[Devel] [PATCH RH7 1/2] net/vxlan: enable support and autoload in a container
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Tue Nov 15 22:45:31 PST 2016
ping
On 10/26/2016 06:31 PM, Pavel Tikhomirov wrote:
> Andrey, please review.
>
> On 10/26/2016 06:14 PM, Pavel Tikhomirov wrote:
>> vxlan is safe in CT as:
>>
>> 1) Udp multicast socket to connect to outer word sits in creation net-
>> namespace, and these socket can get packets only forwarded/routed
>> in creation ns.
>>
>> 2) Vxlan device is owned by second netns(could be same as first) as
>> any other network device, so same all packets come to it are from
>> the same ns.
>>
>> 3) Vxlans logic works through vxlan_net placed on creation netns,
>> vxlan_fdb and vxlan_rdst are per vxlan device. Thus entries can
>> not intersec with entries from host and other CTs.
>>
>> * One problem I can see now is adding fdb with ifindex(index of
>> device to route packets from UDP socket through) after vxlan is
>> moved to second namespace in vxlan_fdb_parse we use second
>> namespace to check ifindex by device lookup, but in
>> vxlan_xmit_one->ip_route_output_key->...->__ip_route_output_key
>> we use first(creation) namespace to lookup device and probably
>> will fail. So all fdb configuration should go before moving to
>> ns. Same is in mainstream AFAICS.
>>
>> https://jira.sw.ru/browse/PSBM-53629
>>
>> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
>>
>> ---
>> drivers/net/vxlan.c | 1 +
>> kernel/kmod.c | 1 +
>> 2 files changed, 2 insertions(+)
>>
>> diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
>> index fd2516d..8e89665 100644
>> --- a/drivers/net/vxlan.c
>> +++ b/drivers/net/vxlan.c
>> @@ -2367,6 +2367,7 @@ static void vxlan_setup(struct net_device *dev)
>>
>> dev->vlan_features = dev->features;
>> dev->features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX;
>> + dev->features |= NETIF_F_VIRTUAL;
>> dev->hw_features |= NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_RXCSUM;
>> dev->hw_features |= NETIF_F_GSO_SOFTWARE;
>> dev->hw_features |= NETIF_F_HW_VLAN_CTAG_TX |
>> NETIF_F_HW_VLAN_STAG_TX;
>> diff --git a/kernel/kmod.c b/kernel/kmod.c
>> index e0ef148..63748d4 100644
>> --- a/kernel/kmod.c
>> +++ b/kernel/kmod.c
>> @@ -421,6 +421,7 @@ static const char * const ve0_allowed_mod[] = {
>> "ip_set_list:set",
>>
>> "rtnl-link-dummy",
>> + "rtnl-link-vxlan",
>> };
>>
>> /*
>>
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list