Message ID | 1408122299-29632-1-git-send-email-vyasevic@redhat.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On 08/15/2014 10:04 AM, Vladislav Yasevich wrote: > Currently, macvlan code restricts multicast and unicast > filter setting only to passthru devices. As a result, > if a guest using macvtap wants to receive multicast > traffic, it has to set IFF_ALLMULTI or IFF_PROMISC. > > This patch makes it possible to use the fdb interface > to add multicast addresses to the filter thus allowing > a guest to receive only targeted multicast traffic. > > CC: John Fastabend <john.r.fastabend@intel.com> > CC: Michael S. Tsirkin <mst@redhat.com> > CC: Jason Wang <jasowang@redhat.com> > Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> > --- Acked-by: John Fastabend <john.r.fastabend@intel.com> Looks good to me. Although I am trying to recall why we restrict unicast addresses? It looks like an additional check could be made to detect duplicate MAC addresses in fdb_add and then we could support this as well. But I might be missing why this wasn't supported originally. Thanks, John -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 08/15/2014 03:04 PM, John Fastabend wrote: > On 08/15/2014 10:04 AM, Vladislav Yasevich wrote: >> Currently, macvlan code restricts multicast and unicast >> filter setting only to passthru devices. As a result, >> if a guest using macvtap wants to receive multicast >> traffic, it has to set IFF_ALLMULTI or IFF_PROMISC. >> >> This patch makes it possible to use the fdb interface >> to add multicast addresses to the filter thus allowing >> a guest to receive only targeted multicast traffic. >> >> CC: John Fastabend <john.r.fastabend@intel.com> >> CC: Michael S. Tsirkin <mst@redhat.com> >> CC: Jason Wang <jasowang@redhat.com> >> Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> >> --- > > Acked-by: John Fastabend <john.r.fastabend@intel.com> > > Looks good to me. Although I am trying to recall why > we restrict unicast addresses? It looks like an additional > check could be made to detect duplicate MAC addresses > in fdb_add and then we could support this as well. Additional unicasts can be easily supported in VEPA mode, but VEB would require additional lookups in forwarding mode to determine if the packet should be switched locally or not. I don't think we would need any more duplicate checking since we use the _excl() variants which already return error on duplicates. Thus no 2 macvlans would be able to add the same unicast address to the same lower device. -vlad > But > I might be missing why this wasn't supported originally. > > Thanks, > John > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Aug 15, 2014 at 01:04:59PM -0400, Vladislav Yasevich wrote: > Currently, macvlan code restricts multicast and unicast > filter setting only to passthru devices. As a result, > if a guest using macvtap wants to receive multicast > traffic, it has to set IFF_ALLMULTI or IFF_PROMISC. > > This patch makes it possible to use the fdb interface > to add multicast addresses to the filter thus allowing > a guest to receive only targeted multicast traffic. > > CC: John Fastabend <john.r.fastabend@intel.com> > CC: Michael S. Tsirkin <mst@redhat.com> > CC: Jason Wang <jasowang@redhat.com> > Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> > --- > drivers/net/macvlan.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c > index ef8a5c2..fad4b9e 100644 > --- a/drivers/net/macvlan.c > +++ b/drivers/net/macvlan.c > @@ -739,7 +739,10 @@ static int macvlan_fdb_add(struct ndmsg *ndm, struct nlattr *tb[], > struct macvlan_dev *vlan = netdev_priv(dev); > int err = -EINVAL; > > - if (!vlan->port->passthru) > + /* Support unicast filter only on passthru devices. > + * Multicast filter should be allowed on all devices. > + */ > + if (!vlan->port->passthru && is_unicast_ether_addr(addr)) > return -EOPNOTSUPP; > > if (flags & NLM_F_REPLACE) > @@ -760,7 +763,10 @@ static int macvlan_fdb_del(struct ndmsg *ndm, struct nlattr *tb[], > struct macvlan_dev *vlan = netdev_priv(dev); > int err = -EINVAL; > > - if (!vlan->port->passthru) > + /* Support unicast filter only on passthru devices. > + * Multicast filter should be allowed on all devices. > + */ > + if (!vlan->port->passthru && is_unicast_ether_addr(addr)) > return -EOPNOTSUPP; > > if (is_unicast_ether_addr(addr)) > -- > 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Aug 15, 2014 at 12:04:28PM -0700, John Fastabend wrote: > On 08/15/2014 10:04 AM, Vladislav Yasevich wrote: > > Currently, macvlan code restricts multicast and unicast > > filter setting only to passthru devices. As a result, > > if a guest using macvtap wants to receive multicast > > traffic, it has to set IFF_ALLMULTI or IFF_PROMISC. > > > > This patch makes it possible to use the fdb interface > > to add multicast addresses to the filter thus allowing > > a guest to receive only targeted multicast traffic. > > > > CC: John Fastabend <john.r.fastabend@intel.com> > > CC: Michael S. Tsirkin <mst@redhat.com> > > CC: Jason Wang <jasowang@redhat.com> > > Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> > > --- > > Acked-by: John Fastabend <john.r.fastabend@intel.com> > > Looks good to me. Although I am trying to recall why > we restrict unicast addresses? It looks like an additional > check could be made to detect duplicate MAC addresses > in fdb_add and then we could support this as well. But > I might be missing why this wasn't supported originally. > > Thanks, > John It's not just another macvlan: we need to avoid conflicts with the underlying device itself. Although I note that the relevant check when creating macvlans in macvlan_addr_busy isn't very robust either: if device address is later reprogrammed, we can get a conflict. But it seems better to fix that rather than propagate the bug in more places. We would also need to populate the mac hash. So a bit more code would be needed.
From: Vladislav Yasevich <vyasevic@redhat.com> Date: Fri, 15 Aug 2014 13:04:59 -0400 > Currently, macvlan code restricts multicast and unicast > filter setting only to passthru devices. As a result, > if a guest using macvtap wants to receive multicast > traffic, it has to set IFF_ALLMULTI or IFF_PROMISC. > > This patch makes it possible to use the fdb interface > to add multicast addresses to the filter thus allowing > a guest to receive only targeted multicast traffic. > > CC: John Fastabend <john.r.fastabend@intel.com> > CC: Michael S. Tsirkin <mst@redhat.com> > CC: Jason Wang <jasowang@redhat.com> > Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> Applied, thanks Vlad. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c index ef8a5c2..fad4b9e 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c @@ -739,7 +739,10 @@ static int macvlan_fdb_add(struct ndmsg *ndm, struct nlattr *tb[], struct macvlan_dev *vlan = netdev_priv(dev); int err = -EINVAL; - if (!vlan->port->passthru) + /* Support unicast filter only on passthru devices. + * Multicast filter should be allowed on all devices. + */ + if (!vlan->port->passthru && is_unicast_ether_addr(addr)) return -EOPNOTSUPP; if (flags & NLM_F_REPLACE) @@ -760,7 +763,10 @@ static int macvlan_fdb_del(struct ndmsg *ndm, struct nlattr *tb[], struct macvlan_dev *vlan = netdev_priv(dev); int err = -EINVAL; - if (!vlan->port->passthru) + /* Support unicast filter only on passthru devices. + * Multicast filter should be allowed on all devices. + */ + if (!vlan->port->passthru && is_unicast_ether_addr(addr)) return -EOPNOTSUPP; if (is_unicast_ether_addr(addr))
Currently, macvlan code restricts multicast and unicast filter setting only to passthru devices. As a result, if a guest using macvtap wants to receive multicast traffic, it has to set IFF_ALLMULTI or IFF_PROMISC. This patch makes it possible to use the fdb interface to add multicast addresses to the filter thus allowing a guest to receive only targeted multicast traffic. CC: John Fastabend <john.r.fastabend@intel.com> CC: Michael S. Tsirkin <mst@redhat.com> CC: Jason Wang <jasowang@redhat.com> Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> --- drivers/net/macvlan.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)