Re: svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
Bryan Venteicher bry...@freebsd.org writes: Log: Add vxlan interface [...] This breaks the existing group command, which means I now have machines that won't boot without manual intervention because their firewall rulesets rely on interface groups. Did you even bother to search for group in the code, or even in the man page, before deciding to add a command by that name? DES -- Dag-Erling Smørgrav - d...@des.no ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
Dag-Erling Smørgrav d...@des.no writes: Bryan Venteicher bry...@freebsd.org writes: Log: Add vxlan interface [...] This breaks the existing group command, which means I now have machines that won't boot without manual intervention because their firewall rulesets rely on interface groups. I added code to cmd_register() in ifconfig.c to warn about duplicate commands. Here is a complete list of pre-existing commands which the vxlan code shadows: ifconfig: duplicate command: group ifconfig: duplicate command: timeout ifconfig: duplicate command: maxaddr ifconfig: duplicate command: learn ifconfig: duplicate command: -learn ifconfig: duplicate command: flush ifconfig: duplicate command: flushall so, in addition to breaking interface groups, it breaks bridge interfaces. DES -- Dag-Erling Smørgrav - d...@des.no ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
On 1 December 2014 at 05:07, Dag-Erling Smørgrav d...@des.no wrote: Dag-Erling Smørgrav d...@des.no writes: Bryan Venteicher bry...@freebsd.org writes: Log: Add vxlan interface [...] This breaks the existing group command, which means I now have machines that won't boot without manual intervention because their firewall rulesets rely on interface groups. I added code to cmd_register() in ifconfig.c to warn about duplicate commands. Here is a complete list of pre-existing commands which the vxlan code shadows: ifconfig: duplicate command: group ifconfig: duplicate command: timeout ifconfig: duplicate command: maxaddr ifconfig: duplicate command: learn ifconfig: duplicate command: -learn ifconfig: duplicate command: flush ifconfig: duplicate command: flushall so, in addition to breaking interface groups, it breaks bridge interfaces. Would you mind committing that code, so we at least get warned about it when we try? -a ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
Adrian Chadd adr...@freebsd.org writes: Dag-Erling Smørgrav d...@des.no writes: I added code to cmd_register() in ifconfig.c to warn about duplicate commands. [...] Would you mind committing that code, so we at least get warned about it when we try? It's quadratic and runs every time a set of commands is added, which means the total running time is closer to n! than n^2. I can add it with an #ifdef, but that's not very useful. It would be better to rewrite ifconfig to use a hash table instead of a linked list. DES -- Dag-Erling Smørgrav - d...@des.no ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
On Mon, Dec 01, 2014 at 03:24:20PM +0100, Dag-Erling Smørgrav wrote: Adrian Chadd adr...@freebsd.org writes: Dag-Erling Smørgrav d...@des.no writes: I added code to cmd_register() in ifconfig.c to warn about duplicate commands. [...] Would you mind committing that code, so we at least get warned about it when we try? It's quadratic and runs every time a set of commands is added, which means the total running time is closer to n! than n^2. I can add it with an #ifdef, but that's not very useful. It would be better to rewrite ifconfig to use a hash table instead of a linked list. Can't you use a simple bloom filter to cover 99% of the cases and just fallback to a simple search on match? Joerg ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
On Mon, Dec 1, 2014 at 6:57 AM, Dag-Erling Smørgrav d...@des.no wrote: Bryan Venteicher bry...@freebsd.org writes: Log: Add vxlan interface [...] This breaks the existing group command, which means I now have machines that won't boot without manual intervention because their firewall rulesets rely on interface groups. Did you even bother to search for group in the code, or even in the man page, before deciding to add a command by that name? This stems from my misunderstanding that these commands were scoped. I'll work on fix shortly. DES -- Dag-Erling Smørgrav - d...@des.no ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
Author: bryanv Date: Mon Oct 20 14:42:42 2014 New Revision: 273331 URL: https://svnweb.freebsd.org/changeset/base/273331 Log: Add vxlan interface vxlan creates a virtual LAN by encapsulating the inner Ethernet frame in a UDP packet. This implementation is based on RFC7348. Currently, the IPv6 support is not fully compliant with the specification: we should be able to receive UPDv6 packets with a zero checksum, but we need to support RFC6935 first. Patches for this should come soon. Encapsulation protocols such as vxlan emphasize the need for the FreeBSD network stack to support batching, GRO, and GSO. Each frame has to make two trips through the network stack, and each frame will be at most MTU sized. Performance suffers accordingly. Some latest generation NICs have begun to support vxlan HW offloads that we should also take advantage of. VIMAGE support should also be added soon. Differential Revision:https://reviews.freebsd.org/D384 Reviewed by: gnn Relnotes: yes Added: head/sbin/ifconfig/ifvxlan.c (contents, props changed) head/share/man/man4/vxlan.4 (contents, props changed) head/sys/modules/if_vxlan/ head/sys/modules/if_vxlan/Makefile (contents, props changed) head/sys/net/if_vxlan.c (contents, props changed) head/sys/net/if_vxlan.h (contents, props changed) Modified: head/sbin/ifconfig/Makefile head/sbin/ifconfig/ifconfig.8 head/share/man/man4/Makefile head/sys/conf/NOTES head/sys/conf/files head/sys/modules/Makefile head/sys/sys/priv.h Modified: head/sbin/ifconfig/Makefile == --- head/sbin/ifconfig/Makefile Mon Oct 20 14:25:23 2014(r273330) +++ head/sbin/ifconfig/Makefile Mon Oct 20 14:42:42 2014(r273331) @@ -30,6 +30,7 @@ SRCS+=ifmac.c # MAC support SRCS+= ifmedia.c # SIOC[GS]IFMEDIA support SRCS+= iffib.c # non-default FIB support SRCS+= ifvlan.c# SIOC[GS]ETVLAN support +SRCS+= ifvxlan.c # VXLAN support SRCS+= ifgre.c # GRE keys etc SRCS+= ifgif.c # GIF reversed header workaround Modified: head/sbin/ifconfig/ifconfig.8 == --- head/sbin/ifconfig/ifconfig.8 Mon Oct 20 14:25:23 2014 (r273330) +++ head/sbin/ifconfig/ifconfig.8 Mon Oct 20 14:42:42 2014 (r273331) @@ -28,7 +28,7 @@ .\ From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94 .\ $FreeBSD$ .\ -.Dd October 1, 2014 +.Dd October 20, 2014 .Dt IFCONFIG 8 .Os .Sh NAME @@ -2541,6 +2541,76 @@ argument is useless and hence deprecated .El .Pp The following parameters are used to configure +.Xr vxlan 4 +interfaces. +.Bl -tag -width indent +.It Cm vni Ar identifier +This value is a 24-bit VXLAN Network Identifier (VNI) that identifies the +virtual network segment membership of the interface. +.It Cm local Ar address +The source address used in the encapsulating IPv4/IPv6 header. +The address should already be assigned to an existing interface. +When the interface is configured in unicast mode, the listening socket +is bound to this address. +.It Cm remote Ar address +The interface can be configured in a unicast, or point-to-point, mode +to create a tunnel between two hosts. +This is the IP address of the remote end of the tunnel. +.It Cm group Ar address +The interface can be configured in a multicast mode +to create a virtual network of hosts. +This is the IP multicast group address the interface will join. +.It Cm localport Ar port +The port number the interface will listen on. +The default port number is 4789. +.It Cm remoteport Ar port +The destination port number used in the encapsulating IPv4/IPv6 header. +The remote host should be listening on this port. +The default port number is 4789. +Note some other implementations, such as Linux, +do not default to the IANA assigned port, +but instead listen on port 8472. +.It Cm portrange Ar low high +The range of source ports used in the encapsulating IPv4/IPv6 header. +The port selected within the range is based on a hash of the inner frame. +A range is useful to provide entropy within the outer IP header +for more effective load balancing. +The default range is between the +.Xr sysctl 8 +variables +.Va net.inet.ip.portrange.first +and +.Va net.inet.ip.portrange.last +.It Cm timeout Ar timeout +The maximum time, in seconds, before an entry in the forwarding table +is pruned. +The default is 1200 seconds (20 minutes). +.It Cm maxaddr Ar max +The maximum number of entries in the forwarding table. +The default is 2000. +.It Cm vxlandev Ar dev +When the interface is configured in multicast mode, the +.Cm dev +interface is used to transmit IP multicast packets. +.It Cm ttl Ar ttl +The TTL used in the encapsulating IPv4/IPv6 header. +The default is 64. +.It Cm learn +The source IP address and inner
Re: svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
Hi, Can you please create a PR that says something like review vxlan code for RSS after de-capsulation and assign it to me? I'm going to have to insert a hash recalculation after decapsulation but I'm too busy at the moment to do it. Thanks, -a On 20 October 2014 07:42, Bryan Venteicher bry...@freebsd.org wrote: Author: bryanv Date: Mon Oct 20 14:42:42 2014 New Revision: 273331 URL: https://svnweb.freebsd.org/changeset/base/273331 Log: Add vxlan interface vxlan creates a virtual LAN by encapsulating the inner Ethernet frame in a UDP packet. This implementation is based on RFC7348. Currently, the IPv6 support is not fully compliant with the specification: we should be able to receive UPDv6 packets with a zero checksum, but we need to support RFC6935 first. Patches for this should come soon. Encapsulation protocols such as vxlan emphasize the need for the FreeBSD network stack to support batching, GRO, and GSO. Each frame has to make two trips through the network stack, and each frame will be at most MTU sized. Performance suffers accordingly. Some latest generation NICs have begun to support vxlan HW offloads that we should also take advantage of. VIMAGE support should also be added soon. Differential Revision:https://reviews.freebsd.org/D384 Reviewed by: gnn Relnotes: yes Added: head/sbin/ifconfig/ifvxlan.c (contents, props changed) head/share/man/man4/vxlan.4 (contents, props changed) head/sys/modules/if_vxlan/ head/sys/modules/if_vxlan/Makefile (contents, props changed) head/sys/net/if_vxlan.c (contents, props changed) head/sys/net/if_vxlan.h (contents, props changed) Modified: head/sbin/ifconfig/Makefile head/sbin/ifconfig/ifconfig.8 head/share/man/man4/Makefile head/sys/conf/NOTES head/sys/conf/files head/sys/modules/Makefile head/sys/sys/priv.h Modified: head/sbin/ifconfig/Makefile == --- head/sbin/ifconfig/Makefile Mon Oct 20 14:25:23 2014(r273330) +++ head/sbin/ifconfig/Makefile Mon Oct 20 14:42:42 2014(r273331) @@ -30,6 +30,7 @@ SRCS+=ifmac.c # MAC support SRCS+= ifmedia.c # SIOC[GS]IFMEDIA support SRCS+= iffib.c # non-default FIB support SRCS+= ifvlan.c# SIOC[GS]ETVLAN support +SRCS+= ifvxlan.c # VXLAN support SRCS+= ifgre.c # GRE keys etc SRCS+= ifgif.c # GIF reversed header workaround Modified: head/sbin/ifconfig/ifconfig.8 == --- head/sbin/ifconfig/ifconfig.8 Mon Oct 20 14:25:23 2014 (r273330) +++ head/sbin/ifconfig/ifconfig.8 Mon Oct 20 14:42:42 2014 (r273331) @@ -28,7 +28,7 @@ .\ From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94 .\ $FreeBSD$ .\ -.Dd October 1, 2014 +.Dd October 20, 2014 .Dt IFCONFIG 8 .Os .Sh NAME @@ -2541,6 +2541,76 @@ argument is useless and hence deprecated .El .Pp The following parameters are used to configure +.Xr vxlan 4 +interfaces. +.Bl -tag -width indent +.It Cm vni Ar identifier +This value is a 24-bit VXLAN Network Identifier (VNI) that identifies the +virtual network segment membership of the interface. +.It Cm local Ar address +The source address used in the encapsulating IPv4/IPv6 header. +The address should already be assigned to an existing interface. +When the interface is configured in unicast mode, the listening socket +is bound to this address. +.It Cm remote Ar address +The interface can be configured in a unicast, or point-to-point, mode +to create a tunnel between two hosts. +This is the IP address of the remote end of the tunnel. +.It Cm group Ar address +The interface can be configured in a multicast mode +to create a virtual network of hosts. +This is the IP multicast group address the interface will join. +.It Cm localport Ar port +The port number the interface will listen on. +The default port number is 4789. +.It Cm remoteport Ar port +The destination port number used in the encapsulating IPv4/IPv6 header. +The remote host should be listening on this port. +The default port number is 4789. +Note some other implementations, such as Linux, +do not default to the IANA assigned port, +but instead listen on port 8472. +.It Cm portrange Ar low high +The range of source ports used in the encapsulating IPv4/IPv6 header. +The port selected within the range is based on a hash of the inner frame. +A range is useful to provide entropy within the outer IP header +for more effective load balancing. +The default range is between the +.Xr sysctl 8 +variables +.Va net.inet.ip.portrange.first +and +.Va net.inet.ip.portrange.last +.It Cm timeout Ar timeout +The maximum time, in seconds, before an entry in the forwarding table +is pruned. +The
Re: svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
On 21 October 2014 03:42, Bryan Venteicher bry...@freebsd.org wrote: Author: bryanv Date: Mon Oct 20 14:42:42 2014 New Revision: 273331 URL: https://svnweb.freebsd.org/changeset/base/273331 Log: Add vxlan interface vxlan creates a virtual LAN by encapsulating the inner Ethernet frame in a UDP packet. This implementation is based on RFC7348. Currently, the IPv6 support is not fully compliant with the specification: we should be able to receive UPDv6 packets with a zero checksum, but we need to support RFC6935 first. Patches for this should come soon. Given it is self contained new code is it a 10.1 MFC candidate? Andrew ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org
Re: svn commit: r273331 - in head: sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_vxlan sys/net sys/sys
On Mon, Oct 20, 2014 at 5:37 PM, Andrew Thompson thom...@freebsd.org wrote: On 21 October 2014 03:42, Bryan Venteicher bry...@freebsd.org wrote: Author: bryanv Date: Mon Oct 20 14:42:42 2014 New Revision: 273331 URL: https://svnweb.freebsd.org/changeset/base/273331 Log: Add vxlan interface vxlan creates a virtual LAN by encapsulating the inner Ethernet frame in a UDP packet. This implementation is based on RFC7348. Currently, the IPv6 support is not fully compliant with the specification: we should be able to receive UPDv6 packets with a zero checksum, but we need to support RFC6935 first. Patches for this should come soon. Given it is self contained new code is it a 10.1 MFC candidate? I hope to merge vxlan to 10-STABLE in a couple of months, but need to determine how to handle prerequisite commit r272886. There's ways without it - use a mbuf tag and a reserved field in the inpcb - but it would be nice if that commit is MFC'able. https://svnweb.freebsd.org/base?view=revisionrevision=272886 Andrew ___ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to svn-src-all-unsubscr...@freebsd.org