From patchwork Fri Feb 15 13:04:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikolay Aleksandrov X-Patchwork-Id: 1042811 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=cumulusnetworks.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="a2lQdc2I"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 441D4X5cF2z9s4Z for ; Sat, 16 Feb 2019 00:04:44 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728656AbfBONEm (ORCPT ); Fri, 15 Feb 2019 08:04:42 -0500 Received: from mail-wm1-f67.google.com ([209.85.128.67]:33723 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726174AbfBONEm (ORCPT ); Fri, 15 Feb 2019 08:04:42 -0500 Received: by mail-wm1-f67.google.com with SMTP id h22so6615566wmb.0 for ; Fri, 15 Feb 2019 05:04:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id; bh=2PGOmZQoppAoM8aUEK9njBBuEgqiggiAWZ3r9SgXpBk=; b=a2lQdc2I5dtOhxZJ2dbtkGdaxwACZv5WYs/6K8UnzGUgy5WoVIlPz6yj3V2tr7870C FIxxkJwpb4EuNbZEnLpUS/ZDIY81TBgwH3IeihIudIJoSjNFqZkpX00zAZRxoJGvGcb4 hAfs0fJ/s9KfwA1S5FOlNdpGW3Oetv/oR2ZvI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=2PGOmZQoppAoM8aUEK9njBBuEgqiggiAWZ3r9SgXpBk=; b=B4w6uhuw72TaoPZpz2QkrcJA1efYSxXwde3OKP573axxWu5cbrGbspr9kLMMs3N1ZR Qjk4qlDwwEdMpdcSBHfvTV4PNH+y2Gzn97s2UjwnvDouF7xbJCJwwQbaGp3PBHLg1YIv E6ZD3AeVImGMl7Nv8vQYMjWuCAAjz7shCIaT8wvgDa6SPtcg72OXsz5GRbnCkf6BCfeR XI1dRj0+GfhuMb7tR9DF4sU4pufAEqe+DRBAExXMU4p5pB+fS0EHV2QmpyhycFoJxMai QuXxLzOqXN2X4D/s5GDpM9ers/UUVoAtFDYVvCtb6n19yytJugPm/xK4zj1mEmVGy1wM EapA== X-Gm-Message-State: AHQUAuY8uSKX6UJp0xDUeotifObhoOoSGqI85lZwqzDq0gIOBo+aaGuy 9Ht5lzruimWMi7Xe6jmECBDLWFV9J/D/OQ== X-Google-Smtp-Source: AHgI3IahGsjjWo/xV2g3HsZmqoM3S9leteoTvNUuJcQ4D4+K5Cuknb8LgD6G0m6R/WrxJYBWDMXbWg== X-Received: by 2002:a7b:c5d1:: with SMTP id n17mr6546061wmk.152.1550235880290; Fri, 15 Feb 2019 05:04:40 -0800 (PST) Received: from localhost.localdomain ([93.152.141.58]) by smtp.gmail.com with ESMTPSA id x3sm6294338wrd.19.2019.02.15.05.04.39 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 15 Feb 2019 05:04:39 -0800 (PST) From: Nikolay Aleksandrov To: netdev@vger.kernel.org Cc: roopa@cumulusnetworks.com, wkok@cumulusnetworks.com, anuradhak@cumulusnetworks.com, bridge@lists.linux-foundation.org, linus.luessing@c0d3.blue, davem@davemloft.net, stephen@networkplumber.org, Nikolay Aleksandrov Subject: [PATCH RFC] net: bridge: don't flood known multicast traffic when snooping is enabled Date: Fri, 15 Feb 2019 15:04:27 +0200 Message-Id: <20190215130427.29824-1-nikolay@cumulusnetworks.com> X-Mailer: git-send-email 2.17.2 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The behaviour since b00589af3b04 ("bridge: disable snooping if there is no querier") is wrong, we shouldn't be flooding multicast traffic when there is an mdb entry and we know where it should be forwarded to when multicast snooping is enabled. This patch changes the behaviour to not flood known unicast traffic. I'll give two obviously broken cases: - most obvious: static mdb created by the user with snooping enabled - user-space daemon controlling the mdb table (e.g. MLAG) Every user would expect to have traffic forwarded only to the configured mdb destination when snooping is enabled, instead now to get that one needs to enable both snooping and querier. Enabling querier on all switches could be problematic and is not a good solution, for example as summarized by our multicast experts: "every switch would send an IGMP query for any random multicast traffic it received across the entire domain and it would send it forever as long as a host exists wanting that stream even if it has no downstream/directly connected receivers" Sending as an RFC to get the discussion going, but I'm strongly for removing this behaviour and would like to send this patch officially. We could make this behaviour possible via a knob if necessary, but it really should not be the default. Signed-off-by: Nikolay Aleksandrov Reviewed-by: Ido Schimmel --- net/bridge/br_device.c | 3 +-- net/bridge/br_input.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 013323b6dbe4..2aa8a6509924 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -96,8 +96,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) } mdst = br_mdb_get(br, skb, vid); - if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) && - br_multicast_querier_exists(br, eth_hdr(skb))) + if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) br_multicast_flood(mdst, skb, false, true); else br_flood(br, skb, BR_PKT_MULTICAST, false, true); diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 5ea7e56119c1..aae78095cf67 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -136,8 +136,7 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb switch (pkt_type) { case BR_PKT_MULTICAST: mdst = br_mdb_get(br, skb, vid); - if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) && - br_multicast_querier_exists(br, eth_hdr(skb))) { + if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) { if ((mdst && mdst->host_joined) || br_multicast_is_router(br)) { local_rcv = true;