On 3/16/17 2:08 AM, Jiri Pirko wrote: > From: Ido Schimmel <ido...@mellanox.com> > > Currently, when non-default (custom) FIB rules are used, devices capable > of layer 3 offloading flush their tables and let the kernel do the > forwarding instead. > > When these devices' drivers are loaded they register to the FIB > notification chain, which lets them know about the existence of any > custom FIB rules. This is done by sending a RULE_ADD notification based > on the value of 'net->ipv4.fib_has_custom_rules'. > > This approach is problematic when VRF offload is taken into account, as > upon the creation of the first VRF netdev, a l3mdev rule is programmed > to direct skbs to the VRF's table. > > Instead of merely reading the above value and sending a single RULE_ADD > notification, we should iterate over all the FIB rules and send a > detailed notification for each, thereby allowing offloading drivers to > sanitize the rules they don't support and potentially flush their > tables. > > While l3mdev rules are uniquely marked, the default rules are not. > Therefore, when they are being notified they might invoke offloading > drivers to unnecessarily flush their tables. > > Solve this by adding an helper to check if a FIB rule is a default rule. > Namely, its selector should match all packets and its action should > point to the local, main or default tables. > > As noted by David Ahern, uniquely marking the default rules is > insufficient. When using VRFs, it's common to avoid false hits by moving > the rule for the local table to just before the main table: > > Default configuration: > $ ip rule show > 0: from all lookup local > 32766: from all lookup main > 32767: from all lookup default > > Common configuration with VRFs: > $ ip rule show > 1000: from all lookup [l3mdev-table] > 32765: from all lookup local > 32766: from all lookup main > 32767: from all lookup default > > Signed-off-by: Ido Schimmel <ido...@mellanox.com> > Signed-off-by: Jiri Pirko <j...@mellanox.com> > --- > include/net/fib_rules.h | 1 + > include/net/ip_fib.h | 7 +++++++ > net/core/fib_rules.c | 14 ++++++++++++++ > net/ipv4/fib_rules.c | 21 +++++++++++++++++++++ > 4 files changed, 43 insertions(+) >
Acked-by: David Ahern <d...@cumulusnetworks.com>
