Re: [RFC PATCH] net: bridge: multicast: add support for L2 entries
On Sun, 2020-10-25 at 06:59 +, Vladimir Oltean wrote:
> On Wed, Oct 21, 2020 at 09:17:07AM +, Nikolay Aleksandrov wrote:
> > > diff --git a/include/uapi/linux/if_bridge.h
> > > b/include/uapi/linux/if_bridge.h
> > > index 4c687686aa8f..a25f6f9aa8c3 100644
> > > --- a/include/uapi/linux/if_bridge.h
> > > +++ b/include/uapi/linux/if_bridge.h
> > > @@ -520,12 +520,14 @@ struct br_mdb_entry {
> > > #define MDB_FLAGS_FAST_LEAVE (1 << 1)
> > > #define MDB_FLAGS_STAR_EXCL (1 << 2)
> > > #define MDB_FLAGS_BLOCKED(1 << 3)
> > > +#define MDB_FLAGS_L2 (1 << 5)
> >
> > I think this should be 4.
> >
>
> Shouldn't this be in sync with MDB_PG_FLAGS_L2 though? We also have
> MDB_PG_FLAGS_BLOCKED which is BIT(4).
Unfortunately they haven't been in sync from the start. MDB_FLAGS bit
0 is offload, while MDB_PG_FLAGS bit 0 is permanent. As you can see
here blocked is bit 3, while internally it's 4 due to the same reason.
We can't afford to skip 1 bit since this is uAPI and we only got 8
available bits. I wonder if we need these L2 bits at all, why not use
only proto == 0 to denote it's a L2 entry? I can't remember why I added
the bits back then, but until now proto == 0 wasn't allowed and the
kernel couldn't export it as such, so it seems possible to use it.
Re: [RFC PATCH] net: bridge: multicast: add support for L2 entries
On Sun, Oct 25, 2020 at 08:59:57AM +0200, Vladimir Oltean wrote:
> On Wed, Oct 21, 2020 at 09:17:07AM +, Nikolay Aleksandrov wrote:
> > > diff --git a/include/uapi/linux/if_bridge.h
> > > b/include/uapi/linux/if_bridge.h
> > > index 4c687686aa8f..a25f6f9aa8c3 100644
> > > --- a/include/uapi/linux/if_bridge.h
> > > +++ b/include/uapi/linux/if_bridge.h
> > > @@ -520,12 +520,14 @@ struct br_mdb_entry {
> > > #define MDB_FLAGS_FAST_LEAVE (1 << 1)
> > > #define MDB_FLAGS_STAR_EXCL (1 << 2)
> > > #define MDB_FLAGS_BLOCKED(1 << 3)
> > > +#define MDB_FLAGS_L2 (1 << 5)
> >
> > I think this should be 4.
> >
>
> Shouldn't this be in sync with MDB_PG_FLAGS_L2 though? We also have
> MDB_PG_FLAGS_BLOCKED which is BIT(4).
Never mind, I'll make it 4.
Re: [RFC PATCH] net: bridge: multicast: add support for L2 entries
On Wed, Oct 21, 2020 at 09:17:07AM +, Nikolay Aleksandrov wrote:
> > diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
> > index 4c687686aa8f..a25f6f9aa8c3 100644
> > --- a/include/uapi/linux/if_bridge.h
> > +++ b/include/uapi/linux/if_bridge.h
> > @@ -520,12 +520,14 @@ struct br_mdb_entry {
> > #define MDB_FLAGS_FAST_LEAVE (1 << 1)
> > #define MDB_FLAGS_STAR_EXCL(1 << 2)
> > #define MDB_FLAGS_BLOCKED (1 << 3)
> > +#define MDB_FLAGS_L2 (1 << 5)
>
> I think this should be 4.
>
Shouldn't this be in sync with MDB_PG_FLAGS_L2 though? We also have
MDB_PG_FLAGS_BLOCKED which is BIT(4).
Re: [RFC PATCH] net: bridge: multicast: add support for L2 entries
On Wed, 2020-10-21 at 09:17 +, Nikolay Aleksandrov wrote:
> On Sat, 2020-10-17 at 21:41 +0300, Vladimir Oltean wrote:
> > From: Nikolay Aleksandrov
> >
> > Extend the bridge multicast control and data path to configure routes
> > for L2 (non-IP) multicast groups.
> >
> > The uapi struct br_mdb_entry union u is extended with another variant,
> > interpretation, mac_addr, which does not change the structure size, and
> > which is valid when the MDB_FLAGS_L2 flag is found set.
> >
> > To be compatible with the forwarding code that is already in place,
> > which acts as an IGMP/MLD snooping bridge with querier capabilities, we
> > need to declare that for L2 MDB entries (for which there exists no such
> > thing as IGMP/MLD snooping/querying), that there is always a querier.
> > Otherwise, these entries would be flooded to all bridge ports and not
> > just to those that are members of the L2 multicast group.
> >
> > Needless to say, only permanent L2 multicast groups can be installed on
> > a bridge port.
> >
> > Signed-off-by: Nikolay Aleksandrov
> > Signed-off-by: Vladimir Oltean
> > ---
> > This patch is adapted from the version that Nikolay posted here:
> > https://lore.kernel.org/netdev/20200708090454.zvb6o7jr2woirw3i@skbuf/
> >
> > There, he marked the patch as "unfinished". I haven't made any major
> > modifications to it, but I've tested it and it appears to work ok,
> > including with offloading. Hence, I would appreciate some tips regarding
> > things that might be missing.
> >
>
> Hi,
> I almost missed this one, thank you for fixing it up. I was wondering if we
> can move br_ip's mac_addr in the "dst" union to save some space and reduce
> ops when matching, since we're also matching on the protocol field. In general
> do we need the ->l2 field at all, can we use proto == 0 ? In order to make it
> more readable it can be in a helper with a descriptive name so we don't wonder
> what proto == 0 meant later. A few more minor comments below.
>
Oh, one more thing, I don't think we validate that the dst mac that's being
added is actually a multicast one.
> > include/linux/if_bridge.h | 1 +
> > include/uapi/linux/if_bridge.h | 2 ++
> > net/bridge/br_device.c | 2 +-
> > net/bridge/br_input.c | 2 +-
> > net/bridge/br_mdb.c| 24
> > net/bridge/br_multicast.c | 12 ++--
> > net/bridge/br_private.h| 7 +--
> > 7 files changed, 40 insertions(+), 10 deletions(-)
> >
> > diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h
> > index 556caed00258..b135ad714383 100644
> > --- a/include/linux/if_bridge.h
> > +++ b/include/linux/if_bridge.h
> > @@ -26,6 +26,7 @@ struct br_ip {
> > struct in6_addr ip6;
> > #endif
> > } dst;
> > + unsigned char mac_addr[ETH_ALEN];
> > __be16 proto;
> > __u16 vid;
> > };
> > diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
> > index 4c687686aa8f..a25f6f9aa8c3 100644
> > --- a/include/uapi/linux/if_bridge.h
> > +++ b/include/uapi/linux/if_bridge.h
> > @@ -520,12 +520,14 @@ struct br_mdb_entry {
> > #define MDB_FLAGS_FAST_LEAVE (1 << 1)
> > #define MDB_FLAGS_STAR_EXCL(1 << 2)
> > #define MDB_FLAGS_BLOCKED (1 << 3)
> > +#define MDB_FLAGS_L2 (1 << 5)
>
> I think this should be 4.
>
> > __u8 flags;
> > __u16 vid;
> > struct {
> > union {
> > __be32 ip4;
> > struct in6_addr ip6;
> > + unsigned char mac_addr[ETH_ALEN];
> > } u;
> > __be16 proto;
> > } addr;
> > diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
> > index 6f742fee874a..06c28753b911 100644
> > --- a/net/bridge/br_device.c
> > +++ b/net/bridge/br_device.c
> > @@ -93,7 +93,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct
> > net_device *dev)
> >
> > mdst = br_mdb_get(br, skb, vid);
> > if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
> > - br_multicast_querier_exists(br, eth_hdr(skb)))
> > + br_multicast_querier_exists(br, eth_hdr(skb), mdst))
> > br_multicast_flood(mdst, skb, false, true);
> > else
> > br_flood(br, skb, BR_PKT_MULTICAST, false, true);
> > diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
> > index 59a318b9f646..d31b5c18c6a1 100644
> > --- a/net/bridge/br_input.c
> > +++ b/net/bridge/br_input.c
> > @@ -134,7 +134,7 @@ int br_handle_frame_finish(struct net *net, struct sock
> > *sk, struct sk_buff *skb
> > case BR_PKT_MULTICAST:
> > mdst = br_mdb_get(br, skb, vid);
> > if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
> > - br_multicast_querier_exists(br, eth_hdr(skb))) {
> > + br_multicast_querier_exists(br, eth_hdr(skb), mdst)) {
> > if ((mdst && mdst->
Re: [RFC PATCH] net: bridge: multicast: add support for L2 entries
On Sat, 2020-10-17 at 21:41 +0300, Vladimir Oltean wrote:
> From: Nikolay Aleksandrov
>
> Extend the bridge multicast control and data path to configure routes
> for L2 (non-IP) multicast groups.
>
> The uapi struct br_mdb_entry union u is extended with another variant,
> interpretation, mac_addr, which does not change the structure size, and
> which is valid when the MDB_FLAGS_L2 flag is found set.
>
> To be compatible with the forwarding code that is already in place,
> which acts as an IGMP/MLD snooping bridge with querier capabilities, we
> need to declare that for L2 MDB entries (for which there exists no such
> thing as IGMP/MLD snooping/querying), that there is always a querier.
> Otherwise, these entries would be flooded to all bridge ports and not
> just to those that are members of the L2 multicast group.
>
> Needless to say, only permanent L2 multicast groups can be installed on
> a bridge port.
>
> Signed-off-by: Nikolay Aleksandrov
> Signed-off-by: Vladimir Oltean
> ---
> This patch is adapted from the version that Nikolay posted here:
> https://lore.kernel.org/netdev/20200708090454.zvb6o7jr2woirw3i@skbuf/
>
> There, he marked the patch as "unfinished". I haven't made any major
> modifications to it, but I've tested it and it appears to work ok,
> including with offloading. Hence, I would appreciate some tips regarding
> things that might be missing.
>
Hi,
I almost missed this one, thank you for fixing it up. I was wondering if we
can move br_ip's mac_addr in the "dst" union to save some space and reduce
ops when matching, since we're also matching on the protocol field. In general
do we need the ->l2 field at all, can we use proto == 0 ? In order to make it
more readable it can be in a helper with a descriptive name so we don't wonder
what proto == 0 meant later. A few more minor comments below.
> include/linux/if_bridge.h | 1 +
> include/uapi/linux/if_bridge.h | 2 ++
> net/bridge/br_device.c | 2 +-
> net/bridge/br_input.c | 2 +-
> net/bridge/br_mdb.c| 24
> net/bridge/br_multicast.c | 12 ++--
> net/bridge/br_private.h| 7 +--
> 7 files changed, 40 insertions(+), 10 deletions(-)
>
> diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h
> index 556caed00258..b135ad714383 100644
> --- a/include/linux/if_bridge.h
> +++ b/include/linux/if_bridge.h
> @@ -26,6 +26,7 @@ struct br_ip {
> struct in6_addr ip6;
> #endif
> } dst;
> + unsigned char mac_addr[ETH_ALEN];
> __be16 proto;
> __u16 vid;
> };
> diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
> index 4c687686aa8f..a25f6f9aa8c3 100644
> --- a/include/uapi/linux/if_bridge.h
> +++ b/include/uapi/linux/if_bridge.h
> @@ -520,12 +520,14 @@ struct br_mdb_entry {
> #define MDB_FLAGS_FAST_LEAVE (1 << 1)
> #define MDB_FLAGS_STAR_EXCL (1 << 2)
> #define MDB_FLAGS_BLOCKED(1 << 3)
> +#define MDB_FLAGS_L2 (1 << 5)
I think this should be 4.
> __u8 flags;
> __u16 vid;
> struct {
> union {
> __be32 ip4;
> struct in6_addr ip6;
> + unsigned char mac_addr[ETH_ALEN];
> } u;
> __be16 proto;
> } addr;
> diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
> index 6f742fee874a..06c28753b911 100644
> --- a/net/bridge/br_device.c
> +++ b/net/bridge/br_device.c
> @@ -93,7 +93,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct
> net_device *dev)
>
> mdst = br_mdb_get(br, skb, vid);
> if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
> - br_multicast_querier_exists(br, eth_hdr(skb)))
> + br_multicast_querier_exists(br, eth_hdr(skb), mdst))
> br_multicast_flood(mdst, skb, false, true);
> else
> br_flood(br, skb, BR_PKT_MULTICAST, false, true);
> diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
> index 59a318b9f646..d31b5c18c6a1 100644
> --- a/net/bridge/br_input.c
> +++ b/net/bridge/br_input.c
> @@ -134,7 +134,7 @@ int br_handle_frame_finish(struct net *net, struct sock
> *sk, struct sk_buff *skb
> case BR_PKT_MULTICAST:
> mdst = br_mdb_get(br, skb, vid);
> if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
> - br_multicast_querier_exists(br, eth_hdr(skb))) {
> + br_multicast_querier_exists(br, eth_hdr(skb), mdst)) {
> if ((mdst && mdst->host_joined) ||
> br_multicast_is_router(br)) {
> local_rcv = true;
> diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
> index e15bab19a012..4decf3eb7001 100644
> --- a/net/bridge/br_mdb.c
> +++ b/net/bridge/br_mdb.c
> @@ -66,6 +66,8 @@ static void __mdb_entry_fill_flags(struct br_mdb_entry
[RFC PATCH] net: bridge: multicast: add support for L2 entries
From: Nikolay Aleksandrov
Extend the bridge multicast control and data path to configure routes
for L2 (non-IP) multicast groups.
The uapi struct br_mdb_entry union u is extended with another variant,
interpretation, mac_addr, which does not change the structure size, and
which is valid when the MDB_FLAGS_L2 flag is found set.
To be compatible with the forwarding code that is already in place,
which acts as an IGMP/MLD snooping bridge with querier capabilities, we
need to declare that for L2 MDB entries (for which there exists no such
thing as IGMP/MLD snooping/querying), that there is always a querier.
Otherwise, these entries would be flooded to all bridge ports and not
just to those that are members of the L2 multicast group.
Needless to say, only permanent L2 multicast groups can be installed on
a bridge port.
Signed-off-by: Nikolay Aleksandrov
Signed-off-by: Vladimir Oltean
---
This patch is adapted from the version that Nikolay posted here:
https://lore.kernel.org/netdev/20200708090454.zvb6o7jr2woirw3i@skbuf/
There, he marked the patch as "unfinished". I haven't made any major
modifications to it, but I've tested it and it appears to work ok,
including with offloading. Hence, I would appreciate some tips regarding
things that might be missing.
include/linux/if_bridge.h | 1 +
include/uapi/linux/if_bridge.h | 2 ++
net/bridge/br_device.c | 2 +-
net/bridge/br_input.c | 2 +-
net/bridge/br_mdb.c| 24
net/bridge/br_multicast.c | 12 ++--
net/bridge/br_private.h| 7 +--
7 files changed, 40 insertions(+), 10 deletions(-)
diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h
index 556caed00258..b135ad714383 100644
--- a/include/linux/if_bridge.h
+++ b/include/linux/if_bridge.h
@@ -26,6 +26,7 @@ struct br_ip {
struct in6_addr ip6;
#endif
} dst;
+ unsigned char mac_addr[ETH_ALEN];
__be16 proto;
__u16 vid;
};
diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
index 4c687686aa8f..a25f6f9aa8c3 100644
--- a/include/uapi/linux/if_bridge.h
+++ b/include/uapi/linux/if_bridge.h
@@ -520,12 +520,14 @@ struct br_mdb_entry {
#define MDB_FLAGS_FAST_LEAVE (1 << 1)
#define MDB_FLAGS_STAR_EXCL(1 << 2)
#define MDB_FLAGS_BLOCKED (1 << 3)
+#define MDB_FLAGS_L2 (1 << 5)
__u8 flags;
__u16 vid;
struct {
union {
__be32 ip4;
struct in6_addr ip6;
+ unsigned char mac_addr[ETH_ALEN];
} u;
__be16 proto;
} addr;
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 6f742fee874a..06c28753b911 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -93,7 +93,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct
net_device *dev)
mdst = br_mdb_get(br, skb, vid);
if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
- br_multicast_querier_exists(br, eth_hdr(skb)))
+ br_multicast_querier_exists(br, eth_hdr(skb), mdst))
br_multicast_flood(mdst, skb, false, true);
else
br_flood(br, skb, BR_PKT_MULTICAST, false, true);
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 59a318b9f646..d31b5c18c6a1 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -134,7 +134,7 @@ int br_handle_frame_finish(struct net *net, struct sock
*sk, struct sk_buff *skb
case BR_PKT_MULTICAST:
mdst = br_mdb_get(br, skb, vid);
if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
- br_multicast_querier_exists(br, eth_hdr(skb))) {
+ br_multicast_querier_exists(br, eth_hdr(skb), mdst)) {
if ((mdst && mdst->host_joined) ||
br_multicast_is_router(br)) {
local_rcv = true;
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index e15bab19a012..4decf3eb7001 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -66,6 +66,8 @@ static void __mdb_entry_fill_flags(struct br_mdb_entry *e,
unsigned char flags)
e->flags |= MDB_FLAGS_STAR_EXCL;
if (flags & MDB_PG_FLAGS_BLOCKED)
e->flags |= MDB_FLAGS_BLOCKED;
+ if (flags & MDB_PG_FLAGS_L2)
+ e->flags |= MDB_FLAGS_L2;
}
static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry, struct br_ip *ip,
@@ -87,6 +89,8 @@ static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry,
struct br_ip *ip,
ip->src.ip6 =
nla_get_in6_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
break;
#endif
+ default:
+ ether_addr_copy(ip->mac_addr, entry->addr.u.mac_addr);
}
}
@@ -174,9 +178,11 @@ static int
