* [PATCH] macvlan: Allow setting multicast filter on all macvlan types
@ 2014-08-15 17:04 Vladislav Yasevich
2014-08-15 19:04 ` John Fastabend
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Vladislav Yasevich @ 2014-08-15 17:04 UTC (permalink / raw)
To: netdev; +Cc: Vladislav Yasevich, John Fastabend, Michael S. Tsirkin,
Jason Wang
Currently, macvlan code restricts multicast and unicast
filter setting only to passthru devices. As a result,
if a guest using macvtap wants to receive multicast
traffic, it has to set IFF_ALLMULTI or IFF_PROMISC.
This patch makes it possible to use the fdb interface
to add multicast addresses to the filter thus allowing
a guest to receive only targeted multicast traffic.
CC: John Fastabend <john.r.fastabend@intel.com>
CC: Michael S. Tsirkin <mst@redhat.com>
CC: Jason Wang <jasowang@redhat.com>
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
---
drivers/net/macvlan.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index ef8a5c2..fad4b9e 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -739,7 +739,10 @@ static int macvlan_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
struct macvlan_dev *vlan = netdev_priv(dev);
int err = -EINVAL;
- if (!vlan->port->passthru)
+ /* Support unicast filter only on passthru devices.
+ * Multicast filter should be allowed on all devices.
+ */
+ if (!vlan->port->passthru && is_unicast_ether_addr(addr))
return -EOPNOTSUPP;
if (flags & NLM_F_REPLACE)
@@ -760,7 +763,10 @@ static int macvlan_fdb_del(struct ndmsg *ndm, struct nlattr *tb[],
struct macvlan_dev *vlan = netdev_priv(dev);
int err = -EINVAL;
- if (!vlan->port->passthru)
+ /* Support unicast filter only on passthru devices.
+ * Multicast filter should be allowed on all devices.
+ */
+ if (!vlan->port->passthru && is_unicast_ether_addr(addr))
return -EOPNOTSUPP;
if (is_unicast_ether_addr(addr))
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] macvlan: Allow setting multicast filter on all macvlan types
2014-08-15 17:04 [PATCH] macvlan: Allow setting multicast filter on all macvlan types Vladislav Yasevich
@ 2014-08-15 19:04 ` John Fastabend
2014-08-15 19:54 ` Vlad Yasevich
2014-08-17 10:54 ` Michael S. Tsirkin
2014-08-17 9:43 ` Michael S. Tsirkin
2014-08-21 23:54 ` David Miller
2 siblings, 2 replies; 6+ messages in thread
From: John Fastabend @ 2014-08-15 19:04 UTC (permalink / raw)
To: Vladislav Yasevich, netdev; +Cc: Michael S. Tsirkin, Jason Wang, roopa
On 08/15/2014 10:04 AM, Vladislav Yasevich wrote:
> Currently, macvlan code restricts multicast and unicast
> filter setting only to passthru devices. As a result,
> if a guest using macvtap wants to receive multicast
> traffic, it has to set IFF_ALLMULTI or IFF_PROMISC.
>
> This patch makes it possible to use the fdb interface
> to add multicast addresses to the filter thus allowing
> a guest to receive only targeted multicast traffic.
>
> CC: John Fastabend <john.r.fastabend@intel.com>
> CC: Michael S. Tsirkin <mst@redhat.com>
> CC: Jason Wang <jasowang@redhat.com>
> Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
> ---
Acked-by: John Fastabend <john.r.fastabend@intel.com>
Looks good to me. Although I am trying to recall why
we restrict unicast addresses? It looks like an additional
check could be made to detect duplicate MAC addresses
in fdb_add and then we could support this as well. But
I might be missing why this wasn't supported originally.
Thanks,
John
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] macvlan: Allow setting multicast filter on all macvlan types
2014-08-15 19:04 ` John Fastabend
@ 2014-08-15 19:54 ` Vlad Yasevich
2014-08-17 10:54 ` Michael S. Tsirkin
1 sibling, 0 replies; 6+ messages in thread
From: Vlad Yasevich @ 2014-08-15 19:54 UTC (permalink / raw)
To: John Fastabend, netdev; +Cc: Michael S. Tsirkin, Jason Wang, roopa
On 08/15/2014 03:04 PM, John Fastabend wrote:
> On 08/15/2014 10:04 AM, Vladislav Yasevich wrote:
>> Currently, macvlan code restricts multicast and unicast
>> filter setting only to passthru devices. As a result,
>> if a guest using macvtap wants to receive multicast
>> traffic, it has to set IFF_ALLMULTI or IFF_PROMISC.
>>
>> This patch makes it possible to use the fdb interface
>> to add multicast addresses to the filter thus allowing
>> a guest to receive only targeted multicast traffic.
>>
>> CC: John Fastabend <john.r.fastabend@intel.com>
>> CC: Michael S. Tsirkin <mst@redhat.com>
>> CC: Jason Wang <jasowang@redhat.com>
>> Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
>> ---
>
> Acked-by: John Fastabend <john.r.fastabend@intel.com>
>
> Looks good to me. Although I am trying to recall why
> we restrict unicast addresses? It looks like an additional
> check could be made to detect duplicate MAC addresses
> in fdb_add and then we could support this as well.
Additional unicasts can be easily supported in VEPA mode,
but VEB would require additional lookups in forwarding mode
to determine if the packet should be switched locally or not.
I don't think we would need any more duplicate checking
since we use the _excl() variants which already return error
on duplicates. Thus no 2 macvlans would be able to add
the same unicast address to the same lower device.
-vlad
> But
> I might be missing why this wasn't supported originally.
>
> Thanks,
> John
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] macvlan: Allow setting multicast filter on all macvlan types
2014-08-15 19:04 ` John Fastabend
2014-08-15 19:54 ` Vlad Yasevich
@ 2014-08-17 10:54 ` Michael S. Tsirkin
1 sibling, 0 replies; 6+ messages in thread
From: Michael S. Tsirkin @ 2014-08-17 10:54 UTC (permalink / raw)
To: John Fastabend; +Cc: Vladislav Yasevich, netdev, Jason Wang, roopa
On Fri, Aug 15, 2014 at 12:04:28PM -0700, John Fastabend wrote:
> On 08/15/2014 10:04 AM, Vladislav Yasevich wrote:
> > Currently, macvlan code restricts multicast and unicast
> > filter setting only to passthru devices. As a result,
> > if a guest using macvtap wants to receive multicast
> > traffic, it has to set IFF_ALLMULTI or IFF_PROMISC.
> >
> > This patch makes it possible to use the fdb interface
> > to add multicast addresses to the filter thus allowing
> > a guest to receive only targeted multicast traffic.
> >
> > CC: John Fastabend <john.r.fastabend@intel.com>
> > CC: Michael S. Tsirkin <mst@redhat.com>
> > CC: Jason Wang <jasowang@redhat.com>
> > Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
> > ---
>
> Acked-by: John Fastabend <john.r.fastabend@intel.com>
>
> Looks good to me. Although I am trying to recall why
> we restrict unicast addresses? It looks like an additional
> check could be made to detect duplicate MAC addresses
> in fdb_add and then we could support this as well. But
> I might be missing why this wasn't supported originally.
>
> Thanks,
> John
It's not just another macvlan: we need to avoid
conflicts with the underlying device itself.
Although I note that the relevant check when
creating macvlans in macvlan_addr_busy
isn't very robust either: if device address is later
reprogrammed, we can get a conflict.
But it seems better to fix that rather than propagate
the bug in more places.
We would also need to populate the mac hash.
So a bit more code would be needed.
--
MST
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] macvlan: Allow setting multicast filter on all macvlan types
2014-08-15 17:04 [PATCH] macvlan: Allow setting multicast filter on all macvlan types Vladislav Yasevich
2014-08-15 19:04 ` John Fastabend
@ 2014-08-17 9:43 ` Michael S. Tsirkin
2014-08-21 23:54 ` David Miller
2 siblings, 0 replies; 6+ messages in thread
From: Michael S. Tsirkin @ 2014-08-17 9:43 UTC (permalink / raw)
To: Vladislav Yasevich; +Cc: netdev, John Fastabend, Jason Wang
On Fri, Aug 15, 2014 at 01:04:59PM -0400, Vladislav Yasevich wrote:
> Currently, macvlan code restricts multicast and unicast
> filter setting only to passthru devices. As a result,
> if a guest using macvtap wants to receive multicast
> traffic, it has to set IFF_ALLMULTI or IFF_PROMISC.
>
> This patch makes it possible to use the fdb interface
> to add multicast addresses to the filter thus allowing
> a guest to receive only targeted multicast traffic.
>
> CC: John Fastabend <john.r.fastabend@intel.com>
> CC: Michael S. Tsirkin <mst@redhat.com>
> CC: Jason Wang <jasowang@redhat.com>
> Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
> ---
> drivers/net/macvlan.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
> index ef8a5c2..fad4b9e 100644
> --- a/drivers/net/macvlan.c
> +++ b/drivers/net/macvlan.c
> @@ -739,7 +739,10 @@ static int macvlan_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
> struct macvlan_dev *vlan = netdev_priv(dev);
> int err = -EINVAL;
>
> - if (!vlan->port->passthru)
> + /* Support unicast filter only on passthru devices.
> + * Multicast filter should be allowed on all devices.
> + */
> + if (!vlan->port->passthru && is_unicast_ether_addr(addr))
> return -EOPNOTSUPP;
>
> if (flags & NLM_F_REPLACE)
> @@ -760,7 +763,10 @@ static int macvlan_fdb_del(struct ndmsg *ndm, struct nlattr *tb[],
> struct macvlan_dev *vlan = netdev_priv(dev);
> int err = -EINVAL;
>
> - if (!vlan->port->passthru)
> + /* Support unicast filter only on passthru devices.
> + * Multicast filter should be allowed on all devices.
> + */
> + if (!vlan->port->passthru && is_unicast_ether_addr(addr))
> return -EOPNOTSUPP;
>
> if (is_unicast_ether_addr(addr))
> --
> 1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] macvlan: Allow setting multicast filter on all macvlan types
2014-08-15 17:04 [PATCH] macvlan: Allow setting multicast filter on all macvlan types Vladislav Yasevich
2014-08-15 19:04 ` John Fastabend
2014-08-17 9:43 ` Michael S. Tsirkin
@ 2014-08-21 23:54 ` David Miller
2 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2014-08-21 23:54 UTC (permalink / raw)
To: vyasevic; +Cc: netdev, john.r.fastabend, mst, jasowang
From: Vladislav Yasevich <vyasevic@redhat.com>
Date: Fri, 15 Aug 2014 13:04:59 -0400
> Currently, macvlan code restricts multicast and unicast
> filter setting only to passthru devices. As a result,
> if a guest using macvtap wants to receive multicast
> traffic, it has to set IFF_ALLMULTI or IFF_PROMISC.
>
> This patch makes it possible to use the fdb interface
> to add multicast addresses to the filter thus allowing
> a guest to receive only targeted multicast traffic.
>
> CC: John Fastabend <john.r.fastabend@intel.com>
> CC: Michael S. Tsirkin <mst@redhat.com>
> CC: Jason Wang <jasowang@redhat.com>
> Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Applied, thanks Vlad.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-08-21 23:54 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-15 17:04 [PATCH] macvlan: Allow setting multicast filter on all macvlan types Vladislav Yasevich
2014-08-15 19:04 ` John Fastabend
2014-08-15 19:54 ` Vlad Yasevich
2014-08-17 10:54 ` Michael S. Tsirkin
2014-08-17 9:43 ` Michael S. Tsirkin
2014-08-21 23:54 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).