[Devel,RHEL7,COMMIT] ve/net/vxlan: enable support and autoload in a container

Submitted by Konstantin Khorenko on Nov. 23, 2016, 2:56 p.m.

Details

Message ID 201611231456.uANEuSYm010194@finist_cl7.x64_64.work.ct
State New
Series "Series without cover letter"
Headers show

Commit Message

Konstantin Khorenko Nov. 23, 2016, 2:56 p.m.
The commit is pushed to "branch-rh7-3.10.0-327.36.1.vz7.20.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.36.1.vz7.20.1
------>
commit 29d6f6a230186037db1e9ecf5976908aa48c6750
Author: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Date:   Wed Nov 23 18:56:27 2016 +0400

    ve/net/vxlan: enable support and autoload in a container
    
    vxlan is safe in CT as:
    
    1) Udp multicast socket to connect to outer word sits in creation net-
    namespace, and these socket can get packets only forwarded/routed
    in creation ns.
    
    2) Vxlan device is owned by second netns(could be same as first) as
    any other network device, so same all packets come to it are from
    the same ns.
    
    3) Vxlans logic works through vxlan_net placed on creation netns,
    vxlan_fdb and vxlan_rdst are per vxlan device. Thus entries can
    not intersec with entries from host and other CTs.
    
    * One problem I can see now is adding fdb with ifindex(index of
    device to route packets from UDP socket through) after vxlan is
    moved to second namespace in vxlan_fdb_parse we use second
    namespace to check ifindex by device lookup, but in
    vxlan_xmit_one->ip_route_output_key->...->__ip_route_output_key
    we use first(creation) namespace to lookup device and probably
    will fail. So all fdb configuration should go before moving to
    ns. Same is in mainstream AFAICS.
    
    https://jira.sw.ru/browse/PSBM-53629
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
    Acked-by: Andrei Vagin <avagin@virtuozzo.com>
    
    khorenko@: Docker Swarm requires vxlans.
---
 drivers/net/vxlan.c | 1 +
 kernel/kmod.c       | 1 +
 2 files changed, 2 insertions(+)

Patch hide | download patch | download mbox

diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index fd2516d..8e89665 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -2367,6 +2367,7 @@  static void vxlan_setup(struct net_device *dev)
 
 	dev->vlan_features = dev->features;
 	dev->features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX;
+	dev->features |= NETIF_F_VIRTUAL;
 	dev->hw_features |= NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_RXCSUM;
 	dev->hw_features |= NETIF_F_GSO_SOFTWARE;
 	dev->hw_features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX;
diff --git a/kernel/kmod.c b/kernel/kmod.c
index e0ef148..63748d4 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -421,6 +421,7 @@  static const char * const ve0_allowed_mod[] = {
 	"ip_set_list:set",
 
 	"rtnl-link-dummy",
+	"rtnl-link-vxlan",
 };
 
 /*