vxlan nits - Patchwork

Message ID	201210191148.q9JBkm0v018443@lab1.dls
State	Changes Requested, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Gateway: Authorized Use Only! Violators will be prosecuted for <netdev@vger.kernel.org> from <dlstevens@us.ibm.com>; Fri, 19 Oct 2012 05:49:51 -0600 Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 19 Oct 2012 05:49:22 -0600 Message-Id: <201210191148.q9JBkm0v018443@lab1.dls> To: Stephen Hemminger <shemminger@vyatta.com>, David Miller <davem@davemloft.net> cc: netdev@vger.kernel.org Subject: [PATCH] vxlan nits Date: Fri, 19 Oct 2012 07:46:48 -0400 From: David L Stevens <dlstevens@us.ibm.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

201210191148.q9JBkm0v018443@lab1.dls

State

Changes Requested, archived

Delegated to:

David Miller

Headers

Message-Id: <201210191148.q9JBkm0v018443@lab1.dls>
To: Stephen Hemminger <shemminger@vyatta.com>,
	David Miller <davem@davemloft.net>
cc: netdev@vger.kernel.org
Subject: [PATCH] vxlan nits
Date: Fri, 19 Oct 2012 07:46:48 -0400
From: David L Stevens <dlstevens@us.ibm.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

David Stevens Oct. 19, 2012, 11:46 a.m. UTC

This patch fixes a couple problems with vxlan.

1) Improper check of NUD_PERMANENT makes permanent forwarding table
	entries timeout too.

2) Check for "0.0.0.0" as gaddr and allow to mean "no group". The
	iproute2 patch sends gaddr even if not specified, which
	fails the IN_MULTICAST() test. This patch allows static-only
	forwarding and dropping everything else.

Signed-Off-By: David L Stevens <dlstevens@us.ibm.com>


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

stephen hemminger Oct. 19, 2012, 8:28 p.m. UTC | #1

On Fri, 19 Oct 2012 07:46:48 -0400
David L Stevens <dlstevens@us.ibm.com> wrote:

> 
> This patch fixes a couple problems with vxlan.
> 
> 1) Improper check of NUD_PERMANENT makes permanent forwarding table
> 	entries timeout too.
> 
> 2) Check for "0.0.0.0" as gaddr and allow to mean "no group". The
> 	iproute2 patch sends gaddr even if not specified, which
> 	fails the IN_MULTICAST() test. This patch allows static-only
> 	forwarding and dropping everything else.
> 
> Signed-Off-By: David L Stevens <dlstevens@us.ibm.com>
> 
> diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
> index 607976c..3fac9f3 100644
> --- a/drivers/net/vxlan.c
> +++ b/drivers/net/vxlan.c
> @@ -816,7 +816,7 @@ static void vxlan_cleanup(unsigned long arg)
>  				= container_of(p, struct vxlan_fdb, hlist);
>  			unsigned long timeout;
>  
> -			if (f->state == NUD_PERMANENT)
> +			if (f->state & NUD_PERMANENT)
>  				continue;
>  
>  			timeout = f->used + vxlan->age_interval * HZ;
> @@ -1047,7 +1047,7 @@ static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[])
>  
>  	if (data[IFLA_VXLAN_GROUP]) {
>  		__be32 gaddr = nla_get_be32(data[IFLA_VXLAN_GROUP]);
> -		if (!IN_MULTICAST(ntohl(gaddr))) {
> +		if (gaddr && !IN_MULTICAST(ntohl(gaddr))) {
>  			pr_debug("group address is not IPv4 multicast\n");
>  			return -EADDRNOTAVAIL;
>  		}
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

The first is a bug, the second doesn't need to be fixed in the kernel.
I change iproute to not sent group address unless it is defined.

The plan is to add IPV6 support, in which case group address could
be IPV6.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Vincent Bernat Oct. 28, 2012, 10:02 p.m. UTC | #2

❦ 19 octobre 2012 22:28 CEST, Stephen Hemminger <shemminger@vyatta.com> :

> The plan is to add IPV6 support, in which case group address could
> be IPV6.

Hi Stephen!

Is it something that you plan to add soon?

stephen hemminger Oct. 29, 2012, 2:20 p.m. UTC | #3

On Sun, 28 Oct 2012 23:02:20 +0100
Vincent Bernat <bernat@luffy.cx> wrote:

>  ❦ 19 octobre 2012 22:28 CEST, Stephen Hemminger <shemminger@vyatta.com> :
> 
> > The plan is to add IPV6 support, in which case group address could
> > be IPV6.
> 
> Hi Stephen!
> 
> Is it something that you plan to add soon?

The only real question is whether to have one driver do dual stack with
one forwarding table, or separate drivers (like GRE). I prefer the former.

Since the RFC does not include IPv6 yet, there is no rush and the final
standard may address some of the corner case issues like fragmentation.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 607976c..3fac9f3 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -816,7 +816,7 @@  static void vxlan_cleanup(unsigned long arg)
 				= container_of(p, struct vxlan_fdb, hlist);
 			unsigned long timeout;
 
-			if (f->state == NUD_PERMANENT)
+			if (f->state & NUD_PERMANENT)
 				continue;
 
 			timeout = f->used + vxlan->age_interval * HZ;
@@ -1047,7 +1047,7 @@  static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[])
 
 	if (data[IFLA_VXLAN_GROUP]) {
 		__be32 gaddr = nla_get_be32(data[IFLA_VXLAN_GROUP]);
-		if (!IN_MULTICAST(ntohl(gaddr))) {
+		if (gaddr && !IN_MULTICAST(ntohl(gaddr))) {
 			pr_debug("group address is not IPv4 multicast\n");
 			return -EADDRNOTAVAIL;
 		}