mirror of
				https://github.com/openvswitch/ovs
				synced 2025-10-25 15:07:05 +00:00 
			
		
		
		
	mirroring: Allow learning to be disabled on a VLAN.
RSPAN does not work properly unless MAC learning for the VLAN is disabled on all switches between the origin and monitoring point. This allows learning to be disabled on a given VLAN so vSwitch can acts as an intermediate switch. Feature #2136
This commit is contained in:
		| @@ -21,6 +21,7 @@ | |||||||
| #include <inttypes.h> | #include <inttypes.h> | ||||||
| #include <stdlib.h> | #include <stdlib.h> | ||||||
|  |  | ||||||
|  | #include "bitmap.h" | ||||||
| #include "coverage.h" | #include "coverage.h" | ||||||
| #include "hash.h" | #include "hash.h" | ||||||
| #include "list.h" | #include "list.h" | ||||||
| @@ -129,6 +130,7 @@ mac_learning_create(void) | |||||||
|         list_push_front(&ml->free, &s->lru_node); |         list_push_front(&ml->free, &s->lru_node); | ||||||
|     } |     } | ||||||
|     ml->secret = random_uint32(); |     ml->secret = random_uint32(); | ||||||
|  |     ml->non_learning_vlans = NULL; | ||||||
|     return ml; |     return ml; | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -136,9 +138,36 @@ mac_learning_create(void) | |||||||
| void | void | ||||||
| mac_learning_destroy(struct mac_learning *ml) | mac_learning_destroy(struct mac_learning *ml) | ||||||
| { | { | ||||||
|  |     if (ml) { | ||||||
|  |         bitmap_free(ml->non_learning_vlans); | ||||||
|  |     } | ||||||
|     free(ml); |     free(ml); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /* Provides a bitmap of VLANs which have learning disabled.  It takes | ||||||
|  |  * ownership of the bitmap.  Returns true if the set has changed from | ||||||
|  |  * the previous value. */ | ||||||
|  | bool | ||||||
|  | mac_learning_set_disabled_vlans(struct mac_learning *ml, unsigned long *bitmap) | ||||||
|  | { | ||||||
|  |     bool ret = (bitmap == NULL | ||||||
|  |         ? ml->non_learning_vlans != NULL | ||||||
|  |         : (ml->non_learning_vlans == NULL | ||||||
|  |           || !bitmap_equal(bitmap, ml->non_learning_vlans, 4096))); | ||||||
|  |  | ||||||
|  |     bitmap_free(ml->non_learning_vlans); | ||||||
|  |     ml->non_learning_vlans = bitmap; | ||||||
|  |  | ||||||
|  |     return ret; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | static bool | ||||||
|  | is_learning_vlan(const struct mac_learning *ml, uint16_t vlan) | ||||||
|  | { | ||||||
|  |     return !(ml->non_learning_vlans | ||||||
|  |             && bitmap_is_set(ml->non_learning_vlans, vlan)); | ||||||
|  | } | ||||||
|  |  | ||||||
| /* Attempts to make 'ml' learn from the fact that a frame from 'src_mac' was | /* Attempts to make 'ml' learn from the fact that a frame from 'src_mac' was | ||||||
|  * just observed arriving from 'src_port' on the given 'vlan'. |  * just observed arriving from 'src_port' on the given 'vlan'. | ||||||
|  * |  * | ||||||
| @@ -156,6 +185,10 @@ mac_learning_learn(struct mac_learning *ml, | |||||||
|     struct mac_entry *e; |     struct mac_entry *e; | ||||||
|     struct list *bucket; |     struct list *bucket; | ||||||
|  |  | ||||||
|  |     if (!is_learning_vlan(ml, vlan)) { | ||||||
|  |         return 0; | ||||||
|  |     } | ||||||
|  |  | ||||||
|     if (eth_addr_is_multicast(src_mac)) { |     if (eth_addr_is_multicast(src_mac)) { | ||||||
|         static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 30); |         static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(30, 30); | ||||||
|         VLOG_DBG_RL(&rl, "multicast packet source "ETH_ADDR_FMT, |         VLOG_DBG_RL(&rl, "multicast packet source "ETH_ADDR_FMT, | ||||||
| @@ -216,7 +249,7 @@ mac_learning_lookup_tag(const struct mac_learning *ml, | |||||||
|                         const uint8_t dst[ETH_ADDR_LEN], uint16_t vlan, |                         const uint8_t dst[ETH_ADDR_LEN], uint16_t vlan, | ||||||
|                         tag_type *tag) |                         tag_type *tag) | ||||||
| { | { | ||||||
|     if (eth_addr_is_multicast(dst)) { |     if (eth_addr_is_multicast(dst) || !is_learning_vlan(ml, vlan)) { | ||||||
|         return -1; |         return -1; | ||||||
|     } else { |     } else { | ||||||
|         struct mac_entry *e = search_bucket(mac_table_bucket(ml, dst, vlan), |         struct mac_entry *e = search_bucket(mac_table_bucket(ml, dst, vlan), | ||||||
|   | |||||||
| @@ -52,10 +52,13 @@ struct mac_learning { | |||||||
|     struct list table[MAC_HASH_SIZE]; /* Hash table. */ |     struct list table[MAC_HASH_SIZE]; /* Hash table. */ | ||||||
|     struct mac_entry entries[MAC_MAX]; /* All entries. */ |     struct mac_entry entries[MAC_MAX]; /* All entries. */ | ||||||
|     uint32_t secret;            /* Secret for  */ |     uint32_t secret;            /* Secret for  */ | ||||||
|  |     unsigned long *non_learning_vlans; /* Bitmap of learning disabled VLANs. */ | ||||||
| }; | }; | ||||||
|  |  | ||||||
| struct mac_learning *mac_learning_create(void); | struct mac_learning *mac_learning_create(void); | ||||||
| void mac_learning_destroy(struct mac_learning *); | void mac_learning_destroy(struct mac_learning *); | ||||||
|  | bool mac_learning_set_disabled_vlans(struct mac_learning *, | ||||||
|  |                                      unsigned long *bitmap); | ||||||
| tag_type mac_learning_learn(struct mac_learning *, | tag_type mac_learning_learn(struct mac_learning *, | ||||||
|                             const uint8_t src[ETH_ADDR_LEN], uint16_t vlan, |                             const uint8_t src[ETH_ADDR_LEN], uint16_t vlan, | ||||||
|                             uint16_t src_port); |                             uint16_t src_port); | ||||||
|   | |||||||
| @@ -3265,7 +3265,8 @@ static void | |||||||
| mirror_reconfigure(struct bridge *br) | mirror_reconfigure(struct bridge *br) | ||||||
| { | { | ||||||
|     struct svec old_mirrors, new_mirrors; |     struct svec old_mirrors, new_mirrors; | ||||||
|     size_t i; |     size_t i, n_rspan_vlans; | ||||||
|  |     unsigned long *rspan_vlans; | ||||||
|  |  | ||||||
|     /* Collect old and new mirrors. */ |     /* Collect old and new mirrors. */ | ||||||
|     svec_init(&old_mirrors); |     svec_init(&old_mirrors); | ||||||
| @@ -3314,6 +3315,27 @@ mirror_reconfigure(struct bridge *br) | |||||||
|             m->out_port->is_mirror_output_port = true; |             m->out_port->is_mirror_output_port = true; | ||||||
|         } |         } | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     /* Update learning disabled vlans (for RSPAN). */ | ||||||
|  |     rspan_vlans = NULL; | ||||||
|  |     n_rspan_vlans = cfg_count("vlan.%s.disable-learning", br->name); | ||||||
|  |     if (n_rspan_vlans) { | ||||||
|  |         rspan_vlans = bitmap_allocate(4096); | ||||||
|  |  | ||||||
|  |         for (i = 0; i < n_rspan_vlans; i++) { | ||||||
|  |             int vlan = cfg_get_vlan(i, "vlan.%s.disable-learning", br->name); | ||||||
|  |             if (vlan >= 0) { | ||||||
|  |                 bitmap_set1(rspan_vlans, vlan); | ||||||
|  |             } else { | ||||||
|  |                 VLOG_ERR("bridge %s: invalid value '%s' for learning disabled " | ||||||
|  |                          "VLAN", br->name, | ||||||
|  |                        cfg_get_string(i, "vlan.%s.disable-learning", br->name)); | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  |     if (mac_learning_set_disabled_vlans(br->ml, rspan_vlans)) { | ||||||
|  |         bridge_flush(br); | ||||||
|  |     } | ||||||
| } | } | ||||||
|  |  | ||||||
| static void | static void | ||||||
|   | |||||||
| @@ -347,12 +347,15 @@ on port 1, disrupting connectivity.  If mirroring to a VLAN is desired | |||||||
| in this scenario, then the physical switch must be replaced by one | in this scenario, then the physical switch must be replaced by one | ||||||
| that learns Ethernet addresses on a per-VLAN basis.  In addition, | that learns Ethernet addresses on a per-VLAN basis.  In addition, | ||||||
| learning should be disabled on the VLAN containing mirrored traffic. | learning should be disabled on the VLAN containing mirrored traffic. | ||||||
| If this is not done then the intermediate switch will learn the MAC | If this is not done then intermediate switches will learn the MAC | ||||||
| address of each end host from the mirrored traffic.  If packets being | address of each end host from the mirrored traffic.  If packets being | ||||||
| sent to that end host are also mirrored, then they will be dropped | sent to that end host are also mirrored, then they will be dropped | ||||||
| since the switch will attempt to send them out the input port. | since the switch will attempt to send them out the input port. | ||||||
| Disabling learning for the VLAN will cause the switch to correctly | Disabling learning for the VLAN will cause the switch to correctly | ||||||
| send the packet out all ports configured for that VLAN. | send the packet out all ports configured for that VLAN.  If Open | ||||||
|  | vSwitch is being used as an intermediate switch learning can be disabled | ||||||
|  | by setting the key \fBvlan.\fIbrname\fB.learning-disable=\fIvid\fR | ||||||
|  | to the mirrored VLAN. | ||||||
| .ST "Example" | .ST "Example" | ||||||
| The following \fBovs\-vswitchd\fR configuration copies all frames received | The following \fBovs\-vswitchd\fR configuration copies all frames received | ||||||
| on \fBeth1\fR or \fBeth2\fR to \fBeth3\fR. | on \fBeth1\fR or \fBeth2\fR to \fBeth3\fR. | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user