Hi,
On Mon, Feb 19, 2024 at 01:54:32PM +0800, Yujie Liu wrote:
> Hi Ido,
>
> I'm from the kernel test robot team. We noticed that this patch
> introduced a new group of flush tests. The bot cannot parse the test
> result correctly due to some duplicate output in the summary, such
> as the
Add test cases to verify the behavior of the MDB bulk deletion
functionality in the VXLAN driver.
Signed-off-by: Ido Schimmel
Acked-by: Petr Machata
---
tools/testing/selftests/net/test_vxlan_mdb.sh | 201 +-
1 file changed, 199 insertions(+), 2 deletions(-)
diff --git a/tools
Add test cases to verify the behavior of the MDB bulk deletion
functionality in the bridge driver.
Signed-off-by: Ido Schimmel
Acked-by: Petr Machata
---
.../selftests/net/forwarding/bridge_mdb.sh| 191 +-
1 file changed, 189 insertions(+), 2 deletions(-)
diff --git
Now that both the common code as well as individual drivers support MDB
bulk deletion, allow user space to make such requests.
Signed-off-by: Ido Schimmel
Reviewed-by: Petr Machata
---
net/core/rtnetlink.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core
Implement MDB bulk deletion support in the VXLAN driver, allowing MDB
entries to be deleted in bulk according to provided parameters.
Signed-off-by: Ido Schimmel
Reviewed-by: Petr Machata
---
drivers/net/vxlan/vxlan_core.c| 1 +
drivers/net/vxlan/vxlan_mdb.c | 174
policy and choosing the correct policy
based on the presence of the 'NLM_F_BULK' flag in the netlink message
header. Use nlmsg_parse() for strict validation.
Signed-off-by: Ido Schimmel
Reviewed-by: Petr Machata
---
net/core/rtnetlink.c | 51 ++--
1 file
Invoke the new MDB bulk deletion device operation when the 'NLM_F_BULK'
flag is set in the netlink message header.
Signed-off-by: Ido Schimmel
Reviewed-by: Petr Machata
---
net/core/rtnetlink.c | 8
1 file changed, 8 insertions(+)
diff --git a/net/core/rtnetlink.c b/net/core
Implement MDB bulk deletion support in the bridge driver, allowing MDB
entries to be deleted in bulk according to provided parameters.
Signed-off-by: Ido Schimmel
Reviewed-by: Petr Machata
---
net/bridge/br_device.c | 1 +
net/bridge/br_mdb.c | 133
can be found here [1].
https://github.com/idosch/iproute2/tree/submit/mdb_flush_v1
Ido Schimmel (9):
bridge: add MDB state mask uAPI attribute
rtnetlink: bridge: Use a different policy for MDB bulk delete
net: Add MDB bulk deletion device operation
rtnetlink: bridge: Invoke MDB bulk deletio
Add MDB net device operation that will be invoked by rtnetlink code in
response to received 'RTM_DELMDB' messages with the 'NLM_F_BULK' flag
set. Subsequent patches will implement the operation in the bridge and
VXLAN drivers.
Signed-off-by: Ido Schimmel
Reviewed-by: Petr Machata
---
include
API to bulk delete
MDB entries with a certain state or any state.
Signed-off-by: Ido Schimmel
Reviewed-by: Petr Machata
---
include/uapi/linux/if_bridge.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
index 2e23f99dc0f1
Test the new MDB get functionality by converting dump and grep to MDB
get.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
tools/testing/selftests/net/test_vxlan_mdb.sh | 108 +-
1 file changed, 54 insertions(+), 54 deletions(-)
diff --git a/tools/testing
Test the new MDB get functionality by converting dump and grep to MDB
get.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
.../selftests/net/forwarding/bridge_mdb.sh| 184 +++---
1 file changed, 71 insertions(+), 113 deletions(-)
diff --git a/tools/testing
other get handlers, the allocation of the skb
containing the response is not performed in the common rtnetlink code as
the size is variable and needs to be determined by the respective
driver.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/core/rtnetlink.c | 89
Implement support for MDB get operation by looking up a matching MDB
entry, allocating the skb according to the entry's size and then filling
in the response.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
drivers/net/vxlan/vxlan_core.c| 1 +
drivers/net/vxlan/vxlan_mdb.c
is determined and when the reply is filled in.
Signed-off-by: Ido Schimmel
---
Notes:
v2:
* Add a comment above spin_lock_bh().
net/bridge/br_device.c | 1 +
net/bridge/br_mdb.c | 158
net/bridge/br_private.h | 9 +++
3 files changed, 168
Add MDB net device operation that will be invoked by rtnetlink code in
response to received RTM_GETMDB messages. Subsequent patches will
implement the operation in the bridge and VXLAN drivers.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
include/linux/netdevice.h | 4
1
).
An example request will look as follows:
[ struct nlmsghdr ]
[ struct br_port_msg ]
[ MDBA_GET_ENTRY ]
struct br_mdb_entry
[ MDBA_GET_ENTRY_ATTRS ]
[ MDBE_ATTR_SOURCE ]
struct in_addr / struct in6_addr
[ MDBE_ATTR_SRC_VNI ]
u32
Signed-off-by: Ido
to calculate the size
of an individual remote entry. When determining the size of the reply
this helper will be invoked for each remote entry in the MDB entry.
No functional changes intended.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
drivers/net/vxlan/vxlan_mdb.c | 28
Adjust the function's arguments and rename it to allow it to be reused
by future call sites that only have access to 'struct
vxlan_mdb_entry_key', but not to 'struct vxlan_mdb_config'.
No functional changes intended.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
drivers/net
to calculate the size
of an individual port group entry. When determining the size of the
reply this helper will be invoked for each port group entry in the MDB
entry.
No functional changes intended.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_mdb.c | 20
The current name is going to conflict with the upcoming net device
operation for the MDB get operation.
Rename the function to br_mdb_entry_skb_get(). No functional changes
intended.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_device.c| 2 +-
net/bridge
The 'MDBA_MDB' and 'MDBA_MDB_ENTRY' nest attributes are not accounted
for when calculating the size of MDB notifications. Add them along with
comments for existing attributes.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_mdb.c | 15 +++
1 file changed
dev br0
dev br0 port swp1 grp 239.1.1.1 permanent
dev br0 port br0 grp ff02::6a temp
dev br0 port br0 grp ff02::1:ffeb:1a4d temp
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_mdb.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net
ckets per second
> # bridge fdb | grep -v permanent | wc -l
> 256
> # ip -d link show dev br
> 13: br: mtu 1500 [...]
> [...] fdb_n_learned 256 fdb_max_learned 256
>
> Signed-off-by: Johannes Nixdorf
Reviewed-by: Ido Schimmel
On Mon, Oct 16, 2023 at 03:27:23PM +0200, Johannes Nixdorf wrote:
> Set any new attributes added to br_policy to be parsed strictly, to
> prevent userspace from passing garbage.
>
> Signed-off-by: Johannes Nixdorf
Reviewed-by: Ido Schimmel
On Tue, Oct 17, 2023 at 12:24:44PM +0300, Nikolay Aleksandrov wrote:
> On 10/16/23 16:12, Ido Schimmel wrote:
> > Implement support for MDB get operation by looking up a matching MDB
> > entry, allocating the skb according to the entry's size and then filling
> > in the re
On Tue, Oct 17, 2023 at 12:08:30PM +0300, Nikolay Aleksandrov wrote:
> On 10/16/23 16:12, Ido Schimmel wrote:
> > Add MDB get attributes that correspond to the MDB set attributes used in
> > RTM_NEWMDB messages. Specifically, add 'MDBA_GET_ENTRY' which will hold
> > a
Test the new MDB get functionality by converting dump and grep to MDB
get.
Signed-off-by: Ido Schimmel
---
tools/testing/selftests/net/test_vxlan_mdb.sh | 108 +-
1 file changed, 54 insertions(+), 54 deletions(-)
diff --git a/tools/testing/selftests/net/test_vxlan_mdb.sh
b
Test the new MDB get functionality by converting dump and grep to MDB
get.
Signed-off-by: Ido Schimmel
---
.../selftests/net/forwarding/bridge_mdb.sh| 184 +++---
1 file changed, 71 insertions(+), 113 deletions(-)
diff --git a/tools/testing/selftests/net/forwarding
other get handlers, the allocation of the skb
containing the response is not performed in the common rtnetlink code as
the size is variable and needs to be determined by the respective
driver.
Signed-off-by: Ido Schimmel
---
net/core/rtnetlink.c | 89 +++-
1
is determined and when the reply is filled in.
Signed-off-by: Ido Schimmel
---
net/bridge/br_device.c | 1 +
net/bridge/br_mdb.c | 154
net/bridge/br_private.h | 9 +++
3 files changed, 164 insertions(+)
diff --git a/net/bridge/br_device.c b/net/bridge
Implement support for MDB get operation by looking up a matching MDB
entry, allocating the skb according to the entry's size and then filling
in the response.
Signed-off-by: Ido Schimmel
---
drivers/net/vxlan/vxlan_core.c| 1 +
drivers/net/vxlan/vxlan_mdb.c | 150
Add MDB net device operation that will be invoked by rtnetlink code in
response to received RTM_GETMDB messages. Subsequent patches will
implement the operation in the bridge and VXLAN drivers.
Signed-off-by: Ido Schimmel
---
include/linux/netdevice.h | 4
1 file changed, 4 insertions
Adjust the function's arguments and rename it to allow it to be reused
by future call sites that only have access to 'struct
vxlan_mdb_entry_key', but not to 'struct vxlan_mdb_config'.
No functional changes intended.
Signed-off-by: Ido Schimmel
---
drivers/net/vxlan/vxlan_mdb.c | 10
to calculate the size
of an individual remote entry. When determining the size of the reply
this helper will be invoked for each remote entry in the MDB entry.
No functional changes intended.
Signed-off-by: Ido Schimmel
---
drivers/net/vxlan/vxlan_mdb.c | 28 +++-
1 file changed, 19
).
An example request will look as follows:
[ struct nlmsghdr ]
[ struct br_port_msg ]
[ MDBA_GET_ENTRY ]
struct br_mdb_entry
[ MDBA_GET_ENTRY_ATTRS ]
[ MDBE_ATTR_SOURCE ]
struct in_addr / struct in6_addr
[ MDBE_ATTR_SRC_VNI ]
u32
Signed-off-by: Ido
to calculate the size
of an individual port group entry. When determining the size of the
reply this helper will be invoked for each port group entry in the MDB
entry.
No functional changes intended.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 20 +---
1 file changed, 13
The current name is going to conflict with the upcoming net device
operation for the MDB get operation.
Rename the function to br_mdb_entry_skb_get(). No functional changes
intended.
Signed-off-by: Ido Schimmel
---
net/bridge/br_device.c| 2 +-
net/bridge/br_input.c | 2 +-
net
dev br0
dev br0 port swp1 grp 239.1.1.1 permanent
dev br0 port br0 grp ff02::6a temp
dev br0 port br0 grp ff02::1:ffeb:1a4d temp
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 7305f5f8215c
The 'MDBA_MDB' and 'MDBA_MDB_ENTRY' nest attributes are not accounted
for when calculating the size of MDB notifications. Add them along with
comments for existing attributes.
Signed-off-by: Ido Schimmel
---
net/bridge/br_mdb.c | 15 +++
1 file changed, 11 insertions(+), 4 deletions
and invokes its MDB get NDO.
Patches #12-#13 add selftests by converting tests that use MDB dump with
grep to the new MDB get functionality.
iproute2 changes can be found here [1].
[1] https://github.com/idosch/iproute2/tree/submit/mdb_get_v1
Ido Schimmel (13):
bridge: mcast: Dump MDB entries
On Thu, Sep 21, 2023 at 01:19:44PM +0300, Nikolay Aleksandrov wrote:
> I'm not strongly against, just IMO it is unnecessary. I won't block the set
> because of this, but it would be nice to get input from others as
> well. If you can recompile your kernel to set a limit, it should be easier
> to
here, as there are multiple callers that modify the
> flags, but are not under a common lock (br_fdb_update is the exception
> for br->hash_lock, br_fdb_external_learn_add for RTNL).
>
> Signed-off-by: Johannes Nixdorf
Reviewed-by: Ido Schimmel
ff-by: Johannes Nixdorf
Reviewed-by: Ido Schimmel
Add test cases for bridge backup port and backup nexthop ID, testing
both good and bad flows.
Example truncated output:
# ./test_bridge_backup_port.sh
[...]
Tests passed: 83
Tests failed: 0
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
tools/testing/selftests/net
not exist, or represents an
invalid nexthop object, the VXLAN driver will drop the skb. This
relieves the bridge driver from the need to validate the ID.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
include/uapi/linux/if_link.h | 1 +
net/bridge/br_forward.c | 1 +
net
/20230713070925.3955850-1-ido...@nvidia.com/
Ido Schimmel (4):
ip_tunnels: Add nexthop ID field to ip_tunnel_key
vxlan: Add support for nexthop ID metadata
bridge: Add backup nexthop ID support
selftests: net: Add bridge backup port and backup nexthop ID test
drivers/net/vxlan/vxlan_core.c
/ collect metadata mode and the tunnel info attached to the skb
is of bridge type, extract the nexthop ID from the tunnel info. If the
ID is valid (i.e., non-zero), forward the skb via the nexthop object
associated with the ID, as if the skb hit an FDB entry associated with
this ID.
Signed-off-by: Ido
the target host.
Signed-off-by: Ido Schimmel
Reviewed-by: Nikolay Aleksandrov
---
include/net/ip_tunnels.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h
index ed4b6ad3fcac..e8750b4ef7e1 100644
--- a/include/net/ip_tunnels.h
+++ b/include/net
Add test cases for bridge backup port and backup nexthop ID, testing
both good and bad flows.
Example truncated output:
# ./test_bridge_backup_port.sh
[...]
Tests passed: 83
Tests failed: 0
Signed-off-by: Ido Schimmel
---
tools/testing/selftests/net/Makefile | 1
not exist, or represents an
invalid nexthop object, the VXLAN driver will drop the skb. This
relieves the bridge driver from the need to validate the ID.
Signed-off-by: Ido Schimmel
---
include/uapi/linux/if_link.h | 1 +
net/bridge/br_forward.c | 1 +
net/bridge/br_netlink.c | 12
/ collect metadata mode and the tunnel info attached to the skb
is of bridge type, extract the nexthop ID from the tunnel info. If the
ID is valid (i.e., non-zero), forward the skb via the nexthop object
associated with the ID, as if the skb hit an FDB entry associated with
this ID.
Signed-off-by: Ido
here [3].
[1] https://datatracker.ietf.org/doc/html/rfc7432#section-7.1
[2] https://datatracker.ietf.org/doc/html/rfc7432#section-7.2
[3] https://github.com/idosch/iproute2/tree/submit/backup_nhid_v1
Ido Schimmel (4):
ip_tunnels: Add nexthop ID field to ip_tunnel_key
vxlan: Add support
the target host.
Signed-off-by: Ido Schimmel
---
include/net/ip_tunnels.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h
index ed4b6ad3fcac..e8750b4ef7e1 100644
--- a/include/net/ip_tunnels.h
+++ b/include/net/ip_tunnels.h
@@ -52,6 +52,7
uggested-by: Harry Coin
> Link:
> https://lore.kernel.org/netdev/0f531295-e289-022d-5add-5ceffa0df...@quietfountain.com/
> Suggested-by: Ido Schimmel
> Signed-off-by: Kuniyuki Iwashima
Reviewed-by: Ido Schimmel
On Tue, Jul 11, 2023 at 04:54:15PM -0700, Kuniyuki Iwashima wrote:
> When we create an L2 loop on a bridge in netns, we will see packets storm
> even if STP is enabled.
>
> # unshare -n
> # ip link add br0 type bridge
> # ip link add veth0 type veth peer name veth1
> # ip link set veth0
On Wed, Jul 12, 2023 at 05:52:09PM +0300, Nikolay Aleksandrov wrote:
> I'd prefer this approach to changing user-visible behaviour and potential
> regressions.
> Just change the warning message.
Yea, I noticed after sending that the message no longer fits :)
else
> br_port_set_promisc(p);
IIUC, you are basically saying "If the port does not support unicast
filtering, then set it to promiscuous mode right away instead of waiting
for the addition of the first FDB entry to trigger it."
If so, LG
On Mon, Jun 19, 2023 at 09:14:42AM +0200, Johannes Nixdorf wrote:
> A malicious actor behind one bridge port may spam the kernel with packets
> with a random source MAC address, each of which will create an FDB entry,
> each of which is a dynamic allocation in the kernel.
>
> There are roughly
On Mon, Jun 19, 2023 at 09:14:41AM +0200, Johannes Nixdorf wrote:
> This allows the called fdb_create to detect that the entry was added by
> the user early in the process. This is in preparation to adding limits
> in fdb_create that should not apply to user created fdb entries.
Use imperative
Please see the following link regarding posting of iproute2 patches:
https://www.kernel.org/doc/html/latest/process/maintainer-netdev.html#co-posting-changes-to-user-space-components
On Mon, Jun 19, 2023 at 09:14:44AM +0200, Johannes Nixdorf wrote:
> Support setting the FDB limit through ip
- Broadcast [ OK ]
Signed-off-by: Ido Schimmel
---
Notes:
v2:
* Test that broadcast does not hit miss filter.
.../testing/selftests/net/forwarding/Makefile | 1 +
.../net/forwarding/tc_flower_l2_miss.sh | 350 ++
2 files
Add the 'fdb_miss' key element to supported key blocks and make use of
it to match on layer 2 miss.
The key is only supported on Spectrum-{2,3,4}. An error is returned for
Spectrum-1 since the key element is not present in any of its key
blocks.
Signed-off-by: Ido Schimmel
---
Notes:
v2
Currently, mlxsw only supports the 'ingress_ifindex' field in the
'FLOW_DISSECTOR_KEY_META' key, but subsequent patches are going to add
support for the 'l2_miss' field as well. It is valid to only match on
'l2_miss' without 'ingress_ifindex', so do not force matching on it.
Signed-off-by: Ido
.
Signed-off-by: Ido Schimmel
---
Notes:
v2:
* New patch.
.../ethernet/mellanox/mlxsw/spectrum_flower.c | 54 +++
1 file changed, 33 insertions(+), 21 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
b/drivers/net/ethernet/mellanox/mlxsw
skip_sw l2_miss true
action drop
Error: mlxsw_spectrum: Can't match on "l2_miss".
We have an error talking to the kernel
Acked-by: Elad Nachman
Signed-off-by: Ido Schimmel
---
Notes:
v2:
* Expand commit message to explain why some users were not patched.
.../net/ethern
ev swp1 egress proto all handle 101 pref 1 flower
# ./tc_skb_ext_tc.py
tc_skb_ext_tc reference count is 0
Signed-off-by: Ido Schimmel
---
Notes:
v2:
* Split flow_dissector changes to a previous patch.
* Use tc skb extension instead of 'skb->l2_miss'.
include/uapi/linux/pkt_c
on
layer 2 misses.
Signed-off-by: Ido Schimmel
---
Notes:
v2:
* Split from flower patch.
* Use tc skb extension instead of 'skb->l2_miss'.
include/net/flow_dissector.h | 2 ++
net/core/flow_dissector.c| 10 ++
2 files changed, 12 insertions(+)
diff --git a/include/
on the new 'l2_miss' bit and enable / disable the static key when
filters that match on it are added / deleted.
Signed-off-by: Ido Schimmel
---
Notes:
v2:
* Use tc skb extension instead of adding a bit to the skb.
* Do not mark broadcast packets as they never perform a lookup and
the
b.com/idosch/iproute2/tree/submit/non_df_filter_v1
[4] https://lore.kernel.org/netdev/20230518113328.1952135-1-ido...@nvidia.com/
[5] https://lore.kernel.org/netdev/20230509070446.246088-1-ido...@nvidia.com/
Ido Schimmel (8):
skbuff: bridge: Add layer 2 miss indication
flow_dissector: Dissec
On Tue, May 23, 2023 at 11:04:27AM +0200, Paolo Abeni wrote:
> I think you would only need to set/add the extension when l2_miss is
> true, right? (with no extension l2 hit is assumed). That will avoid
> unneeded overhead for br_dev_xmit().
If an extension is already present (possibly with
On Fri, May 19, 2023 at 02:52:18PM -0700, Jakub Kicinski wrote:
> On Fri, 19 May 2023 16:51:48 +0300 Ido Schimmel wrote:
> > diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
> > index fc17b9fd93e6..274e55455b15 100644
> > --- a/net/bridge/br_input.c
> >
On Fri, May 19, 2023 at 01:33:00PM +0200, Simon Horman wrote:
> On Thu, May 18, 2023 at 02:33:26PM +0300, Ido Schimmel wrote:
> > Adjust drivers that support the 'FLOW_DISSECTOR_KEY_META' key to reject
> > filters that try to match on the newly added layer 2 miss option. Add an
>
On Thu, May 18, 2023 at 07:08:47PM +0300, Nikolay Aleksandrov wrote:
> On 18/05/2023 14:33, Ido Schimmel wrote:
> > diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
> > index fc17b9fd93e6..d8ab5890cbe6 100644
> > --- a/net/bridge/br_input.c
> > +++ b/net/brid
- Broadcast [ OK ]
Signed-off-by: Ido Schimmel
---
.../testing/selftests/net/forwarding/Makefile | 1 +
.../net/forwarding/tc_flower_l2_miss.sh | 343 ++
2 files changed, 344 insertions(+)
create mode 100755 tools/testing/selftests
tc_index; /* 134 2 */
u16alloc_cpu;/* 136 2 */
[...]
} __attribute__((__aligned__(8)));
Signed-off-by: Ido Schimmel
---
include/linux/skbuff.h | 4
net/bridge/br_device.c | 1 +
net/bridge/br_forward.c | 3 +++
net/bridge/br_inp
org/doc/html/rfc7432#section-8.5
[3] https://github.com/idosch/iproute2/tree/submit/non_df_filter_v1
[4] https://lore.kernel.org/netdev/20230509070446.246088-1-ido...@nvidia.com/
Ido Schimmel (5):
skbuff: bridge: Add layer 2 miss indication
net/sched: flower: Allow matching on layer 2 miss
we need to match on 01b or 11b. Therefore, only
match on the LSB in order to differentiate between both cases of
'l2_miss'.
Tested on Spectrum-{1,2,3,4}.
Signed-off-by: Ido Schimmel
---
.../mellanox/mlxsw/core_acl_flex_keys.c | 1 +
.../mellanox/mlxsw/core_acl_flex_keys.h | 3
Add the 'TCA_FLOWER_L2_MISS' netlink attribute that allows user space to
match on packets that encountered a layer 2 miss. The miss indication is
set as metadata in the skb by the bridge driver upon FDB/MDB lookup
miss.
Signed-off-by: Ido Schimmel
---
include/net/flow_dissector.h | 2
l2_miss true
action drop
Error: mlxsw_spectrum: Can't match on "l2_miss".
We have an error talking to the kernel
Acked-by: Elad Nachman
Signed-off-by: Ido Schimmel
---
.../net/ethernet/marvell/prestera/prestera_flower.c| 6 ++
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
we need to match on 01b or 11b. Therefore, only
match on the LSB in order to differentiate between both cases of
'l2_miss'.
Tested on Spectrum-{1,2,3,4}.
Signed-off-by: Ido Schimmel
---
.../mellanox/mlxsw/core_acl_flex_keys.c | 1 +
.../mellanox/mlxsw/core_acl_flex_keys.h | 3
- Broadcast [ OK ]
Signed-off-by: Ido Schimmel
---
.../testing/selftests/net/forwarding/Makefile | 1 +
.../net/forwarding/tc_flower_l2_miss.sh | 343 ++
2 files changed, 344 insertions(+)
create mode 100755 tools/testing/selftests
Add the 'TCA_FLOWER_L2_MISS' netlink attribute that allows user space to
match on packets that encountered a layer 2 miss. The miss indication is
set as metadata in the skb by the bridge driver upon FDB/MDB lookup
miss.
Signed-off-by: Ido Schimmel
---
include/net/flow_dissector.h | 2
tc_index; /* 134 2 */
u16alloc_cpu;/* 136 2 */
[...]
} __attribute__((__aligned__(8)));
Signed-off-by: Ido Schimmel
---
include/linux/skbuff.h | 4
net/bridge/br_device.c | 1 +
net/bridge/br_forward.c | 3 +++
net/bridge/br_inp
l2_miss true
action drop
Error: mlxsw_spectrum: Can't match on "l2_miss".
We have an error talking to the kernel
Signed-off-by: Ido Schimmel
---
.../net/ethernet/marvell/prestera/prestera_flower.c| 6 ++
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c| 6 ++
d
idosch/iproute2/tree/submit/non_df_filter_v1
Ido Schimmel (5):
skbuff: bridge: Add layer 2 miss indication
net/sched: flower: Allow matching on layer 2 miss
flow_offload: Reject matching on layer 2 miss
mlxsw: spectrum_flower: Add ability to match on layer 2 miss
selftests: forwarding: A
On Mon, Apr 24, 2023 at 05:25:08PM +0800, Hangbin Liu wrote:
> Hi,
>
> Maybe someone already has asked. The only official Linux bridge document I
> got is a very ancient wiki page[1] or the ip link man page[2][3]. As there are
> many bridge stp/vlan/multicast paramegers. Should we add a detailed
oelwus@skbuf/
> Signed-off-by: Vladimir Oltean
> Reviewed-by: Jesse Brandeburg
Reviewed-by: Ido Schimmel
Tested-by: Ido Schimmel
swp1 | jq '.[]["neigh_vlan_suppress"]'
true
# bridge link set dev swp1 neigh_vlan_suppress off
# bridge -d -j -p link show dev swp1 | jq '.[]["neigh_vlan_suppress"]'
false
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
include/uapi/linux/if_link.h | 1 +
ne
Add test cases for bridge neighbor suppression, testing both per-port
and per-{Port, VLAN} neighbor suppression with both ARP and NS packets.
Example truncated output:
# ./test_bridge_neigh_suppress.sh
[...]
Tests passed: 148
Tests failed: 0
Signed-off-by: Ido Schimmel
Acked-by: Nikolay
0 neigh_suppress on
Error: bridge: Can't set neigh_suppress for non-port vlans.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
include/uapi/linux/if_bridge.h | 1 +
net/bridge/br_vlan.c | 1 +
net/bridge/br_vlan_options.c | 20 +++-
3 files changed, 21 i
-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_arp_nd_proxy.c | 15 ++-
net/bridge/br_forward.c | 3 ++-
net/bridge/br_private.h | 1 +
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/net/bridge/br_arp_nd_proxy.c b/net/bridge
enabled, then fallback to
determine neighbor suppression based on the 'BR_NEIGH_SUPPRESS' flag.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_arp_nd_proxy.c | 18 +-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/net/bridge
is also set if per-{Port, VLAN} neighbor suppression is
enabled. That is, when the 'BR_NEIGH_VLAN_SUPPRESS' flag is set on at
least one bridge port.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_arp_nd_proxy.c | 2 +-
net/bridge/br_if.c | 2 +-
2 files
. 'BR_VLFLAG_NEIGH_SUPPRESS_ENABLED': A per-VLAN flag used to indicate
that neighbor suppression is enabled on the given VLAN.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
include/linux/if_bridge.h | 1 +
net/bridge/br_private.h | 1 +
2 files changed, 2 insertions(+)
diff --git a/include
Subsequent patches are going to add per-{Port, VLAN} neighbor
suppression, which will require br_flood() to potentially suppress ARP /
NS packets on a per-{Port, VLAN} basis.
As a preparation, pass the VLAN ID of the packet as another argument to
br_flood().
Signed-off-by: Ido Schimmel
Acked
a VLAN lookup will be required.
Therefore, instead of unnecessarily performing this lookup for every
packet, only perform it for ARP / NS packets for which a reply was sent.
Signed-off-by: Ido Schimmel
Acked-by: Nikolay Aleksandrov
---
net/bridge/br_forward.c | 4 ++--
1 file changed, 2
//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a42317785c898c0ed46db45a33b0cc71b671bf29
[3] https://github.com/idosch/iproute2/tree/submit/neigh_suppress_v1
[4] https://lore.kernel.org/netdev/20230413095830.2182382-1-ido...@nvidia.com/
Ido Schimmel (9):
bridge: Reorder neigh
On Wed, Apr 19, 2023 at 05:51:24PM +0300, Vladimir Oltean wrote:
> On Wed, Apr 19, 2023 at 04:59:54PM +0300, Ido Schimmel wrote:
> > On Wed, Apr 19, 2023 at 03:30:07PM +0300, Nikolay Aleksandrov wrote:
> > > For the set:
> > > Acked-by: Nikolay Aleksandrov
> >
1 - 100 of 647 matches
Mail list logo