Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: DENG Qingfang <dqfext@gmail.com>
Cc: netfilter-devel@vger.kernel.org,
	"David S. Miller" <davem@davemloft.net>,
	netdev@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
	Andrew Lunn <andrew@lunn.ch>, Vladimir Oltean <olteanv@gmail.com>,
	Tobias Waldekranz <tobias@waldekranz.com>,
	Felix Fietkau <nbd@nbd.name>
Subject: Re: [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address
Date: Wed, 24 Mar 2021 11:03:54 +0100	[thread overview]
Message-ID: <20210324100354.GA8040@salvia> (raw)
In-Reply-To: <20210324072711.2835969-1-dqfext@gmail.com>

On Wed, Mar 24, 2021 at 03:27:11PM +0800, DENG Qingfang wrote:
> On Wed, Mar 24, 2021 at 02:30:32AM +0100, Pablo Neira Ayuso wrote:
> > This patch adds dev_fill_forward_path() which resolves the path to reach
> > the real netdevice from the IP forwarding side. This function takes as
> > input the netdevice and the destination hardware address and it walks
> > down the devices calling .ndo_fill_forward_path() for each device until
> > the real device is found.
> > 
> > For instance, assuming the following topology:
> > 
> >                IP forwarding
> >               /             \
> >            br0              eth0
> >            / \
> >        eth1  eth2
> >         .
> >         .
> >         .
> >        ethX
> >  ab:cd:ef:ab:cd:ef
> > 
> > where eth1 and eth2 are bridge ports and eth0 provides WAN connectivity.
> > ethX is the interface in another box which is connected to the eth1
> > bridge port.
> > 
> > For packets going through IP forwarding to br0 whose destination MAC
> > address is ab:cd:ef:ab:cd:ef, dev_fill_forward_path() provides the
> > following path:
> > 
> > 	br0 -> eth1
> > 
> > .ndo_fill_forward_path for br0 looks up at the FDB for the bridge port
> > from the destination MAC address to get the bridge port eth1.
> > 
> > This information allows to create a fast path that bypasses the classic
> > bridge and IP forwarding paths, so packets go directly from the bridge
> > port eth1 to eth0 (wan interface) and vice versa.
> > 
> >              fast path
> >       .------------------------.
> >      /                          \
> >     |           IP forwarding   |
> >     |          /             \  \/
> >     |       br0               eth0
> >     .       / \
> >      -> eth1  eth2
> >         .
> >         .
> >         .
> >        ethX
> >  ab:cd:ef:ab:cd:ef
> 
> Have you tested if roaming breaks existing TCP/UDP connections?
> For example, eth1 and eth2 are connected to 2 WiFi APs, and the
> client ab:cd:ef:ab:cd:ef roams between these APs.

For this scenario specifically, it should be possible extend the
existing flowtable netlink API to allow hostapd to flush entries in
the flowtable for the client changing AP.

next prev parent reply	other threads:[~2021-03-24 10:04 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-24  1:30 [PATCH net-next,v2 00/24] netfilter: flowtable enhancements Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 01/24] net: resolve forwarding path from virtual netdevice and HW destination address Pablo Neira Ayuso
2021-03-24  7:27   ` DENG Qingfang
2021-03-24 10:03     ` Pablo Neira Ayuso [this message]
2021-03-24 16:07       ` DENG Qingfang
2021-03-24 19:15         ` Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 02/24] net: 8021q: resolve forwarding path for vlan devices Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 03/24] net: bridge: resolve forwarding path for bridge devices Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 04/24] net: bridge: resolve forwarding path for VLAN tag actions in " Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 05/24] net: ppp: resolve forwarding path for bridge pppoe devices Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 06/24] net: dsa: resolve forwarding path for dsa slave ports Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 07/24] netfilter: flowtable: add xmit path types Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 08/24] netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 09/24] netfilter: flowtable: use dev_fill_forward_path() to obtain egress device Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 10/24] netfilter: flowtable: add vlan support Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 11/24] netfilter: flowtable: add bridge vlan filtering support Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 12/24] netfilter: flowtable: add pppoe support Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 13/24] netfilter: flowtable: add dsa support Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 14/24] selftests: netfilter: flowtable bridge and vlan support Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 15/24] netfilter: flowtable: add offload support for xmit path types Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 16/24] netfilter: nft_flow_offload: use direct xmit if hardware offload is enabled Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 17/24] netfilter: flowtable: bridge vlan hardware offload and switchdev Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 18/24] net: flow_offload: add FLOW_ACTION_PPPOE_PUSH Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 19/24] netfilter: flowtable: support for FLOW_ACTION_PPPOE_PUSH Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 20/24] dsa: slave: add support for TC_SETUP_FT Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 21/24] net: ethernet: mtk_eth_soc: fix parsing packets in GDM Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 22/24] net: ethernet: mtk_eth_soc: add support for initializing the PPE Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 23/24] net: ethernet: mtk_eth_soc: add flow offloading support Pablo Neira Ayuso
2021-03-24  1:30 ` [PATCH net-next,v2 24/24] docs: nf_flowtable: update documentation with enhancements Pablo Neira Ayuso
2021-03-24 20:00 ` [PATCH net-next,v2 00/24] netfilter: flowtable enhancements patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210324100354.GA8040@salvia \
    --to=pablo@netfilter.org \
    --cc=andrew@lunn.ch \
    --cc=davem@davemloft.net \
    --cc=dqfext@gmail.com \
    --cc=kuba@kernel.org \
    --cc=nbd@nbd.name \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=olteanv@gmail.com \
    --cc=tobias@waldekranz.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).