[ebtables] Add multicast drop rule to ebtables #18064
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
prsunny
approved these changes
Feb 13, 2024
|
@Ndancejic , please provide link to sonic-mgmt test PR when ready |
|
@Ndancejic what test has been done with this change? Other than the packet forwarding one you mentioned? Did it impact any other control plane feature? |
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this pull request
Feb 27, 2024
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
|
Cherry-pick PR to 202311: #18192 |
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this pull request
Feb 27, 2024
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
I checked again at the test coverage and it looks like test_proxy_arp is already covering ipv6 proxy case. And it's currently failing in nightly tests. After this + swss change we should see this case pass example: TfsGit_Schedule_PR_None_BUILD_486526_JOB_3800.t0.202305.NightlyTest_by_Elastictest I should also mention, this test case already checks that the ToR Mac NS packet is the only one we receive. It's currently failing because we are receiving the 2 packets with different source Macs. |
Mostly ad-hoc testing, I ensured that ndp table entries were being correctly filled in, and that dst interface on ptf still received ns packets from the ToR Mac. I didn't notice any impact on control plane. |
|
https://github.com/sonic-net/sonic-mgmt/blob/0a3acb73addac635e25ec6f120c193ce8795b0b4/tests/arp/test_arp_extended.py#L55 <- sonic-mgmt test covers this case |
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this pull request
Feb 28, 2024
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
|
Cherry-pick PR to 202305: #18193 |
mssonicbld
pushed a commit
that referenced
this pull request
Feb 28, 2024
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
mssonicbld
added
Included in 202311 Branch
and removed
Created PR to 202311 Branch
labels
mssonicbld
pushed a commit
that referenced
this pull request
Feb 28, 2024
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
Merged
8 tasks
8 tasks
sonic-otn
pushed a commit
to Weitang-Zheng/sonic-buildimage
that referenced
this pull request
Mar 11, 2024
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
saksarav-nokia
pushed a commit
to saksarav-nokia/sonic-buildimage
that referenced
this pull request
Mar 12, 2024
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
wangxin
pushed a commit
to sonic-net/sonic-mgmt
that referenced
this pull request
Mar 13, 2024
What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
mssonicbld
pushed a commit
to mssonicbld/sonic-mgmt
that referenced
this pull request
Mar 13, 2024
…et#11935) What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
mssonicbld
pushed a commit
to mssonicbld/sonic-mgmt
that referenced
this pull request
Mar 13, 2024
…et#11935) What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
mssonicbld
pushed a commit
to sonic-net/sonic-mgmt
that referenced
this pull request
Mar 13, 2024
What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
mssonicbld
pushed a commit
to sonic-net/sonic-mgmt
that referenced
this pull request
Mar 13, 2024
What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets.
Why I did it
ADO: 26395587
Fixes bug where NS packets were flooding ports with duplicate packets
Work item tracking
How I did it
Added ebtables rule to drop multicast packets
How to verify it
before this fix, we saw 2 packets received on the tcpdump port. After this fix, we will only see one coming from the basic forwarding
Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Description for the changelog
Adding ebtables rule to drop multicast packets.
A picture of a cute animal (not mandatory but encouraged)