From: Vlad Yasevich <vyasevic@redhat.com>
To: Toshiaki Makita <toshiaki.makita1@gmail.com>
Cc: mst@redhat.com, netdev@vger.kernel.org,
bridge@lists.linux-foundation.org, jhs@mojatatu.com,
john.r.fastabend@intel.com, shemminger@vyatta.com
Subject: Re: [PATCH 6/7] bridge: Manage promisc mode when vlans are configured on top of a bridge
Date: Mon, 03 Mar 2014 07:12:32 -0500 [thread overview]
Message-ID: <531471B0.1050705@redhat.com> (raw)
In-Reply-To: <1393685845.1753.10.camel@localhost.localdomain>
On 03/01/2014 09:57 AM, Toshiaki Makita wrote:
> On Fri, 2014-02-28 at 14:34 -0500, Vlad Yasevich wrote:
>> On 02/27/2014 08:17 AM, Vlad Yasevich wrote:
>>> On 02/27/2014 07:06 AM, Toshiaki Makita wrote:
>>>> (2014/02/27 0:18), Vlad Yasevich wrote:
>>>>> If the user configures vlan interfaces on top of the bridge and the bridge
>>>>> doesn't have vlan filtering enabled, we have to place all the ports in
>>>>> promsic mode so that we can correctly receive tagged frames.
>>>>> When vlan filtering is enabled, the vlan configuration will be provided
>>>>> via filtering interface.
>>>>> When the vlan filtering is toggled, we also have mange promiscuity.
>>>>
>>>> If we disable vlan_filtering and no vlan interface is configured on the
>>>> bridge, we cannot forward any tagged traffic?
>>>
>>> We can't receive tagged traffic, so we turn promisc on.
>>>
>>>> If we want to forward frames from one port to another port (not from/to
>>>> bridge device), we have to add vlan interface or set promisc mode, right?
>>>>
>>>
>>> Hm.. Good point. This isn't enough to address the scenario that Patch7
>>> tries to solve. I'll need to think about that. This is partially why
>>> I split functionality in Patch7 out. It made things more difficult.
>>>
>>
>> I now understood what you were referring to above a bit better.
>> This patch solves just part of the problem. The other part is what
>> happens when someone behind the bridge is using vlan tagging without
>> the bridge being aware of it and expects the bridge to forward such traffic.
>> So, if we ever want to disable promiscuous mode on the bridge ports, we
>> either need to depend on lan filtering being configured in the bridge
>> or have the ability to disable vlan filtering in the driver.
>>
>> Neither is really a good thing. I'll need to think about this.
>
> Yes, that is what I was worried about.
> As a bridge has no way to know which vid will be used in incoming
> frame's vlan tag, we maybe have to call vlan_vid_add() for all vids when
> we disable promiscuous on a port? If we had an API to simply disable
> vlan filtering of a NIC, it could be better...
That's what I am looking at now. Some nics appear to handle this better
then others.
-vlad
>
> Thanks,
> Toshiaki Makita
>
next prev parent reply other threads:[~2014-03-03 12:12 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-26 15:18 [PATCH RFC 0/7] Non-promisc bidge ports support Vlad Yasevich
2014-02-26 15:18 ` [PATCH 1/7] bridge: Turn flag change macro into a function Vlad Yasevich
2014-02-26 15:29 ` Michael S. Tsirkin
2014-02-26 15:36 ` Vlad Yasevich
2014-02-26 15:18 ` [PATCH 2/7] bridge: Keep track of ports capable of flooding Vlad Yasevich
2014-02-26 15:41 ` Michael S. Tsirkin
2014-02-26 15:41 ` Vlad Yasevich
2014-02-26 15:53 ` Michael S. Tsirkin
2014-02-27 11:59 ` Toshiaki Makita
2014-02-27 12:54 ` Vlad Yasevich
2014-02-26 15:18 ` [PATCH 3/7] bridge: Add addresses from static fdbs to bridge address list Vlad Yasevich
2014-02-26 15:46 ` Michael S. Tsirkin
2014-02-26 15:43 ` Vlad Yasevich
2014-02-26 16:23 ` Michael S. Tsirkin
2014-02-26 17:25 ` Vlad Yasevich
2014-02-26 17:33 ` Michael S. Tsirkin
2014-02-26 16:57 ` Stephen Hemminger
2014-02-26 17:35 ` Vlad Yasevich
2014-02-27 7:53 ` Michael S. Tsirkin
2014-02-27 13:08 ` Vlad Yasevich
2014-02-27 13:38 ` Michael S. Tsirkin
2014-02-26 15:18 ` [PATCH 4/7] bridge: Automatically manage port promiscuous mode Vlad Yasevich
2014-02-26 15:51 ` Michael S. Tsirkin
2014-02-26 16:02 ` Vlad Yasevich
2014-02-26 16:58 ` Stephen Hemminger
2014-02-26 17:32 ` Michael S. Tsirkin
2014-02-26 15:18 ` [PATCH 5/7] bridge: Correctly manage promiscuity when user requested it Vlad Yasevich
2014-02-26 15:18 ` [PATCH 6/7] bridge: Manage promisc mode when vlans are configured on top of a bridge Vlad Yasevich
2014-02-26 16:00 ` Michael S. Tsirkin
2014-02-26 16:05 ` Vlad Yasevich
2014-02-26 16:25 ` Michael S. Tsirkin
2014-02-27 12:06 ` Toshiaki Makita
2014-02-27 13:17 ` Vlad Yasevich
2014-02-28 19:34 ` Vlad Yasevich
2014-03-01 14:57 ` Toshiaki Makita
2014-03-03 12:12 ` Vlad Yasevich [this message]
2014-02-26 15:18 ` [PATCH 7/7] bridge: Support promisc management when all ports are non-flooding Vlad Yasevich
2014-02-26 15:57 ` Michael S. Tsirkin
2014-02-27 3:46 ` Vlad Yasevich
2014-02-27 7:29 ` Michael S. Tsirkin
2014-02-26 16:01 ` Michael S. Tsirkin
2014-02-26 16:34 ` [PATCH RFC 0/7] Non-promisc bidge ports support Michael S. Tsirkin
2014-02-26 23:59 ` Jamal Hadi Salim
2014-02-27 3:37 ` Vlad Yasevich
2014-02-27 8:54 ` [Bridge] " Amidu Sila
2014-02-27 7:20 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=531471B0.1050705@redhat.com \
--to=vyasevic@redhat.com \
--cc=bridge@lists.linux-foundation.org \
--cc=jhs@mojatatu.com \
--cc=john.r.fastabend@intel.com \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=shemminger@vyatta.com \
--cc=toshiaki.makita1@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).