[Devel] [PATCH RH7 1/2] net/vxlan: enable support and autoload in a container
Konstantin Khorenko
khorenko at virtuozzo.com
Wed Oct 26 08:22:43 PDT 2016
reviewer?
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 10/26/2016 06:14 PM, Pavel Tikhomirov wrote:
> vxlan is safe in CT as:
>
> 1) Udp multicast socket to connect to outer word sits in creation net-
> namespace, and these socket can get packets only forwarded/routed
> in creation ns.
>
> 2) Vxlan device is owned by second netns(could be same as first) as
> any other network device, so same all packets come to it are from
> the same ns.
>
> 3) Vxlans logic works through vxlan_net placed on creation netns,
> vxlan_fdb and vxlan_rdst are per vxlan device. Thus entries can
> not intersec with entries from host and other CTs.
>
> * One problem I can see now is adding fdb with ifindex(index of
> device to route packets from UDP socket through) after vxlan is
> moved to second namespace in vxlan_fdb_parse we use second
> namespace to check ifindex by device lookup, but in
> vxlan_xmit_one->ip_route_output_key->...->__ip_route_output_key
> we use first(creation) namespace to lookup device and probably
> will fail. So all fdb configuration should go before moving to
> ns. Same is in mainstream AFAICS.
>
> https://jira.sw.ru/browse/PSBM-53629
>
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
>
> ---
> drivers/net/vxlan.c | 1 +
> kernel/kmod.c | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
> index fd2516d..8e89665 100644
> --- a/drivers/net/vxlan.c
> +++ b/drivers/net/vxlan.c
> @@ -2367,6 +2367,7 @@ static void vxlan_setup(struct net_device *dev)
>
> dev->vlan_features = dev->features;
> dev->features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX;
> + dev->features |= NETIF_F_VIRTUAL;
> dev->hw_features |= NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_RXCSUM;
> dev->hw_features |= NETIF_F_GSO_SOFTWARE;
> dev->hw_features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX;
> diff --git a/kernel/kmod.c b/kernel/kmod.c
> index e0ef148..63748d4 100644
> --- a/kernel/kmod.c
> +++ b/kernel/kmod.c
> @@ -421,6 +421,7 @@ static const char * const ve0_allowed_mod[] = {
> "ip_set_list:set",
>
> "rtnl-link-dummy",
> + "rtnl-link-vxlan",
> };
>
> /*
>
More information about the Devel
mailing list