From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 653D2C433B4 for ; Wed, 5 May 2021 17:11:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 38F02613BE for ; Wed, 5 May 2021 17:11:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235460AbhEERMN (ORCPT ); Wed, 5 May 2021 13:12:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:49728 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237729AbhEERBE (ORCPT ); Wed, 5 May 2021 13:01:04 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id B0B34613C4; Wed, 5 May 2021 16:40:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620232822; bh=iUyfDaESffOejNa44GP7IeITpDiWol9iTfGo0sc9l+U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tmaUHemNOcVKywjzaDWQk+gTyOkN+oJKySSn+5kiR/32exzZtBK3XnqNEOnhO+83M Cf+uFlAemPbybTv6b/EHIxKZwGIjkDsjU5cQVlWKQ5yFh8rUwubqu6XAdf9UJtOPCZ 0dFHjpwRF0qCLhPfc+CXTqo/R4mjjhJwnV9UmK4fau/8y9UEViA7VkscttJ9tYDf1p gulTECAAejfgPZ+l6vJ3PCPalUORSR1A1Rqfmou+zjb6yP0rmWJxThDJV+Cap/adKH Rb4BiwbTzdWLiLCM5mWr8je2WtEpiFvxeoCagFzjNumeBLad7TBdw+YofgZ54cugEI GSdEcJGA/r2Pg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Nikolay Aleksandrov , Amer Abdalamer , "David S . Miller" , Sasha Levin , bridge@lists.linux-foundation.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 4.19 12/32] net: bridge: when suppression is enabled exclude RARP packets Date: Wed, 5 May 2021 12:39:44 -0400 Message-Id: <20210505164004.3463707-12-sashal@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210505164004.3463707-1-sashal@kernel.org> References: <20210505164004.3463707-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nikolay Aleksandrov [ Upstream commit 0353b4a96b7a9f60fe20d1b3ebd4931a4085f91c ] Recently we had an interop issue where RARP packets got suppressed with bridge neigh suppression enabled, but the check in the code was meant to suppress GARP. Exclude RARP packets from it which would allow some VMWare setups to work, to quote the report: "Those RARP packets usually get generated by vMware to notify physical switches when vMotion occurs. vMware may use random sip/tip or just use sip=tip=0. So the RARP packet sometimes get properly flooded by the vtep and other times get dropped by the logic" Reported-by: Amer Abdalamer Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/bridge/br_arp_nd_proxy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/bridge/br_arp_nd_proxy.c b/net/bridge/br_arp_nd_proxy.c index eb44ae05abaa..b52e70362268 100644 --- a/net/bridge/br_arp_nd_proxy.c +++ b/net/bridge/br_arp_nd_proxy.c @@ -158,7 +158,9 @@ void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br, if (br->neigh_suppress_enabled) { if (p && (p->flags & BR_NEIGH_SUPPRESS)) return; - if (ipv4_is_zeronet(sip) || sip == tip) { + if (parp->ar_op != htons(ARPOP_RREQUEST) && + parp->ar_op != htons(ARPOP_RREPLY) && + (ipv4_is_zeronet(sip) || sip == tip)) { /* prevent flooding to neigh suppress ports */ BR_INPUT_SKB_CB(skb)->proxyarp_replied = true; return; -- 2.30.2 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620232822; bh=iUyfDaESffOejNa44GP7IeITpDiWol9iTfGo0sc9l+U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tmaUHemNOcVKywjzaDWQk+gTyOkN+oJKySSn+5kiR/32exzZtBK3XnqNEOnhO+83M Cf+uFlAemPbybTv6b/EHIxKZwGIjkDsjU5cQVlWKQ5yFh8rUwubqu6XAdf9UJtOPCZ 0dFHjpwRF0qCLhPfc+CXTqo/R4mjjhJwnV9UmK4fau/8y9UEViA7VkscttJ9tYDf1p gulTECAAejfgPZ+l6vJ3PCPalUORSR1A1Rqfmou+zjb6yP0rmWJxThDJV+Cap/adKH Rb4BiwbTzdWLiLCM5mWr8je2WtEpiFvxeoCagFzjNumeBLad7TBdw+YofgZ54cugEI GSdEcJGA/r2Pg== From: Sasha Levin Date: Wed, 5 May 2021 12:39:44 -0400 Message-Id: <20210505164004.3463707-12-sashal@kernel.org> In-Reply-To: <20210505164004.3463707-1-sashal@kernel.org> References: <20210505164004.3463707-1-sashal@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Bridge] [PATCH AUTOSEL 4.19 12/32] net: bridge: when suppression is enabled exclude RARP packets List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Sasha Levin , netdev@vger.kernel.org, bridge@lists.linux-foundation.org, Nikolay Aleksandrov , Amer Abdalamer , "David S . Miller" From: Nikolay Aleksandrov [ Upstream commit 0353b4a96b7a9f60fe20d1b3ebd4931a4085f91c ] Recently we had an interop issue where RARP packets got suppressed with bridge neigh suppression enabled, but the check in the code was meant to suppress GARP. Exclude RARP packets from it which would allow some VMWare setups to work, to quote the report: "Those RARP packets usually get generated by vMware to notify physical switches when vMotion occurs. vMware may use random sip/tip or just use sip=tip=0. So the RARP packet sometimes get properly flooded by the vtep and other times get dropped by the logic" Reported-by: Amer Abdalamer Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/bridge/br_arp_nd_proxy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/bridge/br_arp_nd_proxy.c b/net/bridge/br_arp_nd_proxy.c index eb44ae05abaa..b52e70362268 100644 --- a/net/bridge/br_arp_nd_proxy.c +++ b/net/bridge/br_arp_nd_proxy.c @@ -158,7 +158,9 @@ void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br, if (br->neigh_suppress_enabled) { if (p && (p->flags & BR_NEIGH_SUPPRESS)) return; - if (ipv4_is_zeronet(sip) || sip == tip) { + if (parp->ar_op != htons(ARPOP_RREQUEST) && + parp->ar_op != htons(ARPOP_RREPLY) && + (ipv4_is_zeronet(sip) || sip == tip)) { /* prevent flooding to neigh suppress ports */ BR_INPUT_SKB_CB(skb)->proxyarp_replied = true; return; -- 2.30.2