diff mbox series

[net-next,v3,06/12] net: vxlan: make vxlan_snoop() return drop reasons

Message ID 20240909071652.3349294-7-dongml2@chinatelecom.cn (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series net: vxlan: add skb drop reasons support | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 58 this patch: 58
netdev/build_tools success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/build_clang success Errors and warnings before: 116 this patch: 116
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 4957 this patch: 4957
netdev/checkpatch warning WARNING: From:/Signed-off-by: email address mismatch: 'From: Menglong Dong <menglong8.dong@gmail.com>' != 'Signed-off-by: Menglong Dong <dongml2@chinatelecom.cn>'
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-09-09--21-00 (tests: 722)

Commit Message

Menglong Dong Sept. 9, 2024, 7:16 a.m. UTC 
Change the return type of vxlan_snoop() from bool to enum
skb_drop_reason. In this commit, two drop reasons are introduced:

  SKB_DROP_REASON_VXLAN_INVALID_SMAC
  SKB_DROP_REASON_VXLAN_ENTRY_EXISTS

Signed-off-by: Menglong Dong <dongml2@chinatelecom.cn>
---
 drivers/net/vxlan/vxlan_core.c | 17 +++++++++--------
 include/net/dropreason-core.h  |  9 +++++++++
 2 files changed, 18 insertions(+), 8 deletions(-)

Comments

Ido Schimmel Sept. 11, 2024, 8:08 a.m. UTC | #1 
On Mon, Sep 09, 2024 at 03:16:46PM +0800, Menglong Dong wrote:
> @@ -1447,7 +1448,7 @@ static bool vxlan_snoop(struct net_device *dev,
>  
>  	/* Ignore packets from invalid src-address */
>  	if (!is_valid_ether_addr(src_mac))
> -		return true;
> +		return SKB_DROP_REASON_VXLAN_INVALID_SMAC;

[...]

> diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h
> index 98259d2b3e92..1b9ec4a49c38 100644
> --- a/include/net/dropreason-core.h
> +++ b/include/net/dropreason-core.h
> @@ -94,6 +94,8 @@
>  	FN(TC_RECLASSIFY_LOOP)		\
>  	FN(VXLAN_INVALID_HDR)		\
>  	FN(VXLAN_VNI_NOT_FOUND)		\
> +	FN(VXLAN_INVALID_SMAC)		\

Since this is now part of the core reasons, why not name it
"INVALID_SMAC" so that it could be reused outside of the VXLAN driver?
For example, the bridge driver has the exact same check in its receive
path (see br_handle_frame()).

> +	FN(VXLAN_ENTRY_EXISTS)		\
>  	FN(IP_TUNNEL_ECN)		\
>  	FNe(MAX)
Menglong Dong Sept. 12, 2024, 2:30 a.m. UTC | #2 
On Wed, Sep 11, 2024 at 4:08 PM Ido Schimmel <idosch@nvidia.com> wrote:
>
> On Mon, Sep 09, 2024 at 03:16:46PM +0800, Menglong Dong wrote:
> > @@ -1447,7 +1448,7 @@ static bool vxlan_snoop(struct net_device *dev,
> >
> >       /* Ignore packets from invalid src-address */
> >       if (!is_valid_ether_addr(src_mac))
> > -             return true;
> > +             return SKB_DROP_REASON_VXLAN_INVALID_SMAC;
>
> [...]
>
> > diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h
> > index 98259d2b3e92..1b9ec4a49c38 100644
> > --- a/include/net/dropreason-core.h
> > +++ b/include/net/dropreason-core.h
> > @@ -94,6 +94,8 @@
> >       FN(TC_RECLASSIFY_LOOP)          \
> >       FN(VXLAN_INVALID_HDR)           \
> >       FN(VXLAN_VNI_NOT_FOUND)         \
> > +     FN(VXLAN_INVALID_SMAC)          \
>
> Since this is now part of the core reasons, why not name it
> "INVALID_SMAC" so that it could be reused outside of the VXLAN driver?
> For example, the bridge driver has the exact same check in its receive
> path (see br_handle_frame()).
>

Yeah, I checked the br_handle_frame() and it indeed does
the same check.

I'll rename it to INVALID_SMAC for general usage.

Thanks!
Menglong Dong
> > +     FN(VXLAN_ENTRY_EXISTS)          \
> >       FN(IP_TUNNEL_ECN)               \
> >       FNe(MAX)
Menglong Dong Sept. 13, 2024, 9:13 a.m. UTC | #3 
On Thu, Sep 12, 2024 at 10:30 AM Menglong Dong <menglong8.dong@gmail.com> wrote:
>
> On Wed, Sep 11, 2024 at 4:08 PM Ido Schimmel <idosch@nvidia.com> wrote:
> >
> > On Mon, Sep 09, 2024 at 03:16:46PM +0800, Menglong Dong wrote:
> > > @@ -1447,7 +1448,7 @@ static bool vxlan_snoop(struct net_device *dev,
> > >
> > >       /* Ignore packets from invalid src-address */
> > >       if (!is_valid_ether_addr(src_mac))
> > > -             return true;
> > > +             return SKB_DROP_REASON_VXLAN_INVALID_SMAC;
> >
> > [...]
> >
> > > diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h
> > > index 98259d2b3e92..1b9ec4a49c38 100644
> > > --- a/include/net/dropreason-core.h
> > > +++ b/include/net/dropreason-core.h
> > > @@ -94,6 +94,8 @@
> > >       FN(TC_RECLASSIFY_LOOP)          \
> > >       FN(VXLAN_INVALID_HDR)           \
> > >       FN(VXLAN_VNI_NOT_FOUND)         \
> > > +     FN(VXLAN_INVALID_SMAC)          \
> >
> > Since this is now part of the core reasons, why not name it
> > "INVALID_SMAC" so that it could be reused outside of the VXLAN driver?
> > For example, the bridge driver has the exact same check in its receive
> > path (see br_handle_frame()).
> >
>
> Yeah, I checked the br_handle_frame() and it indeed does
> the same check.
>
> I'll rename it to INVALID_SMAC for general usage.
>

Hello, does anyone have more comments on this series before I
send the next version?

Thanks!
Menglong Dong
> > > +     FN(VXLAN_ENTRY_EXISTS)          \
> > >       FN(IP_TUNNEL_ECN)               \
> > >       FNe(MAX)
Simon Horman Sept. 14, 2024, 9:33 a.m. UTC | #4 
On Fri, Sep 13, 2024 at 05:13:41PM +0800, Menglong Dong wrote:
> On Thu, Sep 12, 2024 at 10:30 AM Menglong Dong <menglong8.dong@gmail.com> wrote:
> >
> > On Wed, Sep 11, 2024 at 4:08 PM Ido Schimmel <idosch@nvidia.com> wrote:
> > >
> > > On Mon, Sep 09, 2024 at 03:16:46PM +0800, Menglong Dong wrote:
> > > > @@ -1447,7 +1448,7 @@ static bool vxlan_snoop(struct net_device *dev,
> > > >
> > > >       /* Ignore packets from invalid src-address */
> > > >       if (!is_valid_ether_addr(src_mac))
> > > > -             return true;
> > > > +             return SKB_DROP_REASON_VXLAN_INVALID_SMAC;
> > >
> > > [...]
> > >
> > > > diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h
> > > > index 98259d2b3e92..1b9ec4a49c38 100644
> > > > --- a/include/net/dropreason-core.h
> > > > +++ b/include/net/dropreason-core.h
> > > > @@ -94,6 +94,8 @@
> > > >       FN(TC_RECLASSIFY_LOOP)          \
> > > >       FN(VXLAN_INVALID_HDR)           \
> > > >       FN(VXLAN_VNI_NOT_FOUND)         \
> > > > +     FN(VXLAN_INVALID_SMAC)          \
> > >
> > > Since this is now part of the core reasons, why not name it
> > > "INVALID_SMAC" so that it could be reused outside of the VXLAN driver?
> > > For example, the bridge driver has the exact same check in its receive
> > > path (see br_handle_frame()).
> > >
> >
> > Yeah, I checked the br_handle_frame() and it indeed does
> > the same check.
> >
> > I'll rename it to INVALID_SMAC for general usage.
> >
> 
> Hello, does anyone have more comments on this series before I
> send the next version?

Hi,

As you may have noted after posting the above,
net-next is now closed until after v6.12-rc1 has been released.
So, most likely, you will need to hold of on posting v4 until then.
Menglong Dong Sept. 16, 2024, 4:39 a.m. UTC | #5 
On Sat, Sep 14, 2024 at 5:33 PM Simon Horman <horms@kernel.org> wrote:
>
> On Fri, Sep 13, 2024 at 05:13:41PM +0800, Menglong Dong wrote:
> > On Thu, Sep 12, 2024 at 10:30 AM Menglong Dong <menglong8.dong@gmail.com> wrote:
> > >
> > > On Wed, Sep 11, 2024 at 4:08 PM Ido Schimmel <idosch@nvidia.com> wrote:
> > > >
> > > > On Mon, Sep 09, 2024 at 03:16:46PM +0800, Menglong Dong wrote:
> > > > > @@ -1447,7 +1448,7 @@ static bool vxlan_snoop(struct net_device *dev,
> > > > >
> > > > >       /* Ignore packets from invalid src-address */
> > > > >       if (!is_valid_ether_addr(src_mac))
> > > > > -             return true;
> > > > > +             return SKB_DROP_REASON_VXLAN_INVALID_SMAC;
> > > >
> > > > [...]
> > > >
> > > > > diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h
> > > > > index 98259d2b3e92..1b9ec4a49c38 100644
> > > > > --- a/include/net/dropreason-core.h
> > > > > +++ b/include/net/dropreason-core.h
> > > > > @@ -94,6 +94,8 @@
> > > > >       FN(TC_RECLASSIFY_LOOP)          \
> > > > >       FN(VXLAN_INVALID_HDR)           \
> > > > >       FN(VXLAN_VNI_NOT_FOUND)         \
> > > > > +     FN(VXLAN_INVALID_SMAC)          \
> > > >
> > > > Since this is now part of the core reasons, why not name it
> > > > "INVALID_SMAC" so that it could be reused outside of the VXLAN driver?
> > > > For example, the bridge driver has the exact same check in its receive
> > > > path (see br_handle_frame()).
> > > >
> > >
> > > Yeah, I checked the br_handle_frame() and it indeed does
> > > the same check.
> > >
> > > I'll rename it to INVALID_SMAC for general usage.
> > >
> >
> > Hello, does anyone have more comments on this series before I
> > send the next version?
>
> Hi,
>
> As you may have noted after posting the above,
> net-next is now closed until after v6.12-rc1 has been released.
> So, most likely, you will need to hold of on posting v4 until then.

Thanks for reminding me that, I'll send the v4 after the net-next
opens.
diff mbox series

Patch

diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
index 03c82c945b33..2ba25be78ac9 100644
--- a/drivers/net/vxlan/vxlan_core.c
+++ b/drivers/net/vxlan/vxlan_core.c
@@ -1437,9 +1437,10 @@  static int vxlan_fdb_get(struct sk_buff *skb,
  * and Tunnel endpoint.
  * Return true if packet is bogus and should be dropped.
  */
-static bool vxlan_snoop(struct net_device *dev,
-			union vxlan_addr *src_ip, const u8 *src_mac,
-			u32 src_ifindex, __be32 vni)
+static enum skb_drop_reason vxlan_snoop(struct net_device *dev,
+					union vxlan_addr *src_ip,
+					const u8 *src_mac, u32 src_ifindex,
+					__be32 vni)
 {
 	struct vxlan_dev *vxlan = netdev_priv(dev);
 	struct vxlan_fdb *f;
@@ -1447,7 +1448,7 @@  static bool vxlan_snoop(struct net_device *dev,
 
 	/* Ignore packets from invalid src-address */
 	if (!is_valid_ether_addr(src_mac))
-		return true;
+		return SKB_DROP_REASON_VXLAN_INVALID_SMAC;
 
 #if IS_ENABLED(CONFIG_IPV6)
 	if (src_ip->sa.sa_family == AF_INET6 &&
@@ -1461,15 +1462,15 @@  static bool vxlan_snoop(struct net_device *dev,
 
 		if (likely(vxlan_addr_equal(&rdst->remote_ip, src_ip) &&
 			   rdst->remote_ifindex == ifindex))
-			return false;
+			return SKB_NOT_DROPPED_YET;
 
 		/* Don't migrate static entries, drop packets */
 		if (f->state & (NUD_PERMANENT | NUD_NOARP))
-			return true;
+			return SKB_DROP_REASON_VXLAN_ENTRY_EXISTS;
 
 		/* Don't override an fdb with nexthop with a learnt entry */
 		if (rcu_access_pointer(f->nh))
-			return true;
+			return SKB_DROP_REASON_VXLAN_ENTRY_EXISTS;
 
 		if (net_ratelimit())
 			netdev_info(dev,
@@ -1497,7 +1498,7 @@  static bool vxlan_snoop(struct net_device *dev,
 		spin_unlock(&vxlan->hash_lock[hash_index]);
 	}
 
-	return false;
+	return SKB_NOT_DROPPED_YET;
 }
 
 static bool __vxlan_sock_release_prep(struct vxlan_sock *vs)
diff --git a/include/net/dropreason-core.h b/include/net/dropreason-core.h
index 98259d2b3e92..1b9ec4a49c38 100644
--- a/include/net/dropreason-core.h
+++ b/include/net/dropreason-core.h
@@ -94,6 +94,8 @@ 
 	FN(TC_RECLASSIFY_LOOP)		\
 	FN(VXLAN_INVALID_HDR)		\
 	FN(VXLAN_VNI_NOT_FOUND)		\
+	FN(VXLAN_INVALID_SMAC)		\
+	FN(VXLAN_ENTRY_EXISTS)		\
 	FN(IP_TUNNEL_ECN)		\
 	FNe(MAX)
 
@@ -429,6 +431,13 @@  enum skb_drop_reason {
 	SKB_DROP_REASON_VXLAN_INVALID_HDR,
 	/** @SKB_DROP_REASON_VXLAN_VNI_NOT_FOUND: no VXLAN device found for VNI */
 	SKB_DROP_REASON_VXLAN_VNI_NOT_FOUND,
+	/** @SKB_DROP_REASON_VXLAN_INVALID_SMAC: source mac is invalid */
+	SKB_DROP_REASON_VXLAN_INVALID_SMAC,
+	/**
+	 * @SKB_DROP_REASON_VXLAN_ENTRY_EXISTS: trying to migrate a static
+	 * entry or an entry pointing to a nexthop.
+	 */
+	SKB_DROP_REASON_VXLAN_ENTRY_EXISTS,
 	/**
 	 * @SKB_DROP_REASON_IP_TUNNEL_ECN: skb is dropped according to
 	 * RFC 6040 4.2, see __INET_ECN_decapsulate() for detail.