Initial multicast filtering support for bridge #309

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

With VLAN filtering on a bridge we cannot use the mcast_query_use_ifaddr mechanism. This because even if the bridge may have an address it is likely not on the same subnet as that of the VLAN, and the multicast code in the kernel does not look at VLAN interfaecs on top of bridge for a relevant adddress. For these cases we have to use querierd, or a multicast router. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

This patch adds BUM flooding control per port. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

Note, no VLAN id, or other VLAN specific information is contained in the MDB entries, only forwarding information and per-port state. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

Depends on having mtools v3+ on test PC, so add it to the docker.

With 3 data connections between host and DUT.

Simple test that tests (without VLAN): * Multicast flooding works * Join works as expected

A bridge port cannot communicate on layer-3 while acting as a bridge port. Removing the port from the bridge re-enables the link-local addresses, if any, from the configuration. Fix #327 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

This is a forward-port of one of my bridge patches to handle RFC4541 style flooding of unknown multicast. https://lore.kernel.org/netdev/20220411133837.318876-9-troglobit@gmail.com/ Changes since this thread: use inferred mctx (VLAN multicast context) from br_handle_frame_finish() and br_dev_xmit(), which should fix the per-VLAN multicast handling issue pointed out by Nikolay. Todo before next patch series, add new option instead of breaking the existing functionality for the current mcast_flood flag. E.g., add a mcast_flood_always, since the current flag stops flooding when there is a known querier on the LAN. See the above thread for details. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

An RFC conforming multicast snooping bridge should forward all unknown multicast (IP & MAC) on ports where the mcast_flood flag is set. The upstream kernel does not (yet) support this, but the KernelKit branch of the kernel and iproute2 now support it. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

And cleanup ASCII picture

Since Infix supports per-VLAN querier parameters, like query interval, we currently need to run a separate querierd per VLAN interface. The replacement, mcd, will handle this automatically in its .conf file. Also, ensure we install the daemon configuration file as an example, and thus creating the /etc/querierd/ directory for where .conf files for each interface will be generated. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

In a VLAN filtering bridge setup we want to be able to support an external IGMP/MLD querier running from userspace, because the bridge multicast code can only generate proxy/NULL querys per VLAN. This patch is a refactor to allow just that. If a VLAN on the bridge has an upper interface, matching the bridge name and VID, we generate a profile for querierd and enable the service. For all other cases we try to disable any running querierd. It is up to the daemon to figure out if it has a usable IP address to use as the query source IP or use 0.0.0.0. Since the logic for selecting a proper IP address must be handled by the daemon in the per-VLAN setup, we revert back to also use it for the stand-alone unfiltered bridge case as well. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

Remove a lot of extra sleeps.

Rename to more distinct names for netns and hostports

Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Initial multicast filtering support for bridge #309

Initial multicast filtering support for bridge #309

Commits on Mar 7, 2024