH(fdb, link->network->bridge_fdb_entries_by_section) {
+                r = link_queue_request(link, REQUEST_TYPE_BRIDGE_FDB, fdb, false,
+                                       &link->static_bridge_fdb_messages, bridge_fdb_configure_handler, NULL);
                if (r < 0)
-                        return log_link_error_errno(link, r, "Failed to add MAC entry to static MAC table: %m");
+                        return log_link_error_errno(link, r, "Failed to request static bridge FDB entry: %m");
+        }
+
+        if (link->static_bridge_fdb_messages == 0) {
+                link->static_bridge_fdb_configured = true;
+                link_check_ready(link);
+        } else {
+                log_link_debug(link, "Setting bridge FDB entries");
+                link_set_state(link, LINK_STATE_CONFIGURING);
        }

        return 0;
 }

-void network_drop_invalid_fdb_entries(Network *network) {
-        FdbEntry *fdb_entry;
+static bool bridge_fdb_is_ready_to_configure(BridgeFDB *fdb, Link *link) {
+        Link *out = NULL;
+
+        assert(fdb);
+        assert(link);
+        assert(link->manager);
+
+        if (!link_is_ready_to_configure(link, false))
+                return false;
+
+        if (fdb->outgoing_ifname) {
+                if (link_get_by_name(link->manager, fdb->outgoing_ifname, &out) < 0)
+                        return false;
+
+                fdb->outgoing_ifindex = out->ifindex;
+        } else if (fdb->outgoing_ifindex > 0) {
+                if (link_get(link->manager, fdb->outgoing_ifindex, &out) < 0)
+                        return false;
+        }
+        if (out && !link_is_ready_to_configure(out, false))
+                return false;
+
+        return true;
+}
+
+int request_process_bridge_fdb(Request *req) {
+        assert(req);
+        assert(req->link);
+        assert(req->fdb);
+        assert(req->type == REQUEST_TYPE_BRIDGE_FDB);
+
+        if (!bridge_fdb_is_ready_to_configure(req->fdb, req->link))
+                return 0;
+
+        return bridge_fdb_configure(req->fdb, req->link, req->netlink_handler);
+}
+
+void network_drop_invalid_bridge_fdb_entries(Network *network) {
+        BridgeFDB *fdb;

        assert(network);

-        HASHMAP_FOREACH(fdb_entry, network->fdb_entries_by_section)
-                if (section_is_invalid(fdb_entry->section))
-                        fdb_entry_free(fdb_entry);
+        HASHMAP_FOREACH(fdb, network->bridge_fdb_entries_by_section)
+                if (section_is_invalid(fdb->section))
+                        bridge_fdb_free(fdb);
 }

 /* parse the HW address from config files. */
@ -204,8 +272,8 @@ int config_parse_fdb_hwaddr(
                void *data,
                void *userdata) {

+        _cleanup_(bridge_fdb_free_or_set_invalidp) BridgeFDB *fdb = NULL;
        Network *network = userdata;
-        _cleanup_(fdb_entry_free_or_set_invalidp) FdbEntry *fdb_entry = NULL;
        int r;

        assert(filename);
@ -214,18 +282,17 @@ int config_parse_fdb_hwaddr(
        assert(rvalue);
        assert(data);

-        r = fdb_entry_new_static(network, filename, section_line, &fdb_entry);
+        r = bridge_fdb_new_static(network, filename, section_line, &fdb);
        if (r < 0)
                return log_oom();

-        r = ether_addr_from_string(rvalue, &fdb_entry->mac_addr);
+        r = ether_addr_from_string(rvalue, &fdb->mac_addr);
        if (r < 0) {
                log_syntax(unit, LOG_WARNING, filename, line, r, "Not a valid MAC address, ignoring assignment: %s", rvalue);
                return 0;
        }

-        fdb_entry = NULL;
-
+        TAKE_PTR(fdb);
        return 0;
 }

@ -242,8 +309,8 @@ int config_parse_fdb_vlan_id(
                void *data,
                void *userdata) {

+        _cleanup_(bridge_fdb_free_or_set_invalidp) BridgeFDB *fdb = NULL;
        Network *network = userdata;
-        _cleanup_(fdb_entry_free_or_set_invalidp) FdbEntry *fdb_entry = NULL;
        int r;

        assert(filename);
@ -252,18 +319,17 @@ int config_parse_fdb_vlan_id(
        assert(rvalue);
        assert(data);

-        r = fdb_entry_new_static(network, filename, section_line, &fdb_entry);
+        r = bridge_fdb_new_static(network, filename, section_line, &fdb);
        if (r < 0)
                return log_oom();

        r = config_parse_vlanid(unit, filename, line, section,
                                section_line, lvalue, ltype,
-                                rvalue, &fdb_entry->vlan_id, userdata);
+                                rvalue, &fdb->vlan_id, userdata);
        if (r < 0)
                return r;

-        fdb_entry = NULL;
-
+        TAKE_PTR(fdb);
        return 0;
 }

@ -279,7 +345,7 @@ int config_parse_fdb_destination(
                void *data,
                void *userdata) {

-        _cleanup_(fdb_entry_free_or_set_invalidp) FdbEntry *fdb_entry = NULL;
+        _cleanup_(bridge_fdb_free_or_set_invalidp) BridgeFDB *fdb = NULL;
        Network *network = userdata;
        int r;

@ -289,11 +355,11 @@ int config_parse_fdb_destination(
        assert(rvalue);
        assert(data);

-        r = fdb_entry_new_static(network, filename, section_line, &fdb_entry);
+        r = bridge_fdb_new_static(network, filename, section_line, &fdb);
        if (r < 0)
                return log_oom();

-        r = in_addr_from_string_auto(rvalue, &fdb_entry->family, &fdb_entry->destination_addr);
+        r = in_addr_from_string_auto(rvalue, &fdb->family, &fdb->destination_addr);
        if (r < 0) {
                log_syntax(unit, LOG_WARNING, filename, line, r,
                           "FDB destination IP address is invalid, ignoring assignment: %s",
@ -301,8 +367,7 @@ int config_parse_fdb_destination(
                return 0;
        }

-        fdb_entry = NULL;
-
+        TAKE_PTR(fdb);
        return 0;
 }

@ -318,7 +383,7 @@ int config_parse_fdb_vxlan_vni(
                void *data,
                void *userdata) {

-        _cleanup_(fdb_entry_free_or_set_invalidp) FdbEntry *fdb_entry = NULL;
+        _cleanup_(bridge_fdb_free_or_set_invalidp) BridgeFDB *fdb = NULL;
        Network *network = userdata;
        uint32_t vni;
        int r;
@ -329,7 +394,7 @@ int config_parse_fdb_vxlan_vni(
        assert(rvalue);
        assert(data);

-        r = fdb_entry_new_static(network, filename, section_line, &fdb_entry);
+        r = bridge_fdb_new_static(network, filename, section_line, &fdb);
        if (r < 0)
                return log_oom();

@ -348,20 +413,20 @@ int config_parse_fdb_vxlan_vni(
                return 0;
        }

-        fdb_entry->vni = vni;
-        fdb_entry = NULL;
+        fdb->vni = vni;

+        TAKE_PTR(fdb);
        return 0;
 }

-static const char* const fdb_ntf_flags_table[_NEIGHBOR_CACHE_ENTRY_FLAGS_MAX] = {
+static const char* const ntf_flags_table[_NEIGHBOR_CACHE_ENTRY_FLAGS_MAX] = {
        [NEIGHBOR_CACHE_ENTRY_FLAGS_USE] = "use",
        [NEIGHBOR_CACHE_ENTRY_FLAGS_SELF] = "self",
        [NEIGHBOR_CACHE_ENTRY_FLAGS_MASTER] = "master",
        [NEIGHBOR_CACHE_ENTRY_FLAGS_ROUTER] = "router",
 };

-DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(fdb_ntf_flags, NeighborCacheEntryFlags);
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(ntf_flags, NeighborCacheEntryFlags);

 int config_parse_fdb_ntf_flags(
                const char *unit,
@ -375,7 +440,48 @@ int config_parse_fdb_ntf_flags(
                void *data,
                void *userdata) {

-        _cleanup_(fdb_entry_free_or_set_invalidp) FdbEntry *fdb_entry = NULL;
+        _cleanup_(bridge_fdb_free_or_set_invalidp) BridgeFDB *fdb = NULL;
+        Network *network = userdata;
+        NeighborCacheEntryFlags f;
+        int r;
+
+        assert(filename);
+        assert(section);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        r = bridge_fdb_new_static(network, filename, section_line, &fdb);
+        if (r < 0)
+                return log_oom();
+
+        f = ntf_flags_from_string(rvalue);
+        if (f < 0) {
+                log_syntax(unit, LOG_WARNING, filename, line, f,
+                           "FDB failed to parse AssociatedWith=, ignoring assignment: %s",
+                           rvalue);
+                return 0;
+        }
+
+        fdb->ntf_flags = f;
+
+        TAKE_PTR(fdb);
+        return 0;
+}
+
+int config_parse_fdb_interface(
+                const char *unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        _cleanup_(bridge_fdb_free_or_set_invalidp) BridgeFDB *fdb = NULL;
        Network *network = userdata;
        int r;

@ -385,20 +491,36 @@ int config_parse_fdb_ntf_flags(
        assert(rvalue);
        assert(data);

-        r = fdb_entry_new_static(network, filename, section_line, &fdb_entry);
+        r = bridge_fdb_new_static(network, filename, section_line, &fdb);
        if (r < 0)
                return log_oom();

-        NeighborCacheEntryFlags f = fdb_ntf_flags_from_string(rvalue);
-        if (f < 0) {
-                log_syntax(unit, LOG_WARNING, filename, line, f,
-                           "FDB failed to parse AssociatedWith=, ignoring assignment: %s",
-                           rvalue);
+        if (isempty(rvalue)) {
+                fdb->outgoing_ifname = mfree(fdb->outgoing_ifname);
+                fdb->outgoing_ifindex = 0;
+                TAKE_PTR(fdb);
                return 0;
        }

-        fdb_entry->fdb_ntf_flags = f;
-        fdb_entry = NULL;
+        r = parse_ifindex(rvalue);
+        if (r > 0) {
+                fdb->outgoing_ifname = mfree(fdb->outgoing_ifname);
+                fdb->outgoing_ifindex = r;
+                TAKE_PTR(fdb);
+                return 0;
+        }

+        if (!ifname_valid_full(rvalue, IFNAME_VALID_ALTERNATIVE)) {
+                log_syntax(unit, LOG_WARNING, filename, line, 0,
+                           "Invalid interface name in %s=, ignoring assignment: %s", lvalue, rvalue);
+                return 0;
+        }
+
+        r = free_and_strdup(&fdb->outgoing_ifname, rvalue);
+        if (r < 0)
+                return log_oom();
+        fdb->outgoing_ifindex = 0;
+
+        TAKE_PTR(fdb);
        return 0;
 }
--- a/src/network/networkd-bridge-fdb.h
+++ b/src/network/networkd-bridge-fdb.h
@ -11,10 +11,10 @@
 #include "conf-parser.h"
 #include "ether-addr-util.h"
 #include "in-addr-util.h"
-#include "networkd-util.h"

-typedef struct Network Network;
 typedef struct Link Link;
+typedef struct Network Network;
+typedef struct Request Request;

 typedef enum NeighborCacheEntryFlags {
        NEIGHBOR_CACHE_ENTRY_FLAGS_USE = NTF_USE,
@ -25,7 +25,7 @@ typedef enum NeighborCacheEntryFlags {
        _NEIGHBOR_CACHE_ENTRY_FLAGS_INVALID = -EINVAL,
 } NeighborCacheEntryFlags;

-typedef struct FdbEntry {
+typedef struct BridgeFDB {
        Network *network;
        NetworkConfigSection *section;

@ -36,17 +36,22 @@ typedef struct FdbEntry {

        struct ether_addr mac_addr;
        union in_addr_union destination_addr;
-        NeighborCacheEntryFlags fdb_ntf_flags;
-} FdbEntry;
+        NeighborCacheEntryFlags ntf_flags;
+        char *outgoing_ifname;
+        int outgoing_ifindex;
+} BridgeFDB;

-FdbEntry *fdb_entry_free(FdbEntry *fdb_entry);
+BridgeFDB *bridge_fdb_free(BridgeFDB *fdb);

-void network_drop_invalid_fdb_entries(Network *network);
+void network_drop_invalid_bridge_fdb_entries(Network *network);

-int link_set_bridge_fdb(Link *link);
+int link_request_static_bridge_fdb(Link *link);
+
+int request_process_bridge_fdb(Request *req);

 CONFIG_PARSER_PROTOTYPE(config_parse_fdb_hwaddr);
 CONFIG_PARSER_PROTOTYPE(config_parse_fdb_vlan_id);
 CONFIG_PARSER_PROTOTYPE(config_parse_fdb_destination);
 CONFIG_PARSER_PROTOTYPE(config_parse_fdb_vxlan_vni);
 CONFIG_PARSER_PROTOTYPE(config_parse_fdb_ntf_flags);
+CONFIG_PARSER_PROTOTYPE(config_parse_fdb_interface);
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@ -27,11 +27,11 @@
 #include "network-internal.h"
 #include "networkd-address-label.h"
 #include "networkd-address.h"
+#include "networkd-bridge-fdb.h"
 #include "networkd-can.h"
 #include "networkd-dhcp-server.h"
 #include "networkd-dhcp4.h"
 #include "networkd-dhcp6.h"
-#include "networkd-fdb.h"
 #include "networkd-ipv4ll.h"
 #include "networkd-ipv6-proxy-ndp.h"
 #include "networkd-link-bus.h"
@ -744,6 +744,9 @@ void link_check_ready(Link *link) {
                        return (void) log_link_debug(link, "%s(): an address %s is not ready.", __func__, strna(str));
                }

+        if (!link->static_bridge_fdb_configured)
+                return (void) log_link_debug(link, "%s(): static bridge MDB entries are not configured.", __func__);
+
        if (!link->static_neighbors_configured)
                return (void) log_link_debug(link, "%s(): static neighbors are not configured.", __func__);

@ -817,10 +820,6 @@ static int link_set_static_configs(Link *link) {
        assert(link->network);
        assert(link->state != _LINK_STATE_INVALID);

-        r = link_set_bridge_fdb(link);
-        if (r < 0)
-                return r;
-
        r = link_set_bridge_mdb(link);
        if (r < 0)
                return r;
@ -837,6 +836,10 @@ static int link_set_static_configs(Link *link) {
        if (r < 0)
                return r;

+        r = link_request_static_bridge_fdb(link);
+        if (r < 0)
+                return r;
+
        r = link_request_static_neighbors(link);
        if (r < 0)
                return r;
--- a/src/network/networkd-link.h
+++ b/src/network/networkd-link.h
@ -81,6 +81,7 @@ typedef struct Link {

        unsigned address_label_messages;
        unsigned static_address_messages;
+        unsigned static_bridge_fdb_messages;
        unsigned static_neighbor_messages;
        unsigned static_nexthop_messages;
        unsigned static_route_messages;
@ -122,6 +123,7 @@ typedef struct Link {
        bool ipv4ll_address_configured:1;

        bool static_addresses_configured:1;
+        bool static_bridge_fdb_configured:1;
        bool static_neighbors_configured:1;
        bool static_nexthops_configured:1;
        bool static_routes_configured:1;
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@ -9,12 +9,12 @@ _Pragma("GCC diagnostic ignored \"-Wimplicit-fallthrough\"")
 #include "net-condition.h"
 #include "networkd-address-label.h"
 #include "networkd-address.h"
+#include "networkd-bridge-fdb.h"
 #include "networkd-can.h"
 #include "networkd-dhcp-common.h"
 #include "networkd-dhcp-server.h"
 #include "networkd-dhcp4.h"
 #include "networkd-dhcp6.h"
-#include "networkd-fdb.h"
 #include "networkd-ipv4ll.h"
 #include "networkd-ipv6-proxy-ndp.h"
 #include "networkd-mdb.h"
@ -306,6 +306,7 @@ BridgeFDB.VLANId,                            config_parse_fdb_vlan_id,
 BridgeFDB.Destination,                       config_parse_fdb_destination,                             0,                             0
 BridgeFDB.VNI,                               config_parse_fdb_vxlan_vni,                               0,                             0
 BridgeFDB.AssociatedWith,                    config_parse_fdb_ntf_flags,                               0,                             0
+BridgeFDB.OutgoingInterface,                 config_parse_fdb_interface,                               0,                             0
 BridgeMDB.MulticastGroupAddress,             config_parse_mdb_group_address,                           0,                             0
 BridgeMDB.VLANId,                            config_parse_mdb_vlan_id,                                 0,                             0
 BridgeVLAN.PVID,                             config_parse_brvlan_pvid,                                 0,                             0
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@ -15,9 +15,9 @@
 #include "net-condition.h"
 #include "networkd-address-label.h"
 #include "networkd-address.h"
+#include "networkd-bridge-fdb.h"
 #include "networkd-dhcp-common.h"
 #include "networkd-dhcp-server.h"
-#include "networkd-fdb.h"
 #include "networkd-manager.h"
 #include "networkd-mdb.h"
 #include "networkd-ndisc.h"
@ -230,7 +230,7 @@ int network_verify(Network *network) {
        network_drop_invalid_addresses(network);
        network_drop_invalid_routes(network);
        network_drop_invalid_nexthops(network);
-        network_drop_invalid_fdb_entries(network);
+        network_drop_invalid_bridge_fdb_entries(network);
        network_drop_invalid_mdb_entries(network);
        network_drop_invalid_neighbors(network);
        network_drop_invalid_address_labels(network);
@ -598,7 +598,7 @@ static Network *network_free(Network *network) {
        ordered_hashmap_free_with_destructor(network->addresses_by_section, address_free);
        hashmap_free_with_destructor(network->routes_by_section, route_free);
        hashmap_free_with_destructor(network->nexthops_by_section, nexthop_free);
-        hashmap_free_with_destructor(network->fdb_entries_by_section, fdb_entry_free);
+        hashmap_free_with_destructor(network->bridge_fdb_entries_by_section, bridge_fdb_free);
        hashmap_free_with_destructor(network->mdb_entries_by_section, mdb_entry_free);
        hashmap_free_with_destructor(network->neighbors_by_section, neighbor_free);
        hashmap_free_with_destructor(network->address_labels_by_section, address_label_free);
@ -651,7 +651,7 @@ int network_get_by_name(Manager *manager, const char *name, Network **ret) {
 bool network_has_static_ipv6_configurations(Network *network) {
        Address *address;
        Route *route;
-        FdbEntry *fdb;
+        BridgeFDB *fdb;
        MdbEntry *mdb;
        Neighbor *neighbor;

@ -665,7 +665,7 @@ bool network_has_static_ipv6_configurations(Network *network) {
                if (route->family == AF_INET6)
                        return true;

-        HASHMAP_FOREACH(fdb, network->fdb_entries_by_section)
+        HASHMAP_FOREACH(fdb, network->bridge_fdb_entries_by_section)
                if (fdb->family == AF_INET6)
                        return true;

--- a/src/network/networkd-network.h
+++ b/src/network/networkd-network.h
@ -307,7 +307,7 @@ struct Network {
        OrderedHashmap *addresses_by_section;
        Hashmap *routes_by_section;
        Hashmap *nexthops_by_section;
-        Hashmap *fdb_entries_by_section;
+        Hashmap *bridge_fdb_entries_by_section;
        Hashmap *mdb_entries_by_section;
        Hashmap *neighbors_by_section;
        Hashmap *address_labels_by_section;
--- a/src/network/networkd-queue.c
+++ b/src/network/networkd-queue.c
@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */

 #include "networkd-address.h"
+#include "networkd-bridge-fdb.h"
 #include "networkd-manager.h"
 #include "networkd-neighbor.h"
 #include "networkd-nexthop.h"
@ -13,6 +14,9 @@ static void request_free_object(RequestType type, void *object) {
        case REQUEST_TYPE_ADDRESS:
                address_free(object);
                break;
+        case REQUEST_TYPE_BRIDGE_FDB:
+                bridge_fdb_free(object);
+                break;
        case REQUEST_TYPE_NEIGHBOR:
                neighbor_free(object);
                break;
@ -119,6 +123,9 @@ int manager_process_requests(sd_event_source *s, void *userdata) {
                        case REQUEST_TYPE_ADDRESS:
                                r = request_process_address(req);
                                break;
+                        case REQUEST_TYPE_BRIDGE_FDB:
+                                r = request_process_bridge_fdb(req);
+                                break;
                        case REQUEST_TYPE_NEIGHBOR:
                                r = request_process_neighbor(req);
                                break;
--- a/src/network/networkd-queue.h
+++ b/src/network/networkd-queue.h
@ -6,6 +6,7 @@
 #include "networkd-link.h"

 typedef struct Address Address;
+typedef struct BridgeFDB BridgeFDB;
 typedef struct Neighbor Neighbor;
 typedef struct NextHop NextHop;
 typedef struct Route Route;
@ -18,6 +19,7 @@ typedef void (*request_on_free_handler_t)(Request*);

 typedef enum RequestType {
        REQUEST_TYPE_ADDRESS,
+        REQUEST_TYPE_BRIDGE_FDB,
        REQUEST_TYPE_NEIGHBOR,
        REQUEST_TYPE_NEXTHOP,
        REQUEST_TYPE_ROUTE,
@ -32,6 +34,7 @@ typedef struct Request {
        bool consume_object;
        union {
                Address *address;
+                BridgeFDB *fdb;
                Neighbor *neighbor;
                NextHop *nexthop;
                Route *route;
--- a/test/fuzz/fuzz-network-parser/directives.network
+++ b/test/fuzz/fuzz-network-parser/directives.network
@ -58,6 +58,7 @@ MACAddress=
 Destination=
 VNI=
 AssociatedWith=
+OutgoingInterface=
 [BridgeMDB]
 MulticastGroupAddress=
 VLANId=
--- a/test/test-network/conf/vxlan.network
+++ b/test/test-network/conf/vxlan.network
@ -16,3 +16,4 @@ Destination=10.0.0.6
 [BridgeFDB]
 MACAddress=00:11:22:33:44:77
 Destination=10.0.0.7
+OutgoingInterface=test1
--- a/test/test-network/systemd-networkd-tests.py
+++ b/test/test-network/systemd-networkd-tests.py
@ -1645,7 +1645,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
        print(output)
        self.assertRegex(output, '00:11:22:33:44:55 dst 10.0.0.5 self permanent')
        self.assertRegex(output, '00:11:22:33:44:66 dst 10.0.0.6 self permanent')
-        self.assertRegex(output, '00:11:22:33:44:77 dst 10.0.0.7 self permanent')
+        self.assertRegex(output, '00:11:22:33:44:77 dst 10.0.0.7 via test1 self permanent')

        output = check_output(*networkctl_cmd, '-n', '0', 'status', 'vxlan99', env=env)
        print(output)
@ -1653,9 +1653,6 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
        self.assertRegex(output, 'Destination Port: 5555')
        self.assertRegex(output, 'Underlying Device: test1')

-        output = check_output('ip -d link show vxlan98')
-        print(output)
-
    def test_macsec(self):
        copy_unit_to_networkd_unit_path('25-macsec.netdev', '25-macsec.network', '25-macsec.key',
                                        'macsec.network', '12-dummy.netdev')