diff options
| author | Jon Maxwell <jmaxwell37@gmail.com> | 2014-05-29 03:27:16 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-06-02 01:14:50 -0400 |
| commit | c65c7a306610ee7c13669a8f5601b472c19dc6f1 (patch) | |
| tree | f5fef2264059061533b8cdbc10131f807a146486 /net | |
| parent | 4324be1e0bab67194a263be263b7e48c176d43c7 (diff) | |
bridge: notify user space after fdb update
There has been a number incidents recently where customers running KVM have
reported that VM hosts on different Hypervisors are unreachable. Based on
pcap traces we found that the bridge was broadcasting the ARP request out
onto the network. However some NICs have an inbuilt switch which on occasions
were broadcasting the VMs ARP request back through the physical NIC on the
Hypervisor. This resulted in the bridge changing ports and incorrectly learning
that the VMs mac address was external. As a result the ARP reply was directed
back onto the external network and VM never updated it's ARP cache. This patch
will notify the bridge command, after a fdb has been updated to identify such
port toggling.
Signed-off-by: Jon Maxwell <jmaxwell37@gmail.com>
Reviewed-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bridge/br_fdb.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index 9203d5a1943f..474d36f93342 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c | |||
| @@ -487,6 +487,7 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, | |||
| 487 | { | 487 | { |
| 488 | struct hlist_head *head = &br->hash[br_mac_hash(addr, vid)]; | 488 | struct hlist_head *head = &br->hash[br_mac_hash(addr, vid)]; |
| 489 | struct net_bridge_fdb_entry *fdb; | 489 | struct net_bridge_fdb_entry *fdb; |
| 490 | bool fdb_modified = false; | ||
| 490 | 491 | ||
| 491 | /* some users want to always flood. */ | 492 | /* some users want to always flood. */ |
| 492 | if (hold_time(br) == 0) | 493 | if (hold_time(br) == 0) |
| @@ -507,10 +508,15 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, | |||
| 507 | source->dev->name); | 508 | source->dev->name); |
| 508 | } else { | 509 | } else { |
| 509 | /* fastpath: update of existing entry */ | 510 | /* fastpath: update of existing entry */ |
| 510 | fdb->dst = source; | 511 | if (unlikely(source != fdb->dst)) { |
| 512 | fdb->dst = source; | ||
| 513 | fdb_modified = true; | ||
| 514 | } | ||
| 511 | fdb->updated = jiffies; | 515 | fdb->updated = jiffies; |
| 512 | if (unlikely(added_by_user)) | 516 | if (unlikely(added_by_user)) |
| 513 | fdb->added_by_user = 1; | 517 | fdb->added_by_user = 1; |
| 518 | if (unlikely(fdb_modified)) | ||
| 519 | fdb_notify(br, fdb, RTM_NEWNEIGH); | ||
| 514 | } | 520 | } |
| 515 | } else { | 521 | } else { |
| 516 | spin_lock(&br->hash_lock); | 522 | spin_lock(&br->hash_lock); |