Hi, here is a few bridge cleanups - code alignment and conditional compilation for structure members. Please review. Hope I didn't miss anything. Anyway if it breaks someone patch queue -- just drop this series then. Cyrill
In case if kernel was compiled without ebtables support
there is no need to keep ebt_table pointers in netns_xt
structure.
Make it config dependent.
Signed-off-by: Cyrill Gorcunov <gorcunov <at> openvz.org>
---
Probably GCC will authomatically shrink the structure
if the members are not in use. Please review.
include/net/netns/x_tables.h | 3 +++
1 file changed, 3 insertions(+)
Index: linux-2.6.git/include/net/netns/x_tables.h
=====================================================================
--- linux-2.6.git.orig/include/net/netns/x_tables.h
+++ linux-2.6.git/include/net/netns/x_tables.h
<at> <at> -8,8 +8,11 <at> <at> struct ebt_table;
struct netns_xt {
struct list_head tables[NFPROTO_NUMPROTO];
+#if defined(CONFIG_BRIDGE_NF_EBTABLES) || \
+ defined(CONFIG_BRIDGE_NF_EBTABLES_MODULE)
struct ebt_table *broute_table;
struct ebt_table *frame_filter;
struct ebt_table *frame_nat;
+#endif
};
(Continue reading)
No functional change -- just for easier reading.
Signed-off-by: Cyrill Gorcunov <gorcunov <at> openvz.org>
---
net/bridge/br_netfilter.c | 96 ++++++++++++++++++++++++++--------------------
1 file changed, 56 insertions(+), 40 deletions(-)
Index: linux-2.6.git/net/bridge/br_netfilter.c
=====================================================================
--- linux-2.6.git.orig/net/bridge/br_netfilter.c
+++ linux-2.6.git/net/bridge/br_netfilter.c
<at> <at> -905,46 +905,62 <at> <at> static unsigned int ip_sabotage_in(unsig
* For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because
* ip_refrag() can return NF_STOLEN. */
static struct nf_hook_ops br_nf_ops[] __read_mostly = {
- { .hook = br_nf_pre_routing,
- .owner = THIS_MODULE,
- .pf = PF_BRIDGE,
- .hooknum = NF_BR_PRE_ROUTING,
- .priority = NF_BR_PRI_BRNF, },
- { .hook = br_nf_local_in,
- .owner = THIS_MODULE,
- .pf = PF_BRIDGE,
- .hooknum = NF_BR_LOCAL_IN,
- .priority = NF_BR_PRI_BRNF, },
- { .hook = br_nf_forward_ip,
- .owner = THIS_MODULE,
- .pf = PF_BRIDGE,
- .hooknum = NF_BR_FORWARD,
- .priority = NF_BR_PRI_BRNF - 1, },
(Continue reading)
Hi Srinivas, Really sorry for this long gap in replying due to unavailability of the test setup. I'm using rstpd daemon in the switches RSTP_SW1 and RSTP_SW2. I've also made the ports p0 and p1 to be non-P2P as well as non-edge ports. The switch loop still exists and after quite a number of seconds, the loop gets broken by transition of p0 link of RSTP_SW1 to blocking state. The problem seems to occur when the RSTP port p1 of RSTP_SW1 goes to forwarding mode before p0 ports are put into blocking state. Could there be a problem in computing port vector priorities when mixing STP and RSTP, so that, while computing the port roles, the RSTP port p1 is wrongly assigned the 'root' role from 'alternate' role, before moving the port p0 to blocking? I've checked with the IEEE-802.1D-2004 specification for the same. I've also verified the timings for processing the BPDUs and assignment of port states in the switch. They seem to be in conformance with the specification. Thanks in advance, Ramasamy C On Wed, Jun 10, 2009 at 10:19 AM, Srinivas M.A.<srinivas.aji <at> gmail.com> wrote: > One thing that could be a problem is that p0 on the two RSTP switches > are set to auto p2p. This means that the RSTP will assume that it is > p2p if the link is duplex and that it is a broadcast LAN segment if > the link is not duplex. This assumption is valid only if all switches(Continue reading)
| Hi All, I am facing some very interested problem with the Linux bridge. Let me explain you the setup first:
wireless STA AP Managed switch
======== ==== ============
| |_______| | ___| | ____DHCP SERVER
| | | | | |
======== ====
============
Bridge on AP is
br100 = > eth0.100
ath0.100
So here in this setup station is sending DHCP Discover to AP which is received on ath0.100 interface of bridge and it forwards that request to eth0.100. eth0.100 adds its vlan tag and forward this request to a managed switch which can understand vlan tags. then this this switch removed vlan tag and forwards this request to DHCP server. DHCP server then replied to it with DHCP offer packet. DHCP offer is s Broadcast packet. This offer packet is received in eth0.100 but some how it is not forwarded on ath0.100 so that station can also get this. I have verified it by using ethereal that DHCP offer packet is coming to eth0.100 interface but it is not received in ath0.100. One more thing, this is not happening everytime. This is happening
sometime only.
So My problem is that like why bridge is not forwarding this DHCP offer packet to ath0.100 sometime. Can any body help me on this. Do let me know if you want any other detail about setup.
With Regards
Rahul Bhardwaj |
_______________________________________________ Bridge mailing list Bridge <at> lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
On Sat, 04 Jul 2009 10:11:57 +0400 Cyrill Gorcunov <gorcunov <at> openvz.org> wrote: > No functional change -- just for easier reading. > > Signed-off-by: Cyrill Gorcunov <gorcunov <at> openvz.org> > --- > net/bridge/br_netfilter.c | 96 ++++++++++++++++++++++++++-------------------- > 1 file changed, 56 insertions(+), 40 deletions(-) > Acked-by: Stephen Hemminger <shemminger <at> vyatta.com> -- --
On Sat, 04 Jul 2009 10:11:58 +0400
Cyrill Gorcunov <gorcunov <at> openvz.org> wrote:
> In case if kernel was compiled without ebtables support
> there is no need to keep ebt_table pointers in netns_xt
> structure.
>
> Make it config dependent.
>
> Signed-off-by: Cyrill Gorcunov <gorcunov <at> openvz.org>
> ---
>
> Probably GCC will authomatically shrink the structure
> if the members are not in use. Please review.
>
> include/net/netns/x_tables.h | 3 +++
> 1 file changed, 3 insertions(+)
>
> Index: linux-2.6.git/include/net/netns/x_tables.h
> =====================================================================
> --- linux-2.6.git.orig/include/net/netns/x_tables.h
> +++ linux-2.6.git/include/net/netns/x_tables.h
> <at> <at> -8,8 +8,11 <at> <at> struct ebt_table;
>
> struct netns_xt {
> struct list_head tables[NFPROTO_NUMPROTO];
> +#if defined(CONFIG_BRIDGE_NF_EBTABLES) || \
> + defined(CONFIG_BRIDGE_NF_EBTABLES_MODULE)
> struct ebt_table *broute_table;
> struct ebt_table *frame_filter;
> struct ebt_table *frame_nat;
> +#endif
> };
> #endif
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo <at> vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Acked-by: Stephen Hemminger <shemminger <at> vyatta.com>
--
--
Hi. My name is Seong Hoon working for company which makes DB Security Solution.
A part of our solution has been produced by using bridge on Linux box.
Unfortunately, We offered the solution to our customer but we had a bridge performance problem.
Through the google web site, I searched the many sites about the performance of bridge.
But I cannot catch the right solution.
It is the block diagram before we organized it.
Before configuration
WAS <--------> Switch <---------> DB Server
After configuration
WAS <--------> Switch <---------> Our product using the bridge. -------> DB Server
One service in my customer site finishes after DB Connection, SQL Query execution (it takes 0.5 seconds) and DB Connection Close excute 150 times.
Before configuration, I took 71.269 seconds in the test results.
And After configuration, I took 94.633 seconds in the test results.
The bridge performance is a little down.
I think my customer feels uncomfotable because 150 execution time which the bridge speed of performance degradation combined is big time.
I don't know the result is right above.
Please, give me information about how to upgrade bridge performance.
My Mail Address : junsan12 <at> empal.com
_______________________________________________ Bridge mailing list Bridge <at> lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/bridge
[Stephen Hemminger - Thu, Jul 09, 2009 at 12:55:00PM -0700] | On Sat, 04 Jul 2009 10:11:57 +0400 | Cyrill Gorcunov <gorcunov <at> openvz.org> wrote: | | > No functional change -- just for easier reading. | > | > Signed-off-by: Cyrill Gorcunov <gorcunov <at> openvz.org> | > --- | > net/bridge/br_netfilter.c | 96 ++++++++++++++++++++++++++-------------------- | > 1 file changed, 56 insertions(+), 40 deletions(-) | > | | | Acked-by: Stephen Hemminger <shemminger <at> vyatta.com> | | -- | Thanks for review Stephen. Will you pick them up? -- Cyrill
I am facing a issue with bridge that apparently stops fwding and
hoping someone can point out what
is going wrong or give some clues.
am using linux 2.6.27 and corresponding bridgeutils pkg.
my topology inside the machine is like this
172.16.0.3
172.16.0.2
(Server_daemon)....udp socket......[ my_bridge
].............tap0......[Virtual machine1]
atop kernel ! !
! !
tap1
tap2........[virtual machine3]
!
[virtual machine2]
I create a few virtual machines using qemu and have their tap
interfaces hook into
the bridge.
virtual machine1 internally assigns 172.16.0.2 to its virtual nic
the bridge itself has address 172.16.0.3
my server binds a UDP socket to a {fixed port, 172.16.0.3} and takes
heartbeats and messages
from virtual machine1 who is UDP client and binds to 172.16.0.2
things work fine and packets flow both ways
STP is turned off by default as per "brctl show"
trouble starts when I shut down virtual machine2 or 3 and detach the
tap1 or tap2 from
the bridge. the detach sequence I used is:
ifconfig tap1 down
brctl delif br_internal tap1
ifconfig tap1 up
I would expect the bridge to keep on forwarding pkts to and from tap0
port which is
still attached, however i see sometimes the bridge receives frames from tap0
(heartbeats from virtual machine1) but my socket never gets it and is
blocked in recvfrom()
this condition lasts from 10-40 seconds before things get back to normal.
I think my socket is ok because I sent a message to it from another
thread while this
condition was happening and this dummy message instantly came to recvfrom().
tried turning on STP and setting fwd delay of 0 to no avail. also
tried explicitly setting the
promiscuous flag with ifconfig.
/var/log/messages does not show tap0 going out of forwarding state. it
appears normal.
the port thats detached goes into disabled state which is expected.
if there is anything wrong with my approach or there is some known
issue with bridge
forwarding during topology change, kindly let me know.
I need to be able to attach and detach taps dynamically without
affecting traffic on
other ports as the VLANs used by the virtual machines can be changed on the fly.
multiple virtual machine tap's could be hooked onto the same bridge
(vlan) hence the
issue.
thanks
Deepjyoti Kakati
RSS Feed11 | |
|---|---|
23 | |
61 | |
80 | |
66 | |
140 | |
71 | |
20 | |
12 | |
12 | |
55 | |
10 | |
15 | |
18 | |
3 | |
40 | |
21 | |
17 | |
17 | |
39 | |
2 | |
18 | |
27 | |
6 | |
16 | |
51 | |
35 | |
100 | |
43 | |
23 | |
24 | |
21 | |
53 | |
10 | |
41 | |
20 | |
43 | |
47 | |
57 | |
102 | |
31 | |
82 | |
46 | |
103 | |
8 | |
11 | |
92 | |
27 | |
81 | |
143 | |
96 | |
82 | |
23 | |
44 | |
12 | |
39 | |
30 | |
31 | |
28 | |
43 | |
55 | |
51 | |
54 | |
67 | |
16 | |
33 | |
13 | |
52 | |
29 | |
35 | |
36 | |
20 | |
17 | |
30 | |
72 | |
73 | |
44 | |
38 | |
50 | |
38 | |
38 | |
32 | |
37 | |
37 | |
29 | |
40 | |
34 | |
19 | |
19 | |
21 | |
40 | |
38 | |
27 | |
30 | |
38 | |
30 | |
38 | |
51 | |
24 | |
47 | |
20 | |
97 | |
37 | |
15 | |
6 | |
52 | |
99 | |
71 | |
70 | |
71 | |
56 | |
54 | |
39 | |
37 | |
9 | |
11 | |
40 | |
48 | |
44 | |
64 | |
87 | |
78 | |
83 | |
75 | |
148 | |
68 | |
65 | |
84 | |
121 | |
82 | |
6 | |
89 | |
113 | |
103 | |
1 |
