-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial multicast filtering support for bridge #309
Commits on Mar 7, 2024
-
confd: initial multicast filtering support for bridge model
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 3dc386b - Browse repository at this point
Copy the full SHA 3dc386bView commit details -
confd: disable bridge's dumpster diving when vlan filtering
With VLAN filtering on a bridge we cannot use the mcast_query_use_ifaddr mechanism. This because even if the bridge may have an address it is likely not on the same subnet as that of the VLAN, and the multicast code in the kernel does not look at VLAN interfaecs on top of bridge for a relevant adddress. For these cases we have to use querierd, or a multicast router. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 4478ccd - Browse repository at this point
Copy the full SHA 4478ccdView commit details -
confd: improve debug messages, include ifname everywhere
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 60aafd6 - Browse repository at this point
Copy the full SHA 60aafd6View commit details -
confd: add support for bridge port flooding control
This patch adds BUM flooding control per port. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 181d184 - Browse repository at this point
Copy the full SHA 181d184View commit details -
confd: initial mdb support, per bridge and per VLAN
Note, no VLAN id, or other VLAN specific information is contained in the MDB entries, only forwarding information and per-port state. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for fad5adc - Browse repository at this point
Copy the full SHA fad5adcView commit details -
infamy: Add new class to test multicast
Depends on having mtools v3+ on test PC, so add it to the docker.
Configuration menu - View commit details
-
Copy full SHA for bd5820e - Browse repository at this point
Copy the full SHA bd5820eView commit details -
test: Add a new topoligy to test IGMP
With 3 data connections between host and DUT.
Configuration menu - View commit details
-
Copy full SHA for 3de9abc - Browse repository at this point
Copy the full SHA 3de9abcView commit details -
Simple test that tests (without VLAN): * Multicast flooding works * Join works as expected
Configuration menu - View commit details
-
Copy full SHA for 617e06e - Browse repository at this point
Copy the full SHA 617e06eView commit details -
confd: disable IPv4LL & IPv6LL on bridge port interfaces
A bridge port cannot communicate on layer-3 while acting as a bridge port. Removing the port from the bridge re-enables the link-local addresses, if any, from the configuration. Fix #327 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for a8a5341 - Browse repository at this point
Copy the full SHA a8a5341View commit details -
test: allow test container to run tcpdump (cap-net-raw)
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 45cf453 - Browse repository at this point
Copy the full SHA 45cf453View commit details -
patches/linux: forward port bridge flood unknown multicast
This is a forward-port of one of my bridge patches to handle RFC4541 style flooding of unknown multicast. https://lore.kernel.org/netdev/20220411133837.318876-9-troglobit@gmail.com/ Changes since this thread: use inferred mctx (VLAN multicast context) from br_handle_frame_finish() and br_dev_xmit(), which should fix the per-VLAN multicast handling issue pointed out by Nikolay. Todo before next patch series, add new option instead of breaking the existing functionality for the current mcast_flood flag. E.g., add a mcast_flood_always, since the current flag stops flooding when there is a known querier on the LAN. See the above thread for details. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 26363c0 - Browse repository at this point
Copy the full SHA 26363c0View commit details -
patches/linux: ignore router ports when forwarding MAC multicast
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for e21b92d - Browse repository at this point
Copy the full SHA e21b92dView commit details -
patches/iproute2: add support for bridge mcast_flood_always
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 47999d3 - Browse repository at this point
Copy the full SHA 47999d3View commit details -
confd: always flood unknown IP/MAC multicast according to mcast_flood
An RFC conforming multicast snooping bridge should forward all unknown multicast (IP & MAC) on ports where the mcast_flood flag is set. The upstream kernel does not (yet) support this, but the KernelKit branch of the kernel and iproute2 now support it. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9114b38 - Browse repository at this point
Copy the full SHA 9114b38View commit details -
test: igmp_basic: speed up test, remove unnecessary long timeout
And cleanup ASCII picture
Configuration menu - View commit details
-
Copy full SHA for 612ae2c - Browse repository at this point
Copy the full SHA 612ae2cView commit details -
Configuration menu - View commit details
-
Copy full SHA for c658331 - Browse repository at this point
Copy the full SHA c658331View commit details -
package/querierd: add per-interface service template
Since Infix supports per-VLAN querier parameters, like query interval, we currently need to run a separate querierd per VLAN interface. The replacement, mcd, will handle this automatically in its .conf file. Also, ensure we install the daemon configuration file as an example, and thus creating the /etc/querierd/ directory for where .conf files for each interface will be generated. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for a28f0ea - Browse repository at this point
Copy the full SHA a28f0eaView commit details -
confd: detect bridge per-VLAN interfaces and start querierd
In a VLAN filtering bridge setup we want to be able to support an external IGMP/MLD querier running from userspace, because the bridge multicast code can only generate proxy/NULL querys per VLAN. This patch is a refactor to allow just that. If a VLAN on the bridge has an upper interface, matching the bridge name and VID, we generate a profile for querierd and enable the service. For all other cases we try to disable any running querierd. It is up to the daemon to figure out if it has a usable IP address to use as the query source IP or use 0.0.0.0. Since the logic for selecting a proper IP address must be handled by the daemon in the per-VLAN setup, we revert back to also use it for the stand-alone unfiltered bridge case as well. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 590699f - Browse repository at this point
Copy the full SHA 590699fView commit details -
test: igmp_vlan: Speed up test significantly
Remove a lot of extra sleeps.
Configuration menu - View commit details
-
Copy full SHA for cb04338 - Browse repository at this point
Copy the full SHA cb04338View commit details -
test: igmp_basic: Speed up test and some renaming
Rename to more distinct names for netns and hostports
Configuration menu - View commit details
-
Copy full SHA for ccbcada - Browse repository at this point
Copy the full SHA ccbcadaView commit details -
patches/iproute: backport bridge mdb replace support
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 1bfe7be - Browse repository at this point
Copy the full SHA 1bfe7beView commit details -
confd: restrict mdb group to iana-rt-types:ip-multicast-group-address
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for bcba9d1 - Browse repository at this point
Copy the full SHA bcba9d1View commit details