From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F91FC43381 for ; Tue, 19 Feb 2019 08:57:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 133D921902 for ; Tue, 19 Feb 2019 08:57:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=c0d3.blue header.i=@c0d3.blue header.b="Ep8dJJRA" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727839AbfBSI5X (ORCPT ); Tue, 19 Feb 2019 03:57:23 -0500 Received: from mail.aperture-lab.de ([138.201.29.205]:42612 "EHLO mail.aperture-lab.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725805AbfBSI5W (ORCPT ); Tue, 19 Feb 2019 03:57:22 -0500 Date: Tue, 19 Feb 2019 09:57:16 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c0d3.blue; s=2018; t=1550566639; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dxccSu8Qmm+/lITXvnqtX1g5CBwXFzDuDvOs275g3FY=; b=Ep8dJJRALe787t1GOVnGDYOCc/t0JbMoeBcIHntGiJs5dWW+s6GYoVAw/gGMEwCKfkMqn4 /mOOwp0LGASd/VB8O3V1lDXen4kR7YbQgOhJxznhJoDn+Dr8aHFlj8HrYwpwkWaNVyMj2w pAJCdJELJuOHMH7WzHbLiErm+uVDOm/pAXRkFDFua3s2vNRtbgLfFa5mT/5cPaKGoCkTmy 3gVmhupAaVtTEvvVinlvC4wlQZnSGXHVVEji8S5FqeQzuIYgxqJYeHeEdH+nPIpV7yzyZy uRJeGy8pLmeQKew/r5zWNblHVDFn0gK3QnW9fwH/NVXJkC6RlTb4W5ITJYHZgQ== From: Linus =?utf-8?Q?L=C3=BCssing?= To: Nikolay Aleksandrov Cc: netdev@vger.kernel.org, roopa@cumulusnetworks.com, idosch@idosch.org, f.fainelli@gmail.com, bridge@lists.linux-foundation.org Subject: Re: [RFC v2] net: bridge: don't flood known multicast traffic when snooping is enabled Message-ID: <20190219085716.GD10191@otheros> References: <20190215130427.29824-1-nikolay@cumulusnetworks.com> <20190218122107.10097-1-nikolay@cumulusnetworks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190218122107.10097-1-nikolay@cumulusnetworks.com> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=c0d3.blue; s=2018; t=1550566639; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dxccSu8Qmm+/lITXvnqtX1g5CBwXFzDuDvOs275g3FY=; b=YQbg8dO+M5YuMtYVA55oB50BoK4Y6UotY6Q6UtN0gJcDoNU6KKsSn09y7FdUrpFqiNQu/N IJVxkkTQ+ajJg3Ykyj9mzLaSyB6Eefmf2UajKFlH+/27Fh1JE3GkuuYUX8/UkObeVZR7P0 v8tpMEeKpE1XJmkolaQhTE1eGKDTAi0JWOBu8FzKvJgg53U4z2D2eLfq8siLpSD+xyC47J VMpTcDHljSCTJImVnKyiZBxFa5ysVpnIpbB6REuIeaK6rUrDR21yN5WTXmmJOFsnPojw79 NUoQoYRn9Q7xNP48QNIYMY1sNgFdXiFEW5gyFrK2bwHa+kw85rmz9N7HwxdxUw== ARC-Seal: i=1; s=2018; d=c0d3.blue; t=1550566639; a=rsa-sha256; cv=none; b=RADFgSMeaNx7fN+xJaL/mwKfwyXJrHBsdWqHzzkDjZwFqqH9czVbYJraqdxSLaZV8DE5L6 8BwCitCQpRYz4RrV7skJqDbzV/I25yx7eEhYatdFiPeN/SOBhSjjt5w43zMJJ+qzF1Nzxl BBXYCNCUCFR4Ifhso/ZWMp4ZKpOJSMUvgs3uZ0WaLi5JSHER1vvUasA9yJosEy6c6H8jmA 4Wf7b3NLgaWDlVNL97n4yt84nUANDKEshsxOE/2Nf23zO7dIbflUNgaz7Owq5PBu9pB3uN 8QimkrfPA4y6PPWZ6BmVd30MRZrszNv7yTEFrzPY/Rm6+/JAFEaZWw6YGwz8Eg== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=linus.luessing@c0d3.blue smtp.mailfrom=linus.luessing@c0d3.blue Authentication-Results: ORIGINATING; auth=pass smtp.auth=linus.luessing@c0d3.blue smtp.mailfrom=linus.luessing@c0d3.blue Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Mon, Feb 18, 2019 at 02:21:07PM +0200, Nikolay Aleksandrov wrote: > This is v2 of the RFC patch which aims to forward packets to known > mdsts' ports only (the no querier case). After v1 I've kept > the previous behaviour when it comes to unregistered traffic or when > a querier is present. All of this is of course only with snooping > enabled. So with this patch the following changes should occur: > - No querier: forward known mdst traffic to its registered ports, > no change about unknown mcast (flood) > - Querier present: no change > > The reason to do this is simple - we want to respect the user's mdb > configuration in both cases, that is if the user adds static mdb entries > manually then we should use that information about forwarding traffic. > > What do you think ? > > * Notes > Traffic that is currently marked as mrouters_only: > - IPv4: non-local mcast traffic, igmp reports > - IPv6: non-all-nodes-dst mcast traffic, mldv1 reports > > Simple use case: > $ echo 1 > /sys/class/net/bridge/bridge/multicast_snooping > $ bridge mdb add dev bridge port swp1 grp 239.0.0.1 > - without a querier currently traffic for 239.0.0.1 will still be flooded, > with this change it will be forwarded only to swp1 There is still the issue with unsolicited reports adding mdst entries here, too. Leading to unwanted packet loss and connectivity issues. If I understand correctly, then the goal is to give the user slightly more control over specific, dedicated multicast addresses, right? Could you achieve the same via netfilter? Or is that rather unfeasible with switchdev drivers? (sorry, don't have much knowledge/experience with switchdev yet) Regards, Linus