Re: [PATCH net-next 3/3] vxlan: allow multiple VXLANs with same VNI for IPv6 link-local addresses

[Jiri Benc <jbenc@redhat.com>]

On Fri, 10 Mar 2017 23:39:44 +0100, Matthias Schiffer wrote:
> @@ -233,17 +234,30 @@ static struct vxlan_dev *vxlan_vs_find_vni(struct vxlan_sock *vs, __be32 vni)
>  		vni = 0;
>  
>  	hlist_for_each_entry_rcu(vxlan, vni_head(vs, vni), hlist) {
> -		if (vxlan->default_dst.remote_vni == vni)
> -			return vxlan;
> +		if (vxlan->default_dst.remote_vni != vni)
> +			continue;
> +
> +		if (IS_ENABLED(CONFIG_IPV6)) {
> +			const struct vxlan_config *cfg = &vxlan->cfg;
> +
> +			if (cfg->remote_ifindex != 0 &&
> +			    cfg->remote_ifindex != ifindex &&
> +			    cfg->saddr.sa.sa_family == AF_INET6 &&
> +			    (ipv6_addr_type(&cfg->saddr.sin6.sin6_addr) &
> +			     IPV6_ADDR_LINKLOCAL))

Calculating this (especially ipv6_addr_type) on every received packet
looks unnecessarily expensive. Just store the fact the the local
address is link-local in a flag during config. And compare the flag
first before considering remote_ifindex.

This is especially important for lwtunnels which can have anything in
the saddr and remote_ifindex, yet those fields are ignored and the
vni 0 entry has to be returned. It also means that the link-local flag
must not be set for lwtunnels.

> +#if IS_ENABLED(CONFIG_IPV6)
> +		if (conf->remote_ifindex != tmp->cfg.remote_ifindex &&
> +		    conf->saddr.sa.sa_family == AF_INET6 &&
> +		    tmp->cfg.saddr.sa.sa_family == AF_INET6 &&
> +		    (ipv6_addr_type(&conf->saddr.sin6.sin6_addr) &
> +		     IPV6_ADDR_LINKLOCAL) &&
> +		    (ipv6_addr_type(&tmp->cfg.saddr.sin6.sin6_addr) &
> +		     IPV6_ADDR_LINKLOCAL))
> +			continue;
> +#endif

In patch 1, you're checking for either source and destination address
being link-local, while here you're consider only those that have both
addresses link-local.

Wouldn't it be better to plainly reject configuration that has one
address link-local but not the other one?

 Jiri