Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp3168948iob; Mon, 16 May 2022 14:59:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyNiSzw9XyWoFxMAbi6sXzgWOn+cyJsbKZAqHJu1oB99DuR4iYyW8VM/pXYpnZqKbaoty/D X-Received: by 2002:a17:902:efce:b0:161:65bc:4d17 with SMTP id ja14-20020a170902efce00b0016165bc4d17mr9697659plb.40.1652738391950; Mon, 16 May 2022 14:59:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652738391; cv=none; d=google.com; s=arc-20160816; b=Ci/gENiP4ZSFyJkZ72w5G37aJPjI1D5NUx4jznEk7XcZPY1jylfxeBULTrTplY36Nm 84BPpvk7mj3WPoARchaI9fIg2jVCXaUhd3sh2KOlU2pwi7JwVvy0TAKzmjZR/NBXbQ8W Kcjy5HFovlCab0qnEbt4pfuGuCNd++oMw+aXXVqSpDuh+NUCWglZo4AEstESfMW6Zp/N tuoZuNYq67QxQkkteVpz5ncXsdJq2fXxNAM9ECVFCd9rW04cHWaH0w+VMSu3gdfom8S8 jCT+wOI4v33pKc91jJKGMdZh3NoVtPrUJMb+6VdxVqS8zwZmVI+FA4SUnh1FvIdPpbTs I93Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:references :cc:to:from:content-language:subject:user-agent:mime-version:date :message-id:dkim-signature; bh=3s5G9vwAfxox8I9MM/M1HHjTNOSGksKMdwJnUSaYtoA=; b=J6JLaGnxsirny1f1n2AFqQRY+A14q+Z4zKOnUsX6/CUWhewwjHXEh34ngc08wcrSEW QwxGUKpOVEu71MbS6F8UPiDCjRiRxMsa8MIeH23Mwkli5hax7nrfNGLK7bzLKA0pfHgO PEHC1y99o/Dz4jiG7L69mwm5nEolFeTt0SF0GA3dGymK0sG2wq7zb6zhn17QM/5ZtSfd 1Y/RUTEiyGB3W/NTZGtYedgKG7ot2r4Sv/5QmnXkHytkz3FuQ9ArYrQ+JXvQGw+WXDX6 q8SqmcVE9xzPKRevX/5vvrUVUXGz41Y6WTALvHg+FQmOn1F8ZnguH8TD983rYlVtZbx9 FDAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@blackwall-org.20210112.gappssmtp.com header.s=20210112 header.b=jw3zSHSy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u3-20020a634703000000b003db4a8daae5si13736862pga.646.2022.05.16.14.59.29; Mon, 16 May 2022 14:59:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@blackwall-org.20210112.gappssmtp.com header.s=20210112 header.b=jw3zSHSy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235775AbiEOGcJ (ORCPT + 99 others); Sun, 15 May 2022 02:32:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39406 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235778AbiEOGcG (ORCPT ); Sun, 15 May 2022 02:32:06 -0400 Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B30B118E32 for ; Sat, 14 May 2022 23:32:04 -0700 (PDT) Received: by mail-ej1-x62c.google.com with SMTP id dk23so23148298ejb.8 for ; Sat, 14 May 2022 23:32:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blackwall-org.20210112.gappssmtp.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language :from:to:cc:references:in-reply-to:content-transfer-encoding; bh=3s5G9vwAfxox8I9MM/M1HHjTNOSGksKMdwJnUSaYtoA=; b=jw3zSHSyxvJO6xeeVwSw0P8RZKXy69I1TiDw/O+Tl9PxmJtsNWBk0KZywDmdh1NLFZ WnkOx++BJS3Z9XdqPZ7fFBb9Wcie+osk2x4Bh9KvO/+X4g94qicgUBoc7HC/SmAItqj+ MBqmQnzBGGfb/W/1GIZkQzPaBrHLu8Sp+avcbQAbx2Nj0a7s9zpCOmSPg7SgQvWufjOY sUv0fbg5vEh9g8jDGYwl0wupf73hL+0g6aKRu3U6xe+lQwedp7ytaAvXqYRWn+Sx7lXo LXsSMX6P2RjWGTRJJqXdLyimZjphhcWjTQLO06zxArAG+gMAJeU+aJVHN7jdj51tZ7Od cVlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:from:to:cc:references:in-reply-to :content-transfer-encoding; bh=3s5G9vwAfxox8I9MM/M1HHjTNOSGksKMdwJnUSaYtoA=; b=ULeAYeeWqOQrWCLWWEsGtYAE/QTkhK56XWAZ1SCw2qgbo8NIyx4I1U1pmHOiquoDIX QGlYdKEcrOam9ocWHHKia8ia9hHib0Xrh8z/bunKHw0F5GiesdiwrQZmN7/FHZMuHJ5A +eiGC2gAlhuB3HlgBWItst6AHk3god+XOdBMCy7/MYpNrZfIcDavcXL9DqFklGXXf7UO 3d9xr7391jGd6W6uhALZMPr4Sm7GMXOk0w5+D5O+0caS9JSEMNjdT8Hms1/110I9bfxb i74OzPs17KwbrWPq85PKCtoCYarf1GaQEtwSB8A7XUrY2tjkwUsXTuhQYLdVImXQR7NX 4VXA== X-Gm-Message-State: AOAM530Gh/rvqzZqUGEz1XHGwrhN0d1hBx6wXYrtHsn8xpQ32Z6v/DKU Hzm0BYhvWD7mFHgHgV6Z5J1AKQ== X-Received: by 2002:a17:906:d552:b0:6f5:942e:bc5f with SMTP id cr18-20020a170906d55200b006f5942ebc5fmr10402254ejc.110.1652596323064; Sat, 14 May 2022 23:32:03 -0700 (PDT) Received: from [192.168.0.111] (87-243-81-1.ip.btc-net.bg. [87.243.81.1]) by smtp.gmail.com with ESMTPSA id w26-20020aa7d29a000000b0042aae307407sm89136edq.21.2022.05.14.23.32.01 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 14 May 2022 23:32:02 -0700 (PDT) Message-ID: Date: Sun, 15 May 2022 09:32:01 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [PATCH net-next v3] bond: add mac filter option for balance-xor Content-Language: en-US From: Nikolay Aleksandrov To: Jonathan Toppins , netdev@vger.kernel.org Cc: toke@redhat.com, Long Xin , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Jonathan Corbet , Jay Vosburgh , Veaceslav Falico , Andy Gospodarek , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org References: <4c9db6ac-aa24-2ca2-3e44-18cfb23ac1bc@blackwall.org> In-Reply-To: <4c9db6ac-aa24-2ca2-3e44-18cfb23ac1bc@blackwall.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15/05/2022 00:41, Nikolay Aleksandrov wrote: > On 13/05/2022 20:43, Jonathan Toppins wrote: >> Implement a MAC filter that prevents duplicate frame delivery when >> handling BUM traffic. This attempts to partially replicate OvS SLB >> Bonding[1] like functionality without requiring significant change >> in the Linux bridging code. >> >> A typical network setup for this feature would be: >> >> .--------------------------------------------. >> | .--------------------. | >> | | | | >> .-------------------. | | >> | | Bond 0 | | | | >> | .--'---. .---'--. | | | >> .----|-| eth0 |-| eth1 |-|----. .-----+----. .----+------. >> | | '------' '------' | | | Switch 1 | | Switch 2 | >> | '---,---------------' | | +---+ | >> | / | '----+-----' '----+------' >> | .---'---. .------. | | | >> | | br0 |----| VM 1 | | ~~~~~~~~~~~~~~~~~~~~~ >> | '-------' '------' | ( ) >> | | .------. | ( Rest of Network ) >> | '--------| VM # | | (_____________________) >> | '------' | >> | Host 1 | >> '-----------------------------' >> >> Where 'VM1' and 'VM#' are hosts connected to a Linux bridge, br0, with >> bond0 and its associated links, eth0 & eth1, provide ingress/egress. One >> can assume bond0, br1, and hosts VM1 to VM# are all contained in a >> single box, as depicted. Interfaces eth0 and eth1 provide redundant >> connections to the data center with the requirement to use all bandwidth >> when the system is functioning normally. Switch 1 and Switch 2 are >> physical switches that do not implement any advanced L2 management >> features such as MLAG, Cisco's VPC, or LACP. >> >> Combining this feature with vlan+srcmac hash policy allows a user to >> create an access network without the need to use expensive switches that >> support features like Cisco's VCP. >> >> [1] https://docs.openvswitch.org/en/latest/topics/bonding/#slb-bonding >> >> Co-developed-by: Long Xin >> Signed-off-by: Long Xin >> Signed-off-by: Jonathan Toppins >> --- >> >> Notes: >> v2: >> * dropped needless abstraction functions and put code in module init >> * renamed variable "rc" to "ret" to stay consistent with most of the >> code >> * fixed parameter setting management, when arp-monitor is turned on >> this feature will be turned off similar to how miimon and arp-monitor >> interact >> * renamed bond_xor_recv to bond_mac_filter_recv for a little more >> clarity >> * it appears the implied default return code for any bonding recv probe >> must be `RX_HANDLER_ANOTHER`. Changed the default return code of >> bond_mac_filter_recv to use this return value to not break skb >> processing when the skb dev is switched to the bond dev: >> `skb->dev = bond->dev` >> >> v3: Nik's comments >> * clarified documentation >> * fixed inline and basic reverse Christmas tree formatting >> * zero'ed entry in mac_create >> * removed read_lock taking in bond_mac_filter_recv >> * made has_expired() atomic and removed critical sections >> surrounding calls to has_expired(), this also removed the >> use-after-free that would have occurred: >> spin_lock_irqsave(&entry->lock, flags); >> if (has_expired(bond, entry)) >> mac_delete(bond, entry); >> spin_unlock_irqrestore(&entry->lock, flags); <--- >> * moved init/destroy of mac_filter_tbl to bond_open/bond_close >> this removed the complex option dependencies, the only behavioural >> change the user will see is if the bond is up and mac_filter is >> enabled if they try and set arp_interval they will receive -EBUSY >> * in bond_changelink moved processing of mac_filter option just below >> mode processing >> >> Documentation/networking/bonding.rst | 20 +++ >> drivers/net/bonding/Makefile | 2 +- >> drivers/net/bonding/bond_mac_filter.c | 201 ++++++++++++++++++++++++++ >> drivers/net/bonding/bond_mac_filter.h | 37 +++++ >> drivers/net/bonding/bond_main.c | 30 ++++ >> drivers/net/bonding/bond_netlink.c | 13 ++ >> drivers/net/bonding/bond_options.c | 81 +++++++++-- >> drivers/net/bonding/bonding_priv.h | 1 + >> include/net/bond_options.h | 1 + >> include/net/bonding.h | 3 + >> include/uapi/linux/if_link.h | 1 + >> 11 files changed, 373 insertions(+), 17 deletions(-) >> create mode 100644 drivers/net/bonding/bond_mac_filter.c >> create mode 100644 drivers/net/bonding/bond_mac_filter.h >> > [snip] The same problem solved using a few nftables rules (in case you don't want to load eBPF): $ nft 'add table netdev nt' $ nft 'add chain netdev nt bond0EgressFilter { type filter hook egress device bond0 priority 0; }' $ nft 'add chain netdev nt bond0IngressFilter { type filter hook ingress device bond0 priority 0; }' $ nft 'add set netdev nt macset { type ether_addr; flags timeout; }' $ nft 'add rule netdev nt bond0EgressFilter set update ether saddr timeout 5s @macset' $ nft 'add rule netdev nt bond0IngressFilter ether saddr @macset counter drop' Cheers, Nik