From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17A30C43381 for ; Tue, 19 Feb 2019 08:53:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id CBD272147C for ; Tue, 19 Feb 2019 08:53:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="gsThpEkk" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727857AbfBSIxG (ORCPT ); Tue, 19 Feb 2019 03:53:06 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:58199 "EHLO out2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727839AbfBSIxG (ORCPT ); Tue, 19 Feb 2019 03:53:06 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 02CF3226F4; Tue, 19 Feb 2019 03:53:05 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 19 Feb 2019 03:53:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=LvrOqa g+6Jztz1Tjeq7O+SbMX0mMaNNpdYwn0CCUW58=; b=gsThpEkkK9kJiQdpAmoiv8 48upSES/uF1h7N/CpNKwFXjl/Ezk0i/0KXwOrRaywuMpNS9QTT+bTdeHKvg20rlC CbuHKFjhEljYdG7dagrKje6hbzuYMaQc9W3JqcrYdI8WV/NdjXMxXdWCf3Es4Xum pluAqAHOWKP5dF4gHNUWlwtJ7bNyIeqHH7pzf7niGzCQzqtjx2bAEUsdbK8dIyxP 9Wm7LuFXaqeSR4P2u1pVdDZGfYQrGbUvFmmu+wxWySVNL4G1Iu8/WNKeCBI3WLmp 1Bl3MccYj7CPFC8mFstA38m9JSXW07YIesmbtlSH3wOTJNz9w7MW5gk2EfGnJQzQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdefgdegkeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomhepkfguohcu ufgthhhimhhmvghluceoihguohhstghhsehiughoshgthhdrohhrgheqnecuffhomhgrih hnpehoiihlrggsshdrohhrghenucfkphepudelfedrgeejrdduieehrddvhedunecurfgr rhgrmhepmhgrihhlfhhrohhmpehiughoshgthhesihguohhstghhrdhorhhgnecuvehluh hsthgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (unknown [193.47.165.251]) by mail.messagingengine.com (Postfix) with ESMTPA id 1CD25E409E; Tue, 19 Feb 2019 03:53:02 -0500 (EST) Date: Tue, 19 Feb 2019 10:53:01 +0200 From: Ido Schimmel To: Nikolay Aleksandrov Cc: netdev@vger.kernel.org, roopa@cumulusnetworks.com, linus.luessing@c0d3.blue, f.fainelli@gmail.com, bridge@lists.linux-foundation.org, rmk+kernel@armlinux.org.uk, ilyav@mellanox.com Subject: Re: [RFC v2] net: bridge: don't flood known multicast traffic when snooping is enabled Message-ID: <20190219085300.GA4105@splinter> References: <20190215130427.29824-1-nikolay@cumulusnetworks.com> <20190218122107.10097-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190218122107.10097-1-nikolay@cumulusnetworks.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Hi Nik, On Mon, Feb 18, 2019 at 02:21:07PM +0200, Nikolay Aleksandrov wrote: > This is v2 of the RFC patch which aims to forward packets to known > mdsts' ports only (the no querier case). After v1 I've kept > the previous behaviour when it comes to unregistered traffic or when > a querier is present. All of this is of course only with snooping > enabled. So with this patch the following changes should occur: > - No querier: forward known mdst traffic to its registered ports, > no change about unknown mcast (flood) > - Querier present: no change > > The reason to do this is simple - we want to respect the user's mdb > configuration in both cases, that is if the user adds static mdb entries > manually then we should use that information about forwarding traffic. > > What do you think ? > > * Notes > Traffic that is currently marked as mrouters_only: > - IPv4: non-local mcast traffic, igmp reports > - IPv6: non-all-nodes-dst mcast traffic, mldv1 reports > > Simple use case: > $ echo 1 > /sys/class/net/bridge/bridge/multicast_snooping > $ bridge mdb add dev bridge port swp1 grp 239.0.0.1 > - without a querier currently traffic for 239.0.0.1 will still be flooded, > with this change it will be forwarded only to swp1 Looks good to me. > > Ido, I know this doesn't solve the issue you brought up, maybe we should > have a separate discussion about acting on querier changes in the switch > driver or alternative solutions (e.g. always-flood-unknown-mcast knob). > Perhaps the bridge can notify the drivers on querier state changes. I think we need to reflect querier state to drivers. That's the only way to sync the two data paths. We can flood different packet types using different tables. The IPv6 packet types are like in the Linux bridge: * IPv6 all-hosts (ff02::1) * IPv6 unregistered multicast Currently we treat both as broadcast, but in case querier is present, we can switch the second to use the multicast flood table where we only flood to mrouter ports. But I wonder if we can simplify it. I believe that the main reason we take querier state into account in the data path is because multicast is enabled by default on the bridge. Users that would otherwise explicitly enable it would probably make sure they also have a querier in the network. The workaround I did in commit 9d45deb04c59 ("mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast") was in response to blocked IPv6 neighbour solicitation packets sent to the solicited-node multicast address. I now see that Russel (Cc-ed) bumped into the same problem [1]. If we trap such packets at L2 (we need it for ND suppression anyway) and let the Linux bridge take care of flooding them correctly, will it fix the problem? I'm basically asking if after the proposed fix we will still have basic scenarios broken by not taking querier state into account. Thanks [1] https://patchwork.ozlabs.org/patch/1043694/ > > This patch is meant about discussing the best way to solve the issue, > it's not thoroughly tested, in case we settle about the details I'll run > more tests. > > Thanks, > > Signed-off-by: Nikolay Aleksandrov > --- > net/bridge/br_device.c | 5 +++-- > net/bridge/br_input.c | 5 +++-- > 2 files changed, 6 insertions(+), 4 deletions(-) > > diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c > index 013323b6dbe4..e8c01409a7e7 100644 > --- a/net/bridge/br_device.c > +++ b/net/bridge/br_device.c > @@ -96,8 +96,9 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) > } > > mdst = br_mdb_get(br, skb, vid); > - if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) && > - br_multicast_querier_exists(br, eth_hdr(skb))) > + if (mdst || > + (BR_INPUT_SKB_CB_MROUTERS_ONLY(skb) && > + br_multicast_querier_exists(br, eth_hdr(skb)))) > br_multicast_flood(mdst, skb, false, true); > else > br_flood(br, skb, BR_PKT_MULTICAST, false, true); > diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c > index 5ea7e56119c1..8777566f7b6d 100644 > --- a/net/bridge/br_input.c > +++ b/net/bridge/br_input.c > @@ -136,8 +136,9 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb > switch (pkt_type) { > case BR_PKT_MULTICAST: > mdst = br_mdb_get(br, skb, vid); > - if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) && > - br_multicast_querier_exists(br, eth_hdr(skb))) { > + if (mdst || > + (BR_INPUT_SKB_CB_MROUTERS_ONLY(skb) && > + br_multicast_querier_exists(br, eth_hdr(skb)))) { > if ((mdst && mdst->host_joined) || > br_multicast_is_router(br)) { > local_rcv = true; > -- > 2.20.1 >