From: Jakub Kicinski <kuba@kernel.org>
To: Ido Schimmel <idosch@nvidia.com>
Cc: taras.chornyi@plvision.eu, petrm@nvidia.com,
alexandre.belloni@bootlin.com, jiri@resnulli.us, leon@kernel.org,
roopa@nvidia.com, netdev@vger.kernel.org, razor@blackwall.org,
bridge@lists.linux-foundation.org, claudiu.manoil@nxp.com,
UNGLinuxDriver@microchip.com, edumazet@google.com,
jhs@mojatatu.com, vladimir.oltean@nxp.com,
simon.horman@corigine.com, xiyou.wangcong@gmail.com,
pabeni@redhat.com, saeedm@nvidia.com, davem@davemloft.net
Subject: Re: [Bridge] [PATCH net-next v2 1/8] skbuff: bridge: Add layer 2 miss indication
Date: Mon, 29 May 2023 22:18:08 -0700 [thread overview]
Message-ID: <20230529221808.360b04c6@kernel.org> (raw)
In-Reply-To: <20230529114835.372140-2-idosch@nvidia.com>
On Mon, 29 May 2023 14:48:28 +0300 Ido Schimmel wrote:
> For EVPN non-DF (Designated Forwarder) filtering we need to be able to
> prevent decapsulated traffic from being flooded to a multi-homed host.
> Filtering of multicast and broadcast traffic can be achieved using the
> following flower filter:
>
> # tc filter add dev bond0 egress pref 1 proto all flower indev vxlan0 dst_mac 01:00:00:00:00:00/01:00:00:00:00:00 action drop
>
> Unlike broadcast and multicast traffic, it is not currently possible to
> filter unknown unicast traffic. The classification into unknown unicast
> is performed by the bridge driver, but is not visible to other layers
> such as tc.
>
> Solve this by adding a new 'l2_miss' bit to the tc skb extension. Clear
> the bit whenever a packet enters the bridge (received from a bridge port
> or transmitted via the bridge) and set it if the packet did not match an
> FDB or MDB entry. If there is no skb extension and the bit needs to be
> cleared, then do not allocate one as no extension is equivalent to the
> bit being cleared. The bit is not set for broadcast packets as they
> never perform a lookup and therefore never incur a miss.
Acked-by: Jakub Kicinski <kuba@kernel.org>
WARNING: multiple messages have this Message-ID (diff)
From: Jakub Kicinski <kuba@kernel.org>
To: Ido Schimmel <idosch@nvidia.com>
Cc: <netdev@vger.kernel.org>, <bridge@lists.linux-foundation.org>,
<davem@davemloft.net>, <pabeni@redhat.com>, <edumazet@google.com>,
<taras.chornyi@plvision.eu>, <saeedm@nvidia.com>,
<leon@kernel.org>, <petrm@nvidia.com>, <vladimir.oltean@nxp.com>,
<claudiu.manoil@nxp.com>, <alexandre.belloni@bootlin.com>,
<UNGLinuxDriver@microchip.com>, <jhs@mojatatu.com>,
<xiyou.wangcong@gmail.com>, <jiri@resnulli.us>,
<roopa@nvidia.com>, <razor@blackwall.org>,
<simon.horman@corigine.com>
Subject: Re: [PATCH net-next v2 1/8] skbuff: bridge: Add layer 2 miss indication
Date: Mon, 29 May 2023 22:18:08 -0700 [thread overview]
Message-ID: <20230529221808.360b04c6@kernel.org> (raw)
In-Reply-To: <20230529114835.372140-2-idosch@nvidia.com>
On Mon, 29 May 2023 14:48:28 +0300 Ido Schimmel wrote:
> For EVPN non-DF (Designated Forwarder) filtering we need to be able to
> prevent decapsulated traffic from being flooded to a multi-homed host.
> Filtering of multicast and broadcast traffic can be achieved using the
> following flower filter:
>
> # tc filter add dev bond0 egress pref 1 proto all flower indev vxlan0 dst_mac 01:00:00:00:00:00/01:00:00:00:00:00 action drop
>
> Unlike broadcast and multicast traffic, it is not currently possible to
> filter unknown unicast traffic. The classification into unknown unicast
> is performed by the bridge driver, but is not visible to other layers
> such as tc.
>
> Solve this by adding a new 'l2_miss' bit to the tc skb extension. Clear
> the bit whenever a packet enters the bridge (received from a bridge port
> or transmitted via the bridge) and set it if the packet did not match an
> FDB or MDB entry. If there is no skb extension and the bit needs to be
> cleared, then do not allocate one as no extension is equivalent to the
> bit being cleared. The bit is not set for broadcast packets as they
> never perform a lookup and therefore never incur a miss.
Acked-by: Jakub Kicinski <kuba@kernel.org>
next prev parent reply other threads:[~2023-05-30 5:18 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-29 11:48 [Bridge] [PATCH net-next v2 0/8] Add layer 2 miss indication and filtering Ido Schimmel
2023-05-29 11:48 ` Ido Schimmel
2023-05-29 11:48 ` [Bridge] [PATCH net-next v2 1/8] skbuff: bridge: Add layer 2 miss indication Ido Schimmel
2023-05-29 11:48 ` Ido Schimmel
2023-05-29 13:17 ` [Bridge] " Nikolay Aleksandrov
2023-05-29 13:17 ` Nikolay Aleksandrov
2023-05-30 5:18 ` Jakub Kicinski [this message]
2023-05-30 5:18 ` Jakub Kicinski
2023-05-29 11:48 ` [Bridge] [PATCH net-next v2 2/8] flow_dissector: Dissect layer 2 miss from tc skb extension Ido Schimmel
2023-05-29 11:48 ` Ido Schimmel
2023-05-29 13:18 ` [Bridge] " Nikolay Aleksandrov
2023-05-29 13:18 ` Nikolay Aleksandrov
2023-05-29 11:48 ` [Bridge] [PATCH net-next v2 3/8] net/sched: flower: Allow matching on layer 2 miss Ido Schimmel
2023-05-29 11:48 ` Ido Schimmel
2023-05-29 13:18 ` [Bridge] " Nikolay Aleksandrov
2023-05-29 13:18 ` Nikolay Aleksandrov
2023-05-29 11:48 ` [Bridge] [PATCH net-next v2 4/8] flow_offload: Reject " Ido Schimmel
2023-05-29 11:48 ` Ido Schimmel
2023-05-29 13:19 ` [Bridge] " Nikolay Aleksandrov
2023-05-29 13:19 ` Nikolay Aleksandrov
2023-05-29 11:48 ` [Bridge] [PATCH net-next v2 5/8] mlxsw: spectrum_flower: Split iif parsing to a separate function Ido Schimmel
2023-05-29 11:48 ` Ido Schimmel
2023-05-29 14:49 ` [Bridge] " Nikolay Aleksandrov
2023-05-29 14:49 ` Nikolay Aleksandrov
2023-05-29 11:48 ` [Bridge] [PATCH net-next v2 6/8] mlxsw: spectrum_flower: Do not force matching on iif Ido Schimmel
2023-05-29 11:48 ` Ido Schimmel
2023-05-29 14:49 ` [Bridge] " Nikolay Aleksandrov
2023-05-29 14:49 ` Nikolay Aleksandrov
2023-05-29 11:48 ` [Bridge] [PATCH net-next v2 7/8] mlxsw: spectrum_flower: Add ability to match on layer 2 miss Ido Schimmel
2023-05-29 11:48 ` Ido Schimmel
2023-05-29 14:50 ` [Bridge] " Nikolay Aleksandrov
2023-05-29 14:50 ` Nikolay Aleksandrov
2023-05-29 11:48 ` [Bridge] [PATCH net-next v2 8/8] selftests: forwarding: Add layer 2 miss test cases Ido Schimmel
2023-05-29 11:48 ` Ido Schimmel
2023-05-29 14:48 ` [Bridge] " Nikolay Aleksandrov
2023-05-29 14:48 ` Nikolay Aleksandrov
2023-05-31 7:00 ` [Bridge] [PATCH net-next v2 0/8] Add layer 2 miss indication and filtering patchwork-bot+netdevbpf
2023-05-31 7:00 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230529221808.360b04c6@kernel.org \
--to=kuba@kernel.org \
--cc=UNGLinuxDriver@microchip.com \
--cc=alexandre.belloni@bootlin.com \
--cc=bridge@lists.linux-foundation.org \
--cc=claudiu.manoil@nxp.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=idosch@nvidia.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=leon@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=razor@blackwall.org \
--cc=roopa@nvidia.com \
--cc=saeedm@nvidia.com \
--cc=simon.horman@corigine.com \
--cc=taras.chornyi@plvision.eu \
--cc=vladimir.oltean@nxp.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.