From: Felix Fietkau <nbd@nbd.name> Subject: [PATCH] bridge: multicast to unicast Implement optinal multicast->unicast conversion for igmp snooping --- --- a/include/linux/if_bridge.h +++ b/include/linux/if_bridge.h @@ -46,6 +46,7 @@ struct br_ip_list { #define BR_LEARNING_SYNC BIT(9) #define BR_PROXYARP_WIFI BIT(10) #define BR_ISOLATE_MODE BIT(11) +#define BR_MULTICAST_TO_UCAST BIT(12) #define BR_DEFAULT_AGEING_TIME (300 * HZ) --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -42,12 +42,13 @@ static void br_multicast_add_router(stru static void br_ip4_multicast_leave_group(struct net_bridge *br, struct net_bridge_port *port, __be32 group, - __u16 vid); + __u16 vid, + const unsigned char *src); #if IS_ENABLED(CONFIG_IPV6) static void br_ip6_multicast_leave_group(struct net_bridge *br, struct net_bridge_port *port, const struct in6_addr *group, - __u16 vid); + __u16 vid, const unsigned char *src); #endif unsigned int br_mdb_rehash_seq; @@ -652,7 +653,8 @@ struct net_bridge_port_group *br_multica struct net_bridge_port *port, struct br_ip *group, struct net_bridge_port_group __rcu *next, - unsigned char state) + unsigned char state, + const unsigned char *src) { struct net_bridge_port_group *p; @@ -667,12 +669,33 @@ struct net_bridge_port_group *br_multica hlist_add_head(&p->mglist, &port->mglist); setup_timer(&p->timer, br_multicast_port_group_expired, (unsigned long)p); + if ((port->flags & BR_MULTICAST_TO_UCAST) && src) { + memcpy(p->eth_addr, src, ETH_ALEN); + p->unicast = true; + } return p; } +static bool br_port_group_equal(struct net_bridge_port_group *p, + struct net_bridge_port *port, + const unsigned char *src) +{ + if (p->port != port) + return false; + + if (!p->unicast) + return true; + + if (!src) + return false; + + return ether_addr_equal(src, p->eth_addr); +} + static int br_multicast_add_group(struct net_bridge *br, struct net_bridge_port *port, - struct br_ip *group) + struct br_ip *group, + const unsigned char *src) { struct net_bridge_mdb_entry *mp; struct net_bridge_port_group *p; @@ -699,13 +722,13 @@ static int br_multicast_add_group(struct for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL; pp = &p->next) { - if (p->port == port) + if (br_port_group_equal(p, port, src)) goto found; if ((unsigned long)p->port < (unsigned long)port) break; } - p = br_multicast_new_port_group(port, group, *pp, MDB_TEMPORARY); + p = br_multicast_new_port_group(port, group, *pp, MDB_TEMPORARY, src); if (unlikely(!p)) goto err; rcu_assign_pointer(*pp, p); @@ -724,7 +747,7 @@ err: static int br_ip4_multicast_add_group(struct net_bridge *br, struct net_bridge_port *port, __be32 group, - __u16 vid) + __u16 vid, const unsigned char *src) { struct br_ip br_group; @@ -735,14 +758,14 @@ static int br_ip4_multicast_add_group(st br_group.proto = htons(ETH_P_IP); br_group.vid = vid; - return br_multicast_add_group(br, port, &br_group); + return br_multicast_add_group(br, port, &br_group, src); } #if IS_ENABLED(CONFIG_IPV6) static int br_ip6_multicast_add_group(struct net_bridge *br, struct net_bridge_port *port, const struct in6_addr *group, - __u16 vid) + __u16 vid, const unsigned char *src) { struct br_ip br_group; @@ -753,7 +776,7 @@ static int br_ip6_multicast_add_group(st br_group.proto = htons(ETH_P_IPV6); br_group.vid = vid; - return br_multicast_add_group(br, port, &br_group); + return br_multicast_add_group(br, port, &br_group, src); } #endif @@ -1003,6 +1026,7 @@ static int br_ip4_multicast_igmp3_report struct sk_buff *skb, u16 vid) { + const unsigned char *src; struct igmpv3_report *ih; struct igmpv3_grec *grec; int i; @@ -1043,12 +1067,13 @@ static int br_ip4_multicast_igmp3_report continue; } + src = eth_hdr(skb)->h_source; if ((type == IGMPV3_CHANGE_TO_INCLUDE || type == IGMPV3_MODE_IS_INCLUDE) && ntohs(grec->grec_nsrcs) == 0) { - br_ip4_multicast_leave_group(br, port, group, vid); + br_ip4_multicast_leave_group(br, port, group, vid, src); } else { - err = br_ip4_multicast_add_group(br, port, group, vid); + err = br_ip4_multicast_add_group(br, port, group, vid, src); if (err) break; } @@ -1063,6 +1088,7 @@ static int br_ip6_multicast_mld2_report( struct sk_buff *skb, u16 vid) { + const unsigned char *src = eth_hdr(skb)->h_source; struct icmp6hdr *icmp6h; struct mld2_grec *grec; int i; @@ -1114,10 +1140,10 @@ static int br_ip6_multicast_mld2_report( grec->grec_type == MLD2_MODE_IS_INCLUDE) && ntohs(*nsrcs) == 0) { br_ip6_multicast_leave_group(br, port, &grec->grec_mca, - vid); + vid, src); } else { err = br_ip6_multicast_add_group(br, port, - &grec->grec_mca, vid); + &grec->grec_mca, vid, src); if (err) break; } @@ -1432,7 +1458,8 @@ br_multicast_leave_group(struct net_brid struct net_bridge_port *port, struct br_ip *group, struct bridge_mcast_other_query *other_query, - struct bridge_mcast_own_query *own_query) + struct bridge_mcast_own_query *own_query, + const unsigned char *src) { struct net_bridge_mdb_htable *mdb; struct net_bridge_mdb_entry *mp; @@ -1456,7 +1483,7 @@ br_multicast_leave_group(struct net_brid for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL; pp = &p->next) { - if (p->port != port) + if (!br_port_group_equal(p, port, src)) continue; rcu_assign_pointer(*pp, p->next); @@ -1519,7 +1546,7 @@ br_multicast_leave_group(struct net_brid for (p = mlock_dereference(mp->ports, br); p != NULL; p = mlock_dereference(p->next, br)) { - if (p->port != port) + if (!br_port_group_equal(p, port, src)) continue; if (!hlist_unhashed(&p->mglist) && @@ -1537,8 +1564,8 @@ out: static void br_ip4_multicast_leave_group(struct net_bridge *br, struct net_bridge_port *port, - __be32 group, - __u16 vid) + __be32 group, __u16 vid, + const unsigned char *src) { struct br_ip br_group; struct bridge_mcast_own_query *own_query; @@ -1553,14 +1580,14 @@ static void br_ip4_multicast_leave_group br_group.vid = vid; br_multicast_leave_group(br, port, &br_group, &br->ip4_other_query, - own_query); + own_query, src); } #if IS_ENABLED(CONFIG_IPV6) static void br_ip6_multicast_leave_group(struct net_bridge *br, struct net_bridge_port *port, const struct in6_addr *group, - __u16 vid) + __u16 vid, const unsigned char *src) { struct br_ip br_group; struct bridge_mcast_own_query *own_query; @@ -1575,7 +1602,7 @@ static void br_ip6_multicast_leave_group br_group.vid = vid; br_multicast_leave_group(br, port, &br_group, &br->ip6_other_query, - own_query); + own_query, src); } #endif @@ -1584,6 +1611,7 @@ static int br_multicast_ipv4_rcv(struct struct sk_buff *skb, u16 vid) { + const unsigned char *src; struct sk_buff *skb_trimmed = NULL; struct igmphdr *ih; int err; @@ -1600,12 +1628,13 @@ static int br_multicast_ipv4_rcv(struct BR_INPUT_SKB_CB(skb)->igmp = 1; ih = igmp_hdr(skb); + src = eth_hdr(skb)->h_source; switch (ih->type) { case IGMP_HOST_MEMBERSHIP_REPORT: case IGMPV2_HOST_MEMBERSHIP_REPORT: BR_INPUT_SKB_CB(skb)->mrouters_only = 1; - err = br_ip4_multicast_add_group(br, port, ih->group, vid); + err = br_ip4_multicast_add_group(br, port, ih->group, vid, src); break; case IGMPV3_HOST_MEMBERSHIP_REPORT: err = br_ip4_multicast_igmp3_report(br, port, skb_trimmed, vid); @@ -1614,7 +1643,7 @@ static int br_multicast_ipv4_rcv(struct err = br_ip4_multicast_query(br, port, skb_trimmed, vid); break; case IGMP_HOST_LEAVE_MESSAGE: - br_ip4_multicast_leave_group(br, port, ih->group, vid); + br_ip4_multicast_leave_group(br, port, ih->group, vid, src); break; } @@ -1630,6 +1659,7 @@ static int br_multicast_ipv6_rcv(struct struct sk_buff *skb, u16 vid) { + const unsigned char *src; struct sk_buff *skb_trimmed = NULL; struct mld_msg *mld; int err; @@ -1649,8 +1679,9 @@ static int br_multicast_ipv6_rcv(struct switch (mld->mld_type) { case ICMPV6_MGM_REPORT: + src = eth_hdr(skb)->h_source; BR_INPUT_SKB_CB(skb)->mrouters_only = 1; - err = br_ip6_multicast_add_group(br, port, &mld->mld_mca, vid); + err = br_ip6_multicast_add_group(br, port, &mld->mld_mca, vid, src); break; case ICMPV6_MLD2_REPORT: err = br_ip6_multicast_mld2_report(br, port, skb_trimmed, vid); @@ -1659,7 +1690,8 @@ static int br_multicast_ipv6_rcv(struct err = br_ip6_multicast_query(br, port, skb_trimmed, vid); break; case ICMPV6_MGM_REDUCTION: - br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid); + src = eth_hdr(skb)->h_source; + br_ip6_multicast_leave_group(br, port, &mld->mld_mca, vid, src); break; } --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h @@ -157,7 +157,9 @@ struct net_bridge_port_group { struct rcu_head rcu; struct timer_list timer; struct br_ip addr; + unsigned char eth_addr[ETH_ALEN]; unsigned char state; + bool unicast; }; struct net_bridge_mdb_entry @@ -555,7 +557,8 @@ void br_multicast_free_pg(struct rcu_hea struct net_bridge_port_group * br_multicast_new_port_group(struct net_bridge_port *port, struct br_ip *group, struct net_bridge_port_group __rcu *next, - unsigned char state); + unsigned char state, + const unsigned char *src); void br_mdb_init(void); void br_mdb_uninit(void); void br_mdb_notify(struct net_device *dev, struct net_bridge_port *port, --- a/net/bridge/br_mdb.c +++ b/net/bridge/br_mdb.c @@ -416,7 +416,7 @@ static int br_mdb_add_group(struct net_b break; } - p = br_multicast_new_port_group(port, group, *pp, state); + p = br_multicast_new_port_group(port, group, *pp, state, NULL); if (unlikely(!p)) return -ENOMEM; rcu_assign_pointer(*pp, p); --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c @@ -192,6 +192,34 @@ out: return p; } +static struct net_bridge_port *maybe_deliver_addr( + struct net_bridge_port *prev, struct net_bridge_port *p, + struct sk_buff *skb, const unsigned char *addr, + void (*__packet_hook)(const struct net_bridge_port *p, + struct sk_buff *skb)) +{ + struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev; + const unsigned char *src = eth_hdr(skb)->h_source; + + if (!should_deliver(p, skb)) + return prev; + + /* Even with hairpin, no soliloquies - prevent breaking IPv6 DAD */ + if (skb->dev == p->dev && ether_addr_equal(src, addr)) + return prev; + + skb = skb_copy(skb, GFP_ATOMIC); + if (!skb) { + dev->stats.tx_dropped++; + return prev; + } + + memcpy(eth_hdr(skb)->h_dest, addr, ETH_ALEN); + __packet_hook(p, skb); + + return prev; +} + /* called under bridge lock */ static void br_flood(struct net_bridge *br, struct sk_buff *skb, struct sk_buff *skb0, @@ -264,6 +292,7 @@ static void br_multicast_flood(struct ne struct net_bridge_port *prev = NULL; struct net_bridge_port_group *p; struct hlist_node *rp; + const unsigned char *addr; rp = rcu_dereference(hlist_first_rcu(&br->router_list)); p = mdst ? rcu_dereference(mdst->ports) : NULL; @@ -274,10 +303,19 @@ static void br_multicast_flood(struct ne rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) : NULL; - port = (unsigned long)lport > (unsigned long)rport ? - lport : rport; - - prev = maybe_deliver(prev, port, skb, __packet_hook); + if ((unsigned long)lport > (unsigned long)rport) { + port = lport; + addr = p->unicast ? p->eth_addr : NULL; + } else { + port = rport; + addr = NULL; + } + + if (addr) + prev = maybe_deliver_addr(prev, port, skb, addr, + __packet_hook); + else + prev = maybe_deliver(prev, port, skb, __packet_hook); if (IS_ERR(prev)) goto out; --- a/net/bridge/br_sysfs_if.c +++ b/net/bridge/br_sysfs_if.c @@ -204,6 +204,7 @@ static BRPORT_ATTR(multicast_router, S_I store_multicast_router); BRPORT_ATTR_FLAG(multicast_fast_leave, BR_MULTICAST_FAST_LEAVE); +BRPORT_ATTR_FLAG(multicast_to_unicast, BR_MULTICAST_TO_UCAST); #endif static const struct brport_attribute *brport_attrs[] = { @@ -230,6 +231,7 @@ static const struct brport_attribute *br #ifdef CONFIG_BRIDGE_IGMP_SNOOPING &brport_attr_multicast_router, &brport_attr_multicast_fast_leave, + &brport_attr_multicast_to_unicast, #endif &brport_attr_proxyarp, &brport_attr_proxyarp_wifi,