From: Vlad Yasevich <vyasevic@redhat.com>
To: Toshiaki Makita <toshiaki.makita1@gmail.com>
Cc: mst@redhat.com, netdev@vger.kernel.org,
bridge@lists.linux-foundation.org, jhs@mojatatu.com,
john.r.fastabend@intel.com, shemminger@vyatta.com
Subject: Re: [Bridge] [PATCH 6/7] bridge: Manage promisc mode when vlans are configured on top of a bridge
Date: Mon, 03 Mar 2014 07:12:32 -0500 [thread overview]
Message-ID: <531471B0.1050705@redhat.com> (raw)
In-Reply-To: <1393685845.1753.10.camel@localhost.localdomain>
On 03/01/2014 09:57 AM, Toshiaki Makita wrote:
> On Fri, 2014-02-28 at 14:34 -0500, Vlad Yasevich wrote:
>> On 02/27/2014 08:17 AM, Vlad Yasevich wrote:
>>> On 02/27/2014 07:06 AM, Toshiaki Makita wrote:
>>>> (2014/02/27 0:18), Vlad Yasevich wrote:
>>>>> If the user configures vlan interfaces on top of the bridge and the bridge
>>>>> doesn't have vlan filtering enabled, we have to place all the ports in
>>>>> promsic mode so that we can correctly receive tagged frames.
>>>>> When vlan filtering is enabled, the vlan configuration will be provided
>>>>> via filtering interface.
>>>>> When the vlan filtering is toggled, we also have mange promiscuity.
>>>>
>>>> If we disable vlan_filtering and no vlan interface is configured on the
>>>> bridge, we cannot forward any tagged traffic?
>>>
>>> We can't receive tagged traffic, so we turn promisc on.
>>>
>>>> If we want to forward frames from one port to another port (not from/to
>>>> bridge device), we have to add vlan interface or set promisc mode, right?
>>>>
>>>
>>> Hm.. Good point. This isn't enough to address the scenario that Patch7
>>> tries to solve. I'll need to think about that. This is partially why
>>> I split functionality in Patch7 out. It made things more difficult.
>>>
>>
>> I now understood what you were referring to above a bit better.
>> This patch solves just part of the problem. The other part is what
>> happens when someone behind the bridge is using vlan tagging without
>> the bridge being aware of it and expects the bridge to forward such traffic.
>> So, if we ever want to disable promiscuous mode on the bridge ports, we
>> either need to depend on lan filtering being configured in the bridge
>> or have the ability to disable vlan filtering in the driver.
>>
>> Neither is really a good thing. I'll need to think about this.
>
> Yes, that is what I was worried about.
> As a bridge has no way to know which vid will be used in incoming
> frame's vlan tag, we maybe have to call vlan_vid_add() for all vids when
> we disable promiscuous on a port? If we had an API to simply disable
> vlan filtering of a NIC, it could be better...
That's what I am looking at now. Some nics appear to handle this better
then others.
-vlad
>
> Thanks,
> Toshiaki Makita
>
WARNING: multiple messages have this Message-ID (diff)
From: Vlad Yasevich <vyasevic@redhat.com>
To: Toshiaki Makita <toshiaki.makita1@gmail.com>
Cc: mst@redhat.com, netdev@vger.kernel.org,
bridge@lists.linux-foundation.org, jhs@mojatatu.com,
john.r.fastabend@intel.com, shemminger@vyatta.com
Subject: Re: [PATCH 6/7] bridge: Manage promisc mode when vlans are configured on top of a bridge
Date: Mon, 03 Mar 2014 07:12:32 -0500 [thread overview]
Message-ID: <531471B0.1050705@redhat.com> (raw)
In-Reply-To: <1393685845.1753.10.camel@localhost.localdomain>
On 03/01/2014 09:57 AM, Toshiaki Makita wrote:
> On Fri, 2014-02-28 at 14:34 -0500, Vlad Yasevich wrote:
>> On 02/27/2014 08:17 AM, Vlad Yasevich wrote:
>>> On 02/27/2014 07:06 AM, Toshiaki Makita wrote:
>>>> (2014/02/27 0:18), Vlad Yasevich wrote:
>>>>> If the user configures vlan interfaces on top of the bridge and the bridge
>>>>> doesn't have vlan filtering enabled, we have to place all the ports in
>>>>> promsic mode so that we can correctly receive tagged frames.
>>>>> When vlan filtering is enabled, the vlan configuration will be provided
>>>>> via filtering interface.
>>>>> When the vlan filtering is toggled, we also have mange promiscuity.
>>>>
>>>> If we disable vlan_filtering and no vlan interface is configured on the
>>>> bridge, we cannot forward any tagged traffic?
>>>
>>> We can't receive tagged traffic, so we turn promisc on.
>>>
>>>> If we want to forward frames from one port to another port (not from/to
>>>> bridge device), we have to add vlan interface or set promisc mode, right?
>>>>
>>>
>>> Hm.. Good point. This isn't enough to address the scenario that Patch7
>>> tries to solve. I'll need to think about that. This is partially why
>>> I split functionality in Patch7 out. It made things more difficult.
>>>
>>
>> I now understood what you were referring to above a bit better.
>> This patch solves just part of the problem. The other part is what
>> happens when someone behind the bridge is using vlan tagging without
>> the bridge being aware of it and expects the bridge to forward such traffic.
>> So, if we ever want to disable promiscuous mode on the bridge ports, we
>> either need to depend on lan filtering being configured in the bridge
>> or have the ability to disable vlan filtering in the driver.
>>
>> Neither is really a good thing. I'll need to think about this.
>
> Yes, that is what I was worried about.
> As a bridge has no way to know which vid will be used in incoming
> frame's vlan tag, we maybe have to call vlan_vid_add() for all vids when
> we disable promiscuous on a port? If we had an API to simply disable
> vlan filtering of a NIC, it could be better...
That's what I am looking at now. Some nics appear to handle this better
then others.
-vlad
>
> Thanks,
> Toshiaki Makita
>
next prev parent reply other threads:[~2014-03-03 12:12 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-26 15:18 [Bridge] [PATCH RFC 0/7] Non-promisc bidge ports support Vlad Yasevich
2014-02-26 15:18 ` Vlad Yasevich
2014-02-26 15:18 ` [Bridge] [PATCH 1/7] bridge: Turn flag change macro into a function Vlad Yasevich
2014-02-26 15:18 ` Vlad Yasevich
2014-02-26 15:29 ` [Bridge] " Michael S. Tsirkin
2014-02-26 15:29 ` Michael S. Tsirkin
2014-02-26 15:36 ` [Bridge] " Vlad Yasevich
2014-02-26 15:36 ` Vlad Yasevich
2014-02-26 15:18 ` [Bridge] [PATCH 2/7] bridge: Keep track of ports capable of flooding Vlad Yasevich
2014-02-26 15:18 ` Vlad Yasevich
2014-02-26 15:41 ` [Bridge] " Michael S. Tsirkin
2014-02-26 15:41 ` Michael S. Tsirkin
2014-02-26 15:41 ` [Bridge] " Vlad Yasevich
2014-02-26 15:41 ` Vlad Yasevich
2014-02-26 15:53 ` [Bridge] " Michael S. Tsirkin
2014-02-26 15:53 ` Michael S. Tsirkin
2014-02-27 11:59 ` [Bridge] " Toshiaki Makita
2014-02-27 11:59 ` Toshiaki Makita
2014-02-27 12:54 ` [Bridge] " Vlad Yasevich
2014-02-27 12:54 ` Vlad Yasevich
2014-02-26 15:18 ` [Bridge] [PATCH 3/7] bridge: Add addresses from static fdbs to bridge address list Vlad Yasevich
2014-02-26 15:18 ` Vlad Yasevich
2014-02-26 15:46 ` [Bridge] " Michael S. Tsirkin
2014-02-26 15:46 ` Michael S. Tsirkin
2014-02-26 15:43 ` [Bridge] " Vlad Yasevich
2014-02-26 15:43 ` Vlad Yasevich
2014-02-26 16:23 ` [Bridge] " Michael S. Tsirkin
2014-02-26 16:23 ` Michael S. Tsirkin
2014-02-26 17:25 ` [Bridge] " Vlad Yasevich
2014-02-26 17:25 ` Vlad Yasevich
2014-02-26 17:33 ` [Bridge] " Michael S. Tsirkin
2014-02-26 17:33 ` Michael S. Tsirkin
2014-02-26 16:57 ` [Bridge] " Stephen Hemminger
2014-02-26 16:57 ` Stephen Hemminger
2014-02-26 17:35 ` [Bridge] " Vlad Yasevich
2014-02-26 17:35 ` Vlad Yasevich
2014-02-27 7:53 ` [Bridge] " Michael S. Tsirkin
2014-02-27 7:53 ` Michael S. Tsirkin
2014-02-27 13:08 ` [Bridge] " Vlad Yasevich
2014-02-27 13:08 ` Vlad Yasevich
2014-02-27 13:38 ` [Bridge] " Michael S. Tsirkin
2014-02-27 13:38 ` Michael S. Tsirkin
2014-02-26 15:18 ` [Bridge] [PATCH 4/7] bridge: Automatically manage port promiscuous mode Vlad Yasevich
2014-02-26 15:18 ` Vlad Yasevich
2014-02-26 15:51 ` [Bridge] " Michael S. Tsirkin
2014-02-26 15:51 ` Michael S. Tsirkin
2014-02-26 16:02 ` [Bridge] " Vlad Yasevich
2014-02-26 16:02 ` Vlad Yasevich
2014-02-26 16:58 ` [Bridge] " Stephen Hemminger
2014-02-26 16:58 ` Stephen Hemminger
2014-02-26 17:32 ` [Bridge] " Michael S. Tsirkin
2014-02-26 17:32 ` Michael S. Tsirkin
2014-02-26 15:18 ` [Bridge] [PATCH 5/7] bridge: Correctly manage promiscuity when user requested it Vlad Yasevich
2014-02-26 15:18 ` Vlad Yasevich
2014-02-26 15:18 ` [Bridge] [PATCH 6/7] bridge: Manage promisc mode when vlans are configured on top of a bridge Vlad Yasevich
2014-02-26 15:18 ` Vlad Yasevich
2014-02-26 16:00 ` [Bridge] " Michael S. Tsirkin
2014-02-26 16:00 ` Michael S. Tsirkin
2014-02-26 16:05 ` [Bridge] " Vlad Yasevich
2014-02-26 16:05 ` Vlad Yasevich
2014-02-26 16:25 ` [Bridge] " Michael S. Tsirkin
2014-02-26 16:25 ` Michael S. Tsirkin
2014-02-27 12:06 ` [Bridge] " Toshiaki Makita
2014-02-27 12:06 ` Toshiaki Makita
2014-02-27 13:17 ` [Bridge] " Vlad Yasevich
2014-02-27 13:17 ` Vlad Yasevich
2014-02-28 19:34 ` [Bridge] " Vlad Yasevich
2014-02-28 19:34 ` Vlad Yasevich
2014-03-01 14:57 ` [Bridge] " Toshiaki Makita
2014-03-01 14:57 ` Toshiaki Makita
2014-03-03 12:12 ` Vlad Yasevich [this message]
2014-03-03 12:12 ` Vlad Yasevich
2014-02-26 15:18 ` [Bridge] [PATCH 7/7] bridge: Support promisc management when all ports are non-flooding Vlad Yasevich
2014-02-26 15:18 ` Vlad Yasevich
2014-02-26 15:57 ` [Bridge] " Michael S. Tsirkin
2014-02-26 15:57 ` Michael S. Tsirkin
2014-02-27 3:46 ` [Bridge] " Vlad Yasevich
2014-02-27 3:46 ` Vlad Yasevich
2014-02-27 7:29 ` [Bridge] " Michael S. Tsirkin
2014-02-27 7:29 ` Michael S. Tsirkin
2014-02-26 16:01 ` [Bridge] " Michael S. Tsirkin
2014-02-26 16:01 ` Michael S. Tsirkin
2014-02-26 16:34 ` [Bridge] [PATCH RFC 0/7] Non-promisc bidge ports support Michael S. Tsirkin
2014-02-26 16:34 ` Michael S. Tsirkin
2014-02-26 23:59 ` [Bridge] " Jamal Hadi Salim
2014-02-26 23:59 ` Jamal Hadi Salim
2014-02-27 3:37 ` [Bridge] " Vlad Yasevich
2014-02-27 3:37 ` Vlad Yasevich
2014-02-27 8:54 ` [Bridge] " Amidu Sila
2014-02-27 7:20 ` Michael S. Tsirkin
2014-02-27 7:20 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=531471B0.1050705@redhat.com \
--to=vyasevic@redhat.com \
--cc=bridge@lists.linux-foundation.org \
--cc=jhs@mojatatu.com \
--cc=john.r.fastabend@intel.com \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=shemminger@vyatta.com \
--cc=toshiaki.makita1@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.