• Ido Schimmel's avatar
    ipv4: fib_rules: Check if rule is a default rule · 3c71006d
    Ido Schimmel authored
    Currently, when non-default (custom) FIB rules are used, devices capable
    of layer 3 offloading flush their tables and let the kernel do the
    forwarding instead.
    
    When these devices' drivers are loaded they register to the FIB
    notification chain, which lets them know about the existence of any
    custom FIB rules. This is done by sending a RULE_ADD notification based
    on the value of 'net->ipv4.fib_has_custom_rules'.
    
    This approach is problematic when VRF offload is taken into account, as
    upon the creation of the first VRF netdev, a l3mdev rule is programmed
    to direct skbs to the VRF's table.
    
    Instead of merely reading the above value and sending a single RULE_ADD
    notification, we should iterate over all the FIB rules and send a
    detailed notification for each, thereby allowing offloading drivers to
    sanitize the rules they don't support and potentially flush their
    tables.
    
    While l3mdev rules are uniquely marked, the default rules are not.
    Therefore, when they are being notified they might invoke offloading
    drivers to unnecessarily flush their tables.
    
    Solve this by adding an helper to check if a FIB rule is a default rule.
    Namely, its selector should match all packets and its action should
    point to the local, main or default tables.
    
    As noted by David Ahern, uniquely marking the default rules is
    insufficient. When using VRFs, it's common to avoid false hits by moving
    the rule for the local table to just before the main table:
    
    Default configuration:
    $ ip rule show
    0:      from all lookup local
    32766:  from all lookup main
    32767:  from all lookup default
    
    Common configuration with VRFs:
    $ ip rule show
    1000:   from all lookup [l3mdev-table]
    32765:  from all lookup local
    32766:  from all lookup main
    32767:  from all lookup default
    Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
    Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
    Acked-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    3c71006d
fib_rules.c 9.33 KB