From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73AD3C43381 for ; Fri, 15 Feb 2019 13:09:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 452D021B18 for ; Fri, 15 Feb 2019 13:09:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="EYKSzvva" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729075AbfBONJ4 (ORCPT ); Fri, 15 Feb 2019 08:09:56 -0500 Received: from mail-wr1-f68.google.com ([209.85.221.68]:33930 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727524AbfBONJz (ORCPT ); Fri, 15 Feb 2019 08:09:55 -0500 Received: by mail-wr1-f68.google.com with SMTP id f14so10336207wrg.1 for ; Fri, 15 Feb 2019 05:09:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=7++3g8jPDAFuTz7S8f+gRXS7EfMnEnD4mNwIvQbCf6g=; b=EYKSzvvaQchWx7ODQA284Bmrz0m2Rc1CWa269vgg/jo0JiPpqLPAIMv2HJcUG8T6wz uUro1Uw++iNMPmYUWunILlbUopiDdRYgiL+XiVmbgoUvCao/HwEvz230hxSV9Y0MT4hQ vHz32IPIOmHZVxaHS0eJ/21+bHJYSXorxRlZo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=7++3g8jPDAFuTz7S8f+gRXS7EfMnEnD4mNwIvQbCf6g=; b=Gn75TwqO8j4yPu3JF6MN2WgC9J5vRrvz4iohqMoyWb4VlUMxqKleSRqjEDuXwDOKFM lKosv2Aco/lNFLYTuKFKbNojT3f21QPZsfu7lOZyoFLNankERCLyJixvRYE0+xUASSOJ CO5Ejf0QD3jrxlZICEOSpyxncfILuMtar9dFBXNXTVxfU20/k3pS4XF2QVPWOI+LjY+d f7vx8PtNY6eT7NhbXc9jK+7Xrav1nlWFeWoBKHL31sPPpQxr3Ci+Uer8FbFMQqbwKSjT lvOMlZ4L9vaT1coNYYRzNgobdKdb3APjuV8JCW464bYSD5Nj4BHUAm2GdIJTcT3rEQ+2 G0cg== X-Gm-Message-State: AHQUAuZhOYz8xZl6l5GDloCwLhxeaS94uOZKnnLV9IVuRhlxu+2z6PT9 BwVACzCxJDfviXARU6AHoBtDq3ZdRwWcVw== X-Google-Smtp-Source: AHgI3IYtz79HzVZsUlcuutXjYbJurAPhe9ZPqLmcWtZxt0bsGsaGqo6/OGlOs6F1p5+SiYZP8PUDug== X-Received: by 2002:a5d:694d:: with SMTP id r13mr2539492wrw.38.1550236192280; Fri, 15 Feb 2019 05:09:52 -0800 (PST) Received: from [192.168.51.243] ([93.152.141.58]) by smtp.gmail.com with ESMTPSA id b2sm5241971wrp.94.2019.02.15.05.09.50 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Fri, 15 Feb 2019 05:09:50 -0800 (PST) Subject: Re: [PATCH RFC] net: bridge: don't flood known multicast traffic when snooping is enabled To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, wkok@cumulusnetworks.com, anuradhak@cumulusnetworks.com, bridge@lists.linux-foundation.org, linus.luessing@c0d3.blue, davem@davemloft.net, stephen@networkplumber.org References: <20190215130427.29824-1-nikolay@cumulusnetworks.com> From: Nikolay Aleksandrov Message-ID: <8b483a4a-409f-9b78-8591-a25cba1c69a9@cumulusnetworks.com> Date: Fri, 15 Feb 2019 15:09:49 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <20190215130427.29824-1-nikolay@cumulusnetworks.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On 15/02/2019 15:04, Nikolay Aleksandrov wrote: > The behaviour since b00589af3b04 ("bridge: disable snooping if there is > no querier") is wrong, we shouldn't be flooding multicast traffic when > there is an mdb entry and we know where it should be forwarded to when > multicast snooping is enabled. This patch changes the behaviour to not > flood known unicast traffic. I'll give two obviously broken cases: > - most obvious: static mdb created by the user with snooping enabled > - user-space daemon controlling the mdb table (e.g. MLAG) > I had to mention: when snooping is enabled and there is *no querier configured*, that is the important bit here. In most setups the querier is explicitly configured when there is no mcast router, but it shouldn't be required to have the intuitive and normal behaviour. > Every user would expect to have traffic forwarded only to the configured > mdb destination when snooping is enabled, instead now to get that one > needs to enable both snooping and querier. Enabling querier on all > switches could be problematic and is not a good solution, for example > as summarized by our multicast experts: > "every switch would send an IGMP query for any random multicast traffic it > received across the entire domain and it would send it forever as long as a > host exists wanting that stream even if it has no downstream/directly > connected receivers" > > Sending as an RFC to get the discussion going, but I'm strongly for > removing this behaviour and would like to send this patch officially. > > We could make this behaviour possible via a knob if necessary, but > it really should not be the default. > > Signed-off-by: Nikolay Aleksandrov > --- > net/bridge/br_device.c | 3 +-- > net/bridge/br_input.c | 3 +-- > 2 files changed, 2 insertions(+), 4 deletions(-) > > diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c > index 013323b6dbe4..2aa8a6509924 100644 > --- a/net/bridge/br_device.c > +++ b/net/bridge/br_device.c > @@ -96,8 +96,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) > } > > mdst = br_mdb_get(br, skb, vid); > - if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) && > - br_multicast_querier_exists(br, eth_hdr(skb))) > + if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) > br_multicast_flood(mdst, skb, false, true); > else > br_flood(br, skb, BR_PKT_MULTICAST, false, true); > diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c > index 5ea7e56119c1..aae78095cf67 100644 > --- a/net/bridge/br_input.c > +++ b/net/bridge/br_input.c > @@ -136,8 +136,7 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb > switch (pkt_type) { > case BR_PKT_MULTICAST: > mdst = br_mdb_get(br, skb, vid); > - if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) && > - br_multicast_querier_exists(br, eth_hdr(skb))) { > + if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) { > if ((mdst && mdst->host_joined) || > br_multicast_is_router(br)) { > local_rcv = true; >