[Devel] [PATCH RHEL COMMIT] ve/net/vxlan: enable support in a container

Konstantin Khorenko khorenko at virtuozzo.com
Fri Sep 24 14:50:20 MSK 2021 

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit 7bc7ebc25fb9a97339c289727a0e1feb88ee12dc
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date:   Fri Sep 24 14:50:20 2021 +0300

    ve/net/vxlan: enable support in a container
    
    vxlan is safe in CT as:
    
    1) Udp multicast socket to connect to outer word sits in creation net-
    namespace, and these socket can get packets only forwarded/routed
    in creation ns.
    
    2) Vxlan device is owned by second netns(could be same as first) as
    any other network device, so same all packets come to it are from
    the same ns.
    
    3) Vxlans logic works through vxlan_net placed on creation netns,
    vxlan_fdb and vxlan_rdst are per vxlan device. Thus entries can
    not intersec with entries from host and other CTs.
    
    * One problem I can see now is adding fdb with ifindex(index of
    device to route packets from UDP socket through) after vxlan is
    moved to second namespace in vxlan_fdb_parse we use second
    namespace to check ifindex by device lookup, but in
    vxlan_xmit_one->ip_route_output_key->...->__ip_route_output_key
    we use first(creation) namespace to lookup device and probably
    will fail. So all fdb configuration should go before moving to
    ns. Same is in mainstream AFAICS.
    
    https://jira.sw.ru/browse/PSBM-53629
    
    khorenko@: Docker Swarm requires vxlans.
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    https://jira.sw.ru/browse/PSBM-133986
    
    (cherry picked from commit a37bdd010689c0c23df99edbe5a747ce90d6ff2f)
    Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
---
 drivers/net/vxlan.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 5a8df5a195cb..17a30edea97c 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -3298,6 +3298,7 @@ static void vxlan_setup(struct net_device *dev)
 	dev->features	|= NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_FRAGLIST;
 	dev->features   |= NETIF_F_RXCSUM;
 	dev->features   |= NETIF_F_GSO_SOFTWARE;
+	dev->features	|= NETIF_F_VIRTUAL;
 
 	dev->vlan_features = dev->features;
 	dev->hw_features |= NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_FRAGLIST;

More information about the Devel mailing list