From: Vlad Yasevich <vyasevic@redhat.com>
To: Toshiaki Makita <toshiaki.makita1@gmail.com>,
Vladislav Yasevich <vyasevich@gmail.com>,
netdev@vger.kernel.org
Cc: shemminger@vyatta.com, Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Subject: Re: [PATCH 1/2] bridge: Check if vlan filtering is enabled only once.
Date: Mon, 15 Sep 2014 11:04:49 -0400 [thread overview]
Message-ID: <54170011.6020005@redhat.com> (raw)
In-Reply-To: <5415A9AC.1020400@gmail.com>
On 09/14/2014 10:43 AM, Toshiaki Makita wrote:
> (14/09/13 (土) 5:26), Vladislav Yasevich wrote:
>> The bridge code checks if vlan filtering is enabled on both
>> ingress and egress. When the state flip happens, it
>> is possible for the bridge to currently be forwarding packets
>> and forwarding behavior becomes non-deterministic. Bridge
>> may drop packets on some interfaces, but not others.
>>
>> This patch solves this by caching the filtered state of the
>> packet into skb_cb on ingress. The skb_cb is guaranteed to
>> not be over-written between the time packet entres bridge
>> forwarding path and the time it leaves it. On egress, we
>> can then check the cached state to see if we need to
>> apply filtering information.
> ...
>> @@ -270,7 +275,8 @@ bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
>> struct net_bridge *br = p->br;
>> struct net_port_vlans *v;
>>
>> - if (!br->vlan_enabled)
>> + /* If filtering was disabled at input, let it pass. */
>> + if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
>> return true;
>>
>> v = rcu_dereference(p->vlan_info);
>>
> I'm afraid br_should_learn() is not called after calling
> br_allowed_ingress(), so vlan_filtered doesn't seem to be initialized at
> this point.
>
You are right. This the local input path so it can still use vlan_enabled. I'll resubmit.
Thanks
-vlad
> Thanks,
> Toshiaki Makita
>
next prev parent reply other threads:[~2014-09-15 15:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-12 20:26 [PATCH 0/2] bridge: Two small fixes to vlan filtering code Vladislav Yasevich
2014-09-12 20:26 ` [PATCH 1/2] bridge: Check if vlan filtering is enabled only once Vladislav Yasevich
2014-09-14 14:43 ` Toshiaki Makita
2014-09-15 15:04 ` Vlad Yasevich [this message]
2014-09-12 20:26 ` [PATCH 2/2] bridge: Allow clearing of pvid and untagged bitmap Vladislav Yasevich
2014-09-13 21:22 ` [PATCH 0/2] bridge: Two small fixes to vlan filtering code David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54170011.6020005@redhat.com \
--to=vyasevic@redhat.com \
--cc=makita.toshiaki@lab.ntt.co.jp \
--cc=netdev@vger.kernel.org \
--cc=shemminger@vyatta.com \
--cc=toshiaki.makita1@gmail.com \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.