From patchwork Mon Mar 22 15:45:27 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nikolay Aleksandrov <razor@blackwall.org>
X-Patchwork-Id: 406532
Return-Path: <netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,
 INCLUDES_PATCH, 
 MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED,
 USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id D60A5C433DB
 for <netdev@archiver.kernel.org>;
 Mon, 22 Mar 2021 15:46:22 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by mail.kernel.org (Postfix) with ESMTP id 9FF5761606
 for <netdev@archiver.kernel.org>;
 Mon, 22 Mar 2021 15:46:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S230104AbhCVPpx (ORCPT <rfc822;netdev@archiver.kernel.org>);
 Mon, 22 Mar 2021 11:45:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37752 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by
 vger.kernel.org with ESMTP id S230151AbhCVPpf (ORCPT
 <rfc822;netdev@vger.kernel.org>); Mon, 22 Mar 2021 11:45:35 -0400
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com
 [IPv6:2a00:1450:4864:20::533])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F4E3C061574
 for <netdev@vger.kernel.org>; Mon, 22 Mar 2021 08:45:34 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id b16so19942960eds.7
 for <netdev@vger.kernel.org>; Mon, 22 Mar 2021 08:45:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=blackwall-org.20150623.gappssmtp.com; s=20150623;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=sANlXMVqsl2aKn3Z66der6aHhsvdu11h2110/nO0vMs=;
 b=OWy9EqRCalVtRAbn9gLT3sgT05a5GeFJP1xtKWtYRWAImDpAi7woU89y/AAfvnK5tb
 m5sl15WUXgy2SexHXBcd7qP6NV5STFzlkThDedoJiJmKiGTMOZAjwD2767X7Q/2a173/
 gqdeWZ8ZZ/hw465ueJA/RivubUv5BrK6G9sFT5OM7bhNDWja+JsdYbXWF96rNRIHc5vm
 2eoRJRRCxXeWavHfXi4dE1fc1AiuTAlX9m2/xhu8+HErEcY9t6wo6OBNu/oWo30rZ1m/
 weJ8YyE2AgiYHQRacIKRL7Se6TdJ8Hs8JD9j8N25W4crq114m/QYyk6/qiqg0a3vyMxb
 r0jA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=sANlXMVqsl2aKn3Z66der6aHhsvdu11h2110/nO0vMs=;
 b=PiDB/d7wYYAYibSUwwJQ00gH1Un2EfQO84cj+B5IX6EEaZ3da7efGVwV8zhP52rXx7
 DsylvnmKZ28jSM83Sh6zyOVru7ivtKji5rnMC7Hli850x001qnHjYBDzG1cMvNW6vMFj
 WWi73DEFYE9154QWsq1zhevzxIa9uBX0/p1BgDzQ1YMaX27XzLxx+ZM2Sx6ytveldnq1
 PjkRcbIr7YSgo3MvbdgAg3U7tcfhOghT8vQm0HNu5mMLvlxf9Al7eFc5Wiew4DBwMYh9
 BwgeXU86LDENrgC/gx3udS9WCgCBPUAnVPvTGjZJaoHBrgq8afq3UrlNJpui6qQFFwnJ
 tENw==
X-Gm-Message-State: AOAM5331GNhICGcmWPd4iq/v64AEWQnMTpF9xDz8JOEjqo+vo5UBaXlp
 dMlJs1RLQtGPNEzs9nnep3IQmRLPVnUsbhJH
X-Google-Smtp-Source: ABdhPJwhT+bPiYLdGRnd3yrTthz6BzxlQh/lou1wEpTojUjl776KED4P1UKCfK3y4aL5xO8h1aOeUQ==
X-Received: by 2002:a05:6402:1853:: with SMTP id
 v19mr139960edy.179.1616427932902; 
 Mon, 22 Mar 2021 08:45:32 -0700 (PDT)
Received: from debil.vdiclient.nvidia.com (84-238-136-197.ip.btc-net.bg.
 [84.238.136.197]) by smtp.gmail.com with ESMTPSA id
 t27sm9834223ejc.62.2021.03.22.08.45.31
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 22 Mar 2021 08:45:32 -0700 (PDT)
From: Nikolay Aleksandrov <razor@blackwall.org>
To: netdev@vger.kernel.org
Cc: roopa@nvidia.com, bridge@lists.linux-foundation.org,
 Nikolay Aleksandrov <nikolay@nvidia.com>, Amer Abdalamer <amer@nvidia.com>
Subject: [PATCH net-next] net: bridge: when suppression is enabled exclude
 RARP packets
Date: Mon, 22 Mar 2021 17:45:27 +0200
Message-Id: <20210322154527.224886-1-razor@blackwall.org>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Nikolay Aleksandrov <nikolay@nvidia.com>

Recently we had an interop issue where RARP packets got suppressed with
bridge neigh suppression enabled, but the check in the code was meant to
suppress GARP. Exclude RARP packets from it which would allow some VMWare
setups to work, to quote the report:
"Those RARP packets usually get generated by vMware to notify physical
switches when vMotion occurs. vMware may use random sip/tip or just use
sip=tip=0. So the RARP packet sometimes get properly flooded by the vtep
and other times get dropped by the logic"

Reported-by: Amer Abdalamer <amer@nvidia.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com>
---
Targeting net-next as it's not critical, can be considered an improvement.

 net/bridge/br_arp_nd_proxy.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/bridge/br_arp_nd_proxy.c b/net/bridge/br_arp_nd_proxy.c
index dfec65eca8a6..3db1def4437b 100644
--- a/net/bridge/br_arp_nd_proxy.c
+++ b/net/bridge/br_arp_nd_proxy.c
@@ -160,7 +160,9 @@ void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br,
 	if (br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED)) {
 		if (p && (p->flags & BR_NEIGH_SUPPRESS))
 			return;
-		if (ipv4_is_zeronet(sip) || sip == tip) {
+		if (parp->ar_op != htons(ARPOP_RREQUEST) &&
+		    parp->ar_op != htons(ARPOP_RREPLY) &&
+		    (ipv4_is_zeronet(sip) || sip == tip)) {
 			/* prevent flooding to neigh suppress ports */
 			BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
 			return;