[PATCH net-next 0/4] vxlan: Join / leave MC group when reconfigured

[PATCH net-next 0/4] vxlan: Join / leave MC group when reconfigured

[Petr Machata]

When a vxlan netdevice is brought up, if its default remote is a multicast
address, the device joins the indicated group.

Therefore when the multicast remote address changes, the device should
leave the current group and subscribe to the new one. Similarly when the
interface used for endpoint communication is changed in a situation when
multicast remote is configured. This is currently not done.

Both vxlan_igmp_join() and vxlan_igmp_leave() can however fail. So it is
possible that with such fix, the netdevice will end up in an inconsistent
situation where the old group is not joined anymore, but joining the
new group fails. Should we join the new group first, and leave the old one
second, we might end up in the opposite situation, where both groups are
joined. Undoing any of this during rollback is going to be similarly
problematic.

One solution would be to just forbid the change when the netdevice is up.
However in vnifilter mode, changing the group address is allowed, and these
problems are simply ignored (see vxlan_vni_update_group()):

 # ip link add name br up type bridge vlan_filtering 1
 # ip link add vx1 up master br type vxlan external vnifilter local 192.0.2.1 dev lo dstport 4789
 # bridge vni add dev vx1 vni 200 group 224.0.0.1
 # tcpdump -i lo &
 # bridge vni add dev vx1 vni 200 group 224.0.0.2
 18:55:46.523438 IP 0.0.0.0 > 224.0.0.22: igmp v3 report, 1 group record(s)
 18:55:46.943447 IP 0.0.0.0 > 224.0.0.22: igmp v3 report, 1 group record(s)
 # bridge vni
 dev               vni                group/remote
 vx1               200                224.0.0.2

Having two different modes of operation for conceptually the same interface
is silly, so in this patchset, just do what the vnifilter code does and
deal with the errors by crossing fingers real hard.

Petr Machata (4):
  vxlan: Join / leave MC group after remote changes
  selftests: forwarding: lib: Move require_command to net, generalize
  selftests: test_vxlan_fdb_changelink: Convert to lib.sh
  selftests: test_vxlan_fdb_changelink: Add a test for MC remote change

 drivers/net/vxlan/vxlan_core.c                |  15 +++
 tools/testing/selftests/net/forwarding/lib.sh |  10 --
 tools/testing/selftests/net/lib.sh            |  19 +++
 .../net/test_vxlan_fdb_changelink.sh          | 111 ++++++++++++++++--
 4 files changed, 132 insertions(+), 23 deletions(-)

-- 
2.47.0

[PATCH net-next 1/4] vxlan: Join / leave MC group after remote changes

[Petr Machata]

When a vxlan netdevice is brought up, if its default remote is a multicast
address, the device joins the indicated group.

Therefore when the multicast remote address changes, the device should
leave the current group and subscribe to the new one. Similarly when the
interface used for endpoint communication is changed in a situation when
multicast remote is configured. This is currently not done.

Both vxlan_igmp_join() and vxlan_igmp_leave() can however fail. So it is
possible that with such fix, the netdevice will end up in an inconsistent
situation where the old group is not joined anymore, but joining the
new group fails. Should we join the new group first, and leave the old one
second, we might end up in the opposite situation, where both groups are
joined. Undoing any of this during rollback is going to be similarly
problematic.

One solution would be to just forbid the change when the netdevice is up.
However in vnifilter mode, changing the group address is allowed, and these
problems are simply ignored (see vxlan_vni_update_group()):

 # ip link add name br up type bridge vlan_filtering 1
 # ip link add vx1 up master br type vxlan external vnifilter local 192.0.2.1 dev lo dstport 4789
 # bridge vni add dev vx1 vni 200 group 224.0.0.1
 # tcpdump -i lo &
 # bridge vni add dev vx1 vni 200 group 224.0.0.2
 18:55:46.523438 IP 0.0.0.0 > 224.0.0.22: igmp v3 report, 1 group record(s)
 18:55:46.943447 IP 0.0.0.0 > 224.0.0.22: igmp v3 report, 1 group record(s)
 # bridge vni
 dev               vni                group/remote
 vx1               200                224.0.0.2

Having two different modes of operation for conceptually the same interface
is silly, so in this patch, just do what the vnifilter code does and deal
with the errors by crossing fingers real hard.

Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
---

Notes:
CC: Andrew Lunn <andrew+netdev@lunn.ch>
CC: Nikolay Aleksandrov <razor@blackwall.org>
CC: Roopa Prabhu <roopa@nvidia.com>
CC: Menglong Dong <menglong8.dong@gmail.com>
CC: Guillaume Nault <gnault@redhat.com>

 drivers/net/vxlan/vxlan_core.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
index 69579425107f..7eba0ee7f602 100644
--- a/drivers/net/vxlan/vxlan_core.c
+++ b/drivers/net/vxlan/vxlan_core.c
@@ -3888,6 +3888,11 @@ static void vxlan_config_apply(struct net_device *dev,
 	unsigned short needed_headroom = ETH_HLEN;
 	int max_mtu = ETH_MAX_MTU;
 	u32 flags = conf->flags;
+	bool rem_changed;
+
+	rem_changed = !vxlan_addr_equal(&vxlan->default_dst.remote_ip,
+					&conf->remote_ip) ||
+		      vxlan->default_dst.remote_ifindex != conf->remote_ifindex;
 
 	if (!changelink) {
 		if (flags & VXLAN_F_GPE)
@@ -3899,6 +3904,11 @@ static void vxlan_config_apply(struct net_device *dev,
 			dev->mtu = conf->mtu;
 
 		vxlan->net = src_net;
+
+	} else if (vxlan->dev->flags & IFF_UP) {
+		if (vxlan_addr_multicast(&vxlan->default_dst.remote_ip) &&
+		    rem_changed)
+			vxlan_multicast_leave(vxlan);
 	}
 
 	dst->remote_vni = conf->vni;
@@ -3932,6 +3942,11 @@ static void vxlan_config_apply(struct net_device *dev,
 	dev->needed_headroom = needed_headroom;
 
 	memcpy(&vxlan->cfg, conf, sizeof(*conf));
+
+	if (changelink && vxlan->dev->flags & IFF_UP &&
+	    vxlan_addr_multicast(&vxlan->default_dst.remote_ip) &&
+	    rem_changed)
+		vxlan_multicast_join(vxlan);
 }
 
 static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
-- 
2.47.0

[PATCH net-next 2/4] selftests: forwarding: lib: Move require_command to net, generalize

[Petr Machata]

This helper could be useful to more than just forwarding tests.
Move it upstairs and port over to log_test_skip().

Split the function into two parts: the bit that actually checks and
reports skip, which is in a new function check_command(). And a bit
that exits the test script if the check fails. This allows users
consistent checking behavior while giving an option to bail out from
a single test without bailing out of the whole script.

Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
---

Notes:
CC: Simon Horman <horms@kernel.org>
CC: Shuah Khan <shuah@kernel.org>
CC: linux-kselftest@vger.kernel.org

 tools/testing/selftests/net/forwarding/lib.sh | 10 ----------
 tools/testing/selftests/net/lib.sh            | 19 +++++++++++++++++++
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/tools/testing/selftests/net/forwarding/lib.sh b/tools/testing/selftests/net/forwarding/lib.sh
index 8de80acf249e..508f3c700d71 100644
--- a/tools/testing/selftests/net/forwarding/lib.sh
+++ b/tools/testing/selftests/net/forwarding/lib.sh
@@ -291,16 +291,6 @@ if [[ "$CHECK_TC" = "yes" ]]; then
 	check_tc_version
 fi
 
-require_command()
-{
-	local cmd=$1; shift
-
-	if [[ ! -x "$(command -v "$cmd")" ]]; then
-		echo "SKIP: $cmd not installed"
-		exit $ksft_skip
-	fi
-}
-
 # IPv6 support was added in v3.0
 check_mtools_version()
 {
diff --git a/tools/testing/selftests/net/lib.sh b/tools/testing/selftests/net/lib.sh
index 0bd9a038a1f0..975be4fdbcdb 100644
--- a/tools/testing/selftests/net/lib.sh
+++ b/tools/testing/selftests/net/lib.sh
@@ -450,6 +450,25 @@ kill_process()
 	{ kill $pid && wait $pid; } 2>/dev/null
 }
 
+check_command()
+{
+	local cmd=$1; shift
+
+	if [[ ! -x "$(command -v "$cmd")" ]]; then
+		log_test_skip "$cmd not installed"
+		return $EXIT_STATUS
+	fi
+}
+
+require_command()
+{
+	local cmd=$1; shift
+
+	if ! check_command "$cmd"; then
+		exit $EXIT_STATUS
+	fi
+}
+
 ip_link_add()
 {
 	local name=$1; shift
-- 
2.47.0

[PATCH net-next 3/4] selftests: test_vxlan_fdb_changelink: Convert to lib.sh

[Petr Machata]

Instead of inlining equivalents, use lib.sh-provided primitives.
Use defer to manage vx lifetime.

This will make it easier to extend the test in the next patch.

Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
---

Notes:
CC: Simon Horman <horms@kernel.org>
CC: Shuah Khan <shuah@kernel.org>
CC: linux-kselftest@vger.kernel.org

 .../net/test_vxlan_fdb_changelink.sh          | 39 ++++++++++++-------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/tools/testing/selftests/net/test_vxlan_fdb_changelink.sh b/tools/testing/selftests/net/test_vxlan_fdb_changelink.sh
index 2d442cdab11e..6f2bca4b346c 100755
--- a/tools/testing/selftests/net/test_vxlan_fdb_changelink.sh
+++ b/tools/testing/selftests/net/test_vxlan_fdb_changelink.sh
@@ -1,29 +1,38 @@
 #!/bin/bash
 # SPDX-License-Identifier: GPL-2.0
 
-# Check FDB default-remote handling across "ip link set".
+ALL_TESTS="
+	test_set_remote
+"
+source lib.sh
 
 check_remotes()
 {
 	local what=$1; shift
 	local N=$(bridge fdb sh dev vx | grep 00:00:00:00:00:00 | wc -l)
 
-	echo -ne "expected two remotes after $what\t"
-	if [[ $N != 2 ]]; then
-		echo "[FAIL]"
-		EXIT_STATUS=1
-	else
-		echo "[ OK ]"
-	fi
+	((N == 2))
+	check_err $? "expected 2 remotes after $what, got $N"
 }
 
-ip link add name vx up type vxlan id 2000 dstport 4789
-bridge fdb ap dev vx 00:00:00:00:00:00 dst 192.0.2.20 self permanent
-bridge fdb ap dev vx 00:00:00:00:00:00 dst 192.0.2.30 self permanent
-check_remotes "fdb append"
+# Check FDB default-remote handling across "ip link set".
+test_set_remote()
+{
+	RET=0
 
-ip link set dev vx type vxlan remote 192.0.2.30
-check_remotes "link set"
+	ip_link_add vx up type vxlan id 2000 dstport 4789
+	bridge fdb ap dev vx 00:00:00:00:00:00 dst 192.0.2.20 self permanent
+	bridge fdb ap dev vx 00:00:00:00:00:00 dst 192.0.2.30 self permanent
+	check_remotes "fdb append"
+
+	ip link set dev vx type vxlan remote 192.0.2.30
+	check_remotes "link set"
+
+	log_test 'FDB default-remote handling across "ip link set"'
+}
+
+trap defer_scopes_cleanup EXIT
+
+tests_run
 
-ip link del dev vx
 exit $EXIT_STATUS
-- 
2.47.0

[PATCH net-next 4/4] selftests: test_vxlan_fdb_changelink: Add a test for MC remote change

[Petr Machata]

Changes to MC remote need to be reflected in actual group memberships.
Add a test to verify that it is the case.

Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
---

Notes:
CC: Simon Horman <horms@kernel.org>
CC: Shuah Khan <shuah@kernel.org>
CC: linux-kselftest@vger.kernel.org

 .../net/test_vxlan_fdb_changelink.sh          | 76 +++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/tools/testing/selftests/net/test_vxlan_fdb_changelink.sh b/tools/testing/selftests/net/test_vxlan_fdb_changelink.sh
index 6f2bca4b346c..062f957950af 100755
--- a/tools/testing/selftests/net/test_vxlan_fdb_changelink.sh
+++ b/tools/testing/selftests/net/test_vxlan_fdb_changelink.sh
@@ -3,6 +3,7 @@
 
 ALL_TESTS="
 	test_set_remote
+	test_change_mc_remote
 "
 source lib.sh
 
@@ -31,6 +32,81 @@ test_set_remote()
 	log_test 'FDB default-remote handling across "ip link set"'
 }
 
+fmt_remote()
+{
+	local addr=$1; shift
+
+	if [[ $addr == 224.* ]]; then
+		echo "group $addr"
+	else
+		echo "remote $addr"
+	fi
+}
+
+change_remote()
+{
+	local remote=$1; shift
+
+	ip link set dev vx type vxlan $(fmt_remote $remote) dev v1
+}
+
+check_membership()
+{
+	local check_vec=("$@")
+
+	local memberships
+	memberships=$(
+	    netstat -n --groups |
+		sed -n '/^v1\b/p' |
+		grep -o '[^ ]*$'
+	)
+	check_err $? "Couldn't obtain group memberships"
+
+	local item
+	for item in "${check_vec[@]}"; do
+		eval "local $item"
+		echo "$memberships" | grep -q "\b$group\b"
+		check_err_fail $fail $? "$group is_ex reported in IGMP query response"
+	done
+}
+
+test_change_mc_remote()
+{
+	check_command netstat || return
+
+	ip_link_add v1 up type veth peer name v2
+	ip_link_set_up v2
+
+	RET=0
+
+	ip_link_add vx up type vxlan dstport 4789 \
+		local 192.0.2.1 $(fmt_remote 224.1.1.1) dev v1 vni 1000
+
+	check_membership "group=224.1.1.1 fail=0" \
+			 "group=224.1.1.2 fail=1" \
+			 "group=224.1.1.3 fail=1"
+
+	log_test "MC group report after VXLAN creation"
+
+	RET=0
+
+	change_remote 224.1.1.2
+	check_membership "group=224.1.1.1 fail=1" \
+			 "group=224.1.1.2 fail=0" \
+			 "group=224.1.1.3 fail=1"
+
+	log_test "MC group report after changing VXLAN remote MC->MC"
+
+	RET=0
+
+	change_remote 192.0.2.2
+	check_membership "group=224.1.1.1 fail=1" \
+			 "group=224.1.1.2 fail=1" \
+			 "group=224.1.1.3 fail=1"
+
+	log_test "MC group report after changing VXLAN remote MC->UC"
+}
+
 trap defer_scopes_cleanup EXIT
 
 tests_run
-- 
2.47.0

Re: [PATCH net-next 0/4] vxlan: Join / leave MC group when reconfigured

[Nikolay Aleksandrov]

On 2/7/25 19:34, Petr Machata wrote:
> When a vxlan netdevice is brought up, if its default remote is a multicast
> address, the device joins the indicated group.
> 
> Therefore when the multicast remote address changes, the device should
> leave the current group and subscribe to the new one. Similarly when the
> interface used for endpoint communication is changed in a situation when
> multicast remote is configured. This is currently not done.
> 
> Both vxlan_igmp_join() and vxlan_igmp_leave() can however fail. So it is
> possible that with such fix, the netdevice will end up in an inconsistent
> situation where the old group is not joined anymore, but joining the
> new group fails. Should we join the new group first, and leave the old one
> second, we might end up in the opposite situation, where both groups are
> joined. Undoing any of this during rollback is going to be similarly
> problematic.
> 
> One solution would be to just forbid the change when the netdevice is up.
> However in vnifilter mode, changing the group address is allowed, and these
> problems are simply ignored (see vxlan_vni_update_group()):
> 
>  # ip link add name br up type bridge vlan_filtering 1
>  # ip link add vx1 up master br type vxlan external vnifilter local 192.0.2.1 dev lo dstport 4789
>  # bridge vni add dev vx1 vni 200 group 224.0.0.1
>  # tcpdump -i lo &
>  # bridge vni add dev vx1 vni 200 group 224.0.0.2
>  18:55:46.523438 IP 0.0.0.0 > 224.0.0.22: igmp v3 report, 1 group record(s)
>  18:55:46.943447 IP 0.0.0.0 > 224.0.0.22: igmp v3 report, 1 group record(s)
>  # bridge vni
>  dev               vni                group/remote
>  vx1               200                224.0.0.2
> 
> Having two different modes of operation for conceptually the same interface
> is silly, so in this patchset, just do what the vnifilter code does and
> deal with the errors by crossing fingers real hard.
> 
> Petr Machata (4):
>   vxlan: Join / leave MC group after remote changes
>   selftests: forwarding: lib: Move require_command to net, generalize
>   selftests: test_vxlan_fdb_changelink: Convert to lib.sh
>   selftests: test_vxlan_fdb_changelink: Add a test for MC remote change
> 
>  drivers/net/vxlan/vxlan_core.c                |  15 +++
>  tools/testing/selftests/net/forwarding/lib.sh |  10 --
>  tools/testing/selftests/net/lib.sh            |  19 +++
>  .../net/test_vxlan_fdb_changelink.sh          | 111 ++++++++++++++++--
>  4 files changed, 132 insertions(+), 23 deletions(-)
> 

For the set,
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>

Re: [PATCH net-next 1/4] vxlan: Join / leave MC group after remote changes

[Paolo Abeni]

On 2/7/25 6:34 PM, Petr Machata wrote:
> @@ -3899,6 +3904,11 @@ static void vxlan_config_apply(struct net_device *dev,
>  			dev->mtu = conf->mtu;
>  
>  		vxlan->net = src_net;
> +
> +	} else if (vxlan->dev->flags & IFF_UP) {
> +		if (vxlan_addr_multicast(&vxlan->default_dst.remote_ip) &&
> +		    rem_changed)
> +			vxlan_multicast_leave(vxlan);

AFAICS vxlan_vni_update_group() is not completely ignore
vxlan_multicast_{leave,join} errors. Instead is bailing out as soon as
any error happens. For consistency's sake I think it would be better do
the same here.

Also I have the feeling that ending-up in an inconsistent status with no
group joined would be less troublesome than the opposite.

/P

Re: [PATCH net-next 1/4] vxlan: Join / leave MC group after remote changes

[Petr Machata]

Paolo Abeni <pabeni@redhat.com> writes:

> On 2/7/25 6:34 PM, Petr Machata wrote:
>> @@ -3899,6 +3904,11 @@ static void vxlan_config_apply(struct net_device *dev,
>>  			dev->mtu = conf->mtu;
>>  
>>  		vxlan->net = src_net;
>> +
>> +	} else if (vxlan->dev->flags & IFF_UP) {
>> +		if (vxlan_addr_multicast(&vxlan->default_dst.remote_ip) &&
>> +		    rem_changed)
>> +			vxlan_multicast_leave(vxlan);
>
> AFAICS vxlan_vni_update_group() is not completely ignore
> vxlan_multicast_{leave,join} errors. Instead is bailing out as soon as
> any error happens. For consistency's sake I think it would be better do
> the same here.
>
> Also I have the feeling that ending-up in an inconsistent status with no
> group joined would be less troublesome than the opposite.

This can already happen FWIW. If you currently want to change the remote
group address in a way that doesn't break things, you take the netdevice
down, then change it, then bring it back up. The leave during downing
can fail and will not be diagnosed. (Nor can it really be, you can't
veto downing.)

I can add the bail-outs that you ask for, but I don't know that there is
a way to resolve these issues for real.

Re: [PATCH net-next 1/4] vxlan: Join / leave MC group after remote changes

[Paolo Abeni]

On 2/11/25 3:56 PM, Petr Machata wrote:
> Paolo Abeni <pabeni@redhat.com> writes:
>> On 2/7/25 6:34 PM, Petr Machata wrote:
>>> @@ -3899,6 +3904,11 @@ static void vxlan_config_apply(struct net_device *dev,
>>>  			dev->mtu = conf->mtu;
>>>  
>>>  		vxlan->net = src_net;
>>> +
>>> +	} else if (vxlan->dev->flags & IFF_UP) {
>>> +		if (vxlan_addr_multicast(&vxlan->default_dst.remote_ip) &&
>>> +		    rem_changed)
>>> +			vxlan_multicast_leave(vxlan);
>>
>> AFAICS vxlan_vni_update_group() is not completely ignore
>> vxlan_multicast_{leave,join} errors. Instead is bailing out as soon as
>> any error happens. For consistency's sake I think it would be better do
>> the same here.
>>
>> Also I have the feeling that ending-up in an inconsistent status with no
>> group joined would be less troublesome than the opposite.
> 
> This can already happen FWIW. If you currently want to change the remote
> group address in a way that doesn't break things, you take the netdevice
> down, then change it, then bring it back up. The leave during downing
> can fail and will not be diagnosed. (Nor can it really be, you can't
> veto downing.)

I see.

> I can add the bail-outs that you ask for, but I don't know that there is
> a way to resolve these issues for real.

The main point I made was about consistency: making the
vxlan_config_apply() behavior as close as possible to
vxlan_vni_update_group() as stated in the commit message.

Cheers,

Paolo

Re: [PATCH net-next 1/4] vxlan: Join / leave MC group after remote changes

[Petr Machata]

Paolo Abeni <pabeni@redhat.com> writes:

> On 2/11/25 3:56 PM, Petr Machata wrote:
>> Paolo Abeni <pabeni@redhat.com> writes:
>>> On 2/7/25 6:34 PM, Petr Machata wrote:
>>>> @@ -3899,6 +3904,11 @@ static void vxlan_config_apply(struct net_device *dev,
>>>>  			dev->mtu = conf->mtu;
>>>>  
>>>>  		vxlan->net = src_net;
>>>> +
>>>> +	} else if (vxlan->dev->flags & IFF_UP) {
>>>> +		if (vxlan_addr_multicast(&vxlan->default_dst.remote_ip) &&
>>>> +		    rem_changed)
>>>> +			vxlan_multicast_leave(vxlan);
>>>
>>> AFAICS vxlan_vni_update_group() is not completely ignore
>>> vxlan_multicast_{leave,join} errors. Instead is bailing out as soon as
>>> any error happens. For consistency's sake I think it would be better do
>>> the same here.
>>>
>>> Also I have the feeling that ending-up in an inconsistent status with no
>>> group joined would be less troublesome than the opposite.
>> 
>> This can already happen FWIW. If you currently want to change the remote
>> group address in a way that doesn't break things, you take the netdevice
>> down, then change it, then bring it back up. The leave during downing
>> can fail and will not be diagnosed. (Nor can it really be, you can't
>> veto downing.)
>
> I see.
>
>> I can add the bail-outs that you ask for, but I don't know that there is
>> a way to resolve these issues for real.
>
> The main point I made was about consistency: making the
> vxlan_config_apply() behavior as close as possible to
> vxlan_vni_update_group() as stated in the commit message.

No problem, I'll send a v2.