1. 13 Oct, 2023 13 commits
    • David S. Miller's avatar
      Merge branch 'vxlan-fdb-flushing' · 7497b0af
      David S. Miller authored
      Amit Cohen says:
      
      ====================
      Extend VXLAN driver to support FDB flushing
      
      The merge commit 92716869 ("Merge branch 'br-flush-filtering'") added
      support for FDB flushing in bridge driver. Extend VXLAN driver to support
      FDB flushing also. Add support for filtering by fields which are relevant
      for VXLAN FDBs:
      * Source VNI
      * Nexthop ID
      * 'router' flag
      * Destination VNI
      * Destination Port
      * Destination IP
      
      Without this set, flush for VXLAN device fails:
      $ bridge fdb flush dev vx10
      RTNETLINK answers: Operation not supported
      
      With this set, such flush works with the relevant arguments, for example:
      $ bridge fdb flush dev vx10 vni 5000 dst 193.2.2.1
      < flush all vx10 entries with VNI 5000 and destination IP 193.2.2.1>
      
      Some preparations are required, handle them before adding flushing support
      in VXLAN driver. See more details in commit messages.
      
      Patch set overview:
      Patch #1 prepares flush policy to be used by VXLAN driver
      Patches #2-#3 are preparations in VXLAN driver
      Patch #4 adds an initial support for flushing in VXLAN driver
      Patches #5-#9 add support for filtering by several attributes
      Patch #10 adds a test for FDB flush with VXLAN
      Patch #11 extends the test to check FDB flush with bridge
      ====================
      Acked-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7497b0af
    • Amit Cohen's avatar
      selftests: fdb_flush: Add test cases for FDB flush with bridge device · f826f2a2
      Amit Cohen authored
      Extend the test to check flushing with bridge device, test flush by device
      and by VID.
      
      Add test case for flushing with "self" and "master" and attributes that are
      supported only in one driver, this is unrecommended configuration, check it
      to verify that user gets an error.
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f826f2a2
    • Amit Cohen's avatar
      selftests: Add test cases for FDB flush with VXLAN device · 96eece69
      Amit Cohen authored
      Test all the supported arguments for FDB flush. The test checks
      configuration, not traffic. Note that the flag 'offloaded' is not checked
      as it is not relevant when there is no hardware.
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      96eece69
    • Amit Cohen's avatar
      vxlan: vxlan_core: Support FDB flushing by destination IP · 2dcd2202
      Amit Cohen authored
      Add support for flush VXLAN FDB entries by destination IP. FDB entry is
      stored as {MAC, SRC_VNI} + remote. The destination IP is an attribute of
      the remote. For multicast entries, the VXLAN driver stores a linked list
      of remotes for a given key.
      
      In user space, each remote is represented as a separate entry, so when
      flush is sent with filter of 'destination IP', flush only the match
      remotes. In case that there are no additional remotes, destroy the entry.
      
      For example, the following are stored as one entry with several remotes:
      $ bridge fdb show dev vx10
      00:00:00:00:00:00 dst 192.1.1.3 self permanent
      00:00:00:00:00:00 dst 192.1.1.1 self permanent
      00:00:00:00:00:00 dst 192.1.1.2 self permanent
      00:00:00:00:00:00 dst 192.1.1.1 vni 1000 self permanent
      
      When user flush by destination IP x, only the relevant remotes will be
      flushed:
      $ bridge fdb flush dev vx10 dst 192.1.1.1
      
      $ bridge fdb show dev vx10
      00:00:00:00:00:00 dst 192.1.1.3 self permanent
      00:00:00:00:00:00 dst 192.1.1.2 self permanent
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2dcd2202
    • Amit Cohen's avatar
      vxlan: vxlan_core: Support FDB flushing by destination port · ac0db4dd
      Amit Cohen authored
      Add support for flush VXLAN FDB entries by destination port. FDB entry
      is stored as {MAC, SRC_VNI} + remote. The destination port is an attribute
      of the remote. For multicast entries, the VXLAN driver stores a linked list
      of remotes for a given key.
      
      In user space, each remote is represented as a separate entry, so when
      flush is sent with filter of 'destination port', flush only the match
      remotes. In case that there are no additional remotes, destroy the entry.
      
      For example, the following are stored as one entry with several remotes:
      $ bridge fdb show dev vx10
      00:00:00:00:00:00 dst 192.1.1.1 port 1111 vni 2000 self permanent
      00:00:00:00:00:00 dst 192.1.1.1 port 1111 vni 3000 self permanent
      00:00:00:00:00:00 dst 192.1.1.1 port 2222 vni 2000 self permanent
      00:00:00:00:00:00 dst 192.1.1.1 vni 3000 self permanent
      
      When user flush by port x, only the relevant remotes will be flushed:
      $ bridge fdb flush dev vx10 port 1111
      
      $ bridge fdb show dev vx10
      00:00:00:00:00:00 dst 192.1.1.1 port 2222 vni 2000 self permanent
      00:00:00:00:00:00 dst 192.1.1.1 vni 3000 self permanent
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ac0db4dd
    • Amit Cohen's avatar
      vxlan: vxlan_core: Support FDB flushing by destination VNI · c499fccb
      Amit Cohen authored
      Add support for flush VXLAN FDB entries by destination VNI. FDB entry is
      stored as {MAC, SRC_VNI} + remote. The destination VNI is an attribute
      of the remote. For multicast entries, the VXLAN driver stores a linked list
      of remotes for a given key.
      
      In user space, each remote is represented as a separate entry, so when
      flush is sent with filter of 'destination VNI', flush only the match
      remotes. In case that there are no additional remotes, destroy the entry.
      
      For example, the following are stored as one entry with several remotes:
      $ bridge fdb show dev vx10
      00:00:00:00:00:00 dst 192.1.1.1 vni 3000 self permanent
      00:00:00:00:00:00 dst 192.1.1.1 vni 4000 self permanent
      00:00:00:00:00:00 dst 192.1.1.1 vni 2000 self permanent
      00:00:00:00:00:00 dst 192.1.1.2 vni 2000 self permanent
      
      When user flush by VNI x, only the relevant remotes will be flushed:
      $ bridge fdb flush dev vx10 vni 2000
      
      $ bridge fdb show dev vx10
      00:00:00:00:00:00 dst 192.1.1.1 vni 3000 self permanent
      00:00:00:00:00:00 dst 192.1.1.1 vni 4000 self permanent
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c499fccb
    • Amit Cohen's avatar
      vxlan: vxlan_core: Support FDB flushing by nexthop ID · 36c11123
      Amit Cohen authored
      Add support for flush VXLAN FDB entries by nexthop ID.
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      36c11123
    • Amit Cohen's avatar
      vxlan: vxlan_core: Support FDB flushing by source VNI · a0f89d5e
      Amit Cohen authored
      Add support for flush VXLAN FDB entries by source VNI.
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a0f89d5e
    • Amit Cohen's avatar
      vxlan: vxlan_core: Add support for FDB flush · d324eb9c
      Amit Cohen authored
      The merge commit 92716869 ("Merge branch 'br-flush-filtering'")
      added support for FDB flushing in bridge driver only, the VXLAN driver does
      not support such flushing. Extend VXLAN driver to support FDB flushing.
      In this commit, add support for flushing with state and flags, which are
      the fields that supported in the bridge driver.
      
      Note that bridge driver supports 'NTF_USE' flag, but there is no point to
      support this flag for flushing as it is ignored when flags are stored.
      'NTF_STICKY' is not relevant for VXLAN driver.
      
      'NTF_ROUTER' is not supported in bridge driver for flush as it is not
      relevant for bridge, add it for VXLAN.
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d324eb9c
    • Amit Cohen's avatar
      vxlan: vxlan_core: Do not skip default entry in vxlan_flush() by default · 77b613ef
      Amit Cohen authored
      Currently, the function vxlan_flush() does not flush the default FDB entry
      (an entry with all_zeros_mac and default VNI), as it is deleted at
      vxlan_uninit(). When this function will be used for flushing FDB entries
      from user space, it will have to flush also the default entry in case that
      other parameters match (e.g., VNI, flags).
      
      Extend 'struct vxlan_fdb_flush_desc' to include an indication whether
      the default entry should be flushed or not. The default value (false)
      indicates to flush it, adjust all the existing callers to set
      '.ignore_default_entry' to true, so the current behavior will not be
      changed.
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      77b613ef
    • Amit Cohen's avatar
      vxlan: vxlan_core: Make vxlan_flush() more generic for future use · bfe36bf7
      Amit Cohen authored
      The function vxlan_flush() gets a boolean called 'do_all' and in case
      that it is false, it does not flush entries with state 'NUD_PERMANENT'
      or 'NUD_NOARP'. The following patches will add support for FDB flush
      with parameters from user space. Make the function more generic, so it
      can be used later.
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bfe36bf7
    • Amit Cohen's avatar
      net: Handle bulk delete policy in bridge driver · 38985e8c
      Amit Cohen authored
      The merge commit 92716869 ("Merge branch 'br-flush-filtering'")
      added support for FDB flushing in bridge driver. The following patches
      will extend VXLAN driver to support FDB flushing as well. The netlink
      message for bulk delete is shared between the drivers. With the existing
      implementation, there is no way to prevent user from flushing with
      attributes that are not supported per driver. For example, when VNI will
      be added, user will not get an error for flush FDB entries in bridge
      with VNI, although this attribute is not relevant for bridge.
      
      As preparation for support of FDB flush in VXLAN driver, move the policy
      to be handled in bridge driver, later a new policy for VXLAN will be
      added in VXLAN driver. Do not pass 'vid' as part of ndo_fdb_del_bulk(),
      as this field is relevant only for bridge.
      Signed-off-by: default avatarAmit Cohen <amcohen@nvidia.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      38985e8c
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 0e6bb5b7
      Jakub Kicinski authored
      Cross-merge networking fixes after downstream PR.
      
      No conflicts.
      
      Adjacent changes:
      
      kernel/bpf/verifier.c
        82995598 ("bpf: Fix verifier log for async callback return values")
        a923819f ("bpf: Treat first argument as return value for bpf_throw")
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      0e6bb5b7
  2. 12 Oct, 2023 27 commits