Bug 1374360

Summary: Backport support for missing bridge_slave options
Product: Red Hat Enterprise Linux 7 Reporter: Phil Sutter <psutter>
Component: iprouteAssignee: Phil Sutter <psutter>
Status: CLOSED ERRATA QA Contact: Jaroslav Aster <jaster>
Severity: low Docs Contact:
Priority: low    
Version: 7.4CC: atragler, ivecera, jaster, omoris, psutter
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: iproute-3.10.0-81.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 21:32:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Phil Sutter 2016-09-08 13:53:45 UTC 
For the sake of completeness, backport support for printing/changing additional bridge_slave type options. Here's a list of commits to backport:

commit f6e615dec9ee9b688308e85a03a51125a9c9fdb9
Author: Nikolay Aleksandrov <nikolay>
Date:   Tue Feb 16 16:08:52 2016 +0100

    iplink: bridge_slave: add support for IFLA_BRPORT_PROXYARP
    
    Add support to be able to view and change IFLA_BRPORT_PROXYARP port
    attribute.
    
    Signed-off-by: Nikolay Aleksandrov <nikolay>

commit 38b31a78da859e4b72037b66477871ba8fc7bd1e
Author: Nikolay Aleksandrov <nikolay>
Date:   Tue Feb 16 16:08:53 2016 +0100

    iplink: bridge_slave: add support for IFLA_BRPORT_PROXYARP_WIFI
    
    Add support to be able to view and change IFLA_BRPORT_PROXYARP_WIFI port
    attribute.
    
    Signed-off-by: Nikolay Aleksandrov <nikolay>

commit 10759a90ab5896b5b0ca8ddd7b91c5b3a7466062
Author: Nikolay Aleksandrov <nikolay>
Date:   Tue Feb 16 16:08:54 2016 +0100

    iplink: bridge_slave: add support for IFLA_BRPORT_MULTICAST_ROUTER
    
    Add support to be able to view and change IFLA_BRPORT_MULTICAST_ROUTER port
    attribute.
    
    Signed-off-by: Nikolay Aleksandrov <nikolay>

commit 478a8e59206841b2a2d32a29fdd0cbec1965cd5e
Author: Nikolay Aleksandrov <nikolay>
Date:   Tue Feb 16 16:08:55 2016 +0100

    iplink: bridge_slave: add support for IFLA_BRPORT_FAST_LEAVE
    
    Add support to be able to view and change IFLA_BRPORT_FAST_LEAVE
    port attribute.
    
    Signed-off-by: Nikolay Aleksandrov <nikolay>
Comment 2 Phil Sutter 2017-02-21 21:30:06 UTC 
I decided to drop the first two commits because these attributes are not supported in current RHEL7 kernel so there is no use in supporting them in iproute. Instead, I added a RHEL only patch removing the respective man page bits so docs are consistent with functionality again.
Comment 3 Ivan Vecera 2017-02-24 07:25:17 UTC 
(In reply to Phil Sutter from comment #2)
> I decided to drop the first two commits because these attributes are not
> supported in current RHEL7 kernel so there is no use in supporting them in
> iproute. Instead, I added a RHEL only patch removing the respective man page
> bits so docs are consistent with functionality again.

Phil these attributes were backported to RHEL7 kernel by bridge rebase:

http://post-office.corp.redhat.com/archives/rhkernel-list/2017-January/msg02237.html
http://post-office.corp.redhat.com/archives/rhkernel-list/2017-January/msg02257.html
Comment 4 Phil Sutter 2017-02-24 14:40:34 UTC 
(In reply to Ivan Vecera from comment #3)
> (In reply to Phil Sutter from comment #2)
> > I decided to drop the first two commits because these attributes are not
> > supported in current RHEL7 kernel so there is no use in supporting them in
> > iproute. Instead, I added a RHEL only patch removing the respective man page
> > bits so docs are consistent with functionality again.
> 
> Phil these attributes were backported to RHEL7 kernel by bridge rebase:

Oh, thanks for the info! I'll get this fixed then.

Thanks, Phil
Comment 5 Ivan Vecera 2017-02-25 23:16:46 UTC 
Btw. all required commits are part of bug #1417289
Comment 6 Phil Sutter 2017-02-28 16:44:53 UTC 
Added the two commits previously left out and reverted my man page changes again.
Comment 8 Jaroslav Aster 2017-03-30 12:36:35 UTC 
Hi Phil,

I found one issue. Tested on

iproute-3.10.0-79.el7
3.10.0-635.el7

There is written in man-page, that bridge slave priority is unsigned 16bit.

# man ip-link
...
priority PRIO - set port priority (a 16bit unsigned value).
...

But it does not work and kernel rejects higher priority then 63.

# ip link set test_slave type bridge_slave priority 63
# ip -d link show dev test_slave|grep prio
    bridge_slave state disabled priority 63 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0xfc01 port_no 0x1 designated_port 64513 designated_cost 0 designated_bridge 8000.aa:5d:79:38:dd:f2 designated_root 8000.aa:5d:79:38:dd:f2 hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on addrgenmode eui64

# ip link set test_slave type bridge_slave priority 64
RTNETLINK answers: Numerical result out of range
# ip -d link show dev test_slave|grep prio
    bridge_slave state disabled priority 63 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0xfc01 port_no 0x1 designated_port 64513 designated_cost 0 designated_bridge 8000.aa:5d:79:38:dd:f2 designated_root 8000.aa:5d:79:38:dd:f2 hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on addrgenmode eui64

We have to decide on which side is the issue, kernel or iproute. If iproute, we have to fix man-page.

2,
Comment 9 Jaroslav Aster 2017-03-30 12:48:12 UTC 
Another issue. iproute does not set state 4 for bridge_slave. This state means blocking.

# man ip-link
...
state STATE - Set port state.  STATE is a number representing the following states: 0 (disabled), 1 (listening), 2 (learning), 3 (forwarding), 4 (blocking).
...

# ip -d link show dev testSlave
22: testSlave: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master test state UNKNOWN mode DEFAULT qlen 1000
    link/ether be:54:75:98:46:6f brd ff:ff:ff:ff:ff:ff promiscuity 1 
    dummy 
    bridge_slave state disabled priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8020.be:54:75:98:46:6f designated_root 8020.be:54:75:98:46:6f hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on addrgenmode none

# ip link set dev testSlave type bridge_slave state 4

# ip -d link show dev testSlave
22: testSlave: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master test state UNKNOWN mode DEFAULT qlen 1000
    link/ether be:54:75:98:46:6f brd ff:ff:ff:ff:ff:ff promiscuity 1 
    dummy 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8020.be:54:75:98:46:6f designated_root 8020.be:54:75:98:46:6f hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    7.41 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on addrgenmode none

It set forwarding instead of blocking.
Comment 10 Ivan Vecera 2017-03-30 13:55:46 UTC 
(In reply to Jaroslav Aster from comment #8)
> Hi Phil,
> 
> I found one issue. Tested on
> 
> iproute-3.10.0-79.el7
> 3.10.0-635.el7
> 
> There is written in man-page, that bridge slave priority is unsigned 16bit.
> 
> # man ip-link
> ...
> priority PRIO - set port priority (a 16bit unsigned value).
> ...
> 
> But it does not work and kernel rejects higher priority then 63.
> 
> # ip link set test_slave type bridge_slave priority 63
> # ip -d link show dev test_slave|grep prio
>     bridge_slave state disabled priority 63 cost 100 hairpin off guard off
> root_block off fastleave off learning on flood on port_id 0xfc01 port_no 0x1
> designated_port 64513 designated_cost 0 designated_bridge
> 8000.aa:5d:79:38:dd:f2 designated_root 8000.aa:5d:79:38:dd:f2 hold_timer   
> 0.00 message_age_timer    0.00 forward_delay_timer    0.00
> topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off
> mcast_router 1 mcast_fast_leave off mcast_flood on addrgenmode eui64
> 
> # ip link set test_slave type bridge_slave priority 64
> RTNETLINK answers: Numerical result out of range
> # ip -d link show dev test_slave|grep prio
>     bridge_slave state disabled priority 63 cost 100 hairpin off guard off
> root_block off fastleave off learning on flood on port_id 0xfc01 port_no 0x1
> designated_port 64513 designated_cost 0 designated_bridge
> 8000.aa:5d:79:38:dd:f2 designated_root 8000.aa:5d:79:38:dd:f2 hold_timer   
> 0.00 message_age_timer    0.00 forward_delay_timer    0.00
> topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off
> mcast_router 1 mcast_fast_leave off mcast_flood on addrgenmode eui64
> 
> We have to decide on which side is the issue, kernel or iproute. If iproute,
> we have to fix man-page.
> 
> 2,

This is by design. The port ID is unsigned 16bit integer. It consists of port number (10 lower bits) and priority (6 high bits). So priority is value from 0-63.
Comment 11 Jaroslav Aster 2017-03-30 14:05:22 UTC 
Hi Ivan,

thanks for the info. So documentation should be changed, because it is confusing.
Comment 12 Ivan Vecera 2017-03-30 14:09:44 UTC 
(In reply to Jaroslav Aster from comment #9)
> Another issue. iproute does not set state 4 for bridge_slave. This state
> means blocking.
> 
> # man ip-link
> ...
> state STATE - Set port state.  STATE is a number representing the following
> states: 0 (disabled), 1 (listening), 2 (learning), 3 (forwarding), 4
> (blocking).
> ...
> 
> # ip -d link show dev testSlave
> 22: testSlave: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master
> test state UNKNOWN mode DEFAULT qlen 1000
>     link/ether be:54:75:98:46:6f brd ff:ff:ff:ff:ff:ff promiscuity 1 
>     dummy 
>     bridge_slave state disabled priority 32 cost 100 hairpin off guard off
> root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1
> designated_port 32769 designated_cost 0 designated_bridge
> 8020.be:54:75:98:46:6f designated_root 8020.be:54:75:98:46:6f hold_timer   
> 0.00 message_age_timer    0.00 forward_delay_timer    0.00
> topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off
> mcast_router 1 mcast_fast_leave off mcast_flood on addrgenmode none
> 
> # ip link set dev testSlave type bridge_slave state 4
> 
> # ip -d link show dev testSlave
> 22: testSlave: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master
> test state UNKNOWN mode DEFAULT qlen 1000
>     link/ether be:54:75:98:46:6f brd ff:ff:ff:ff:ff:ff promiscuity 1 
>     dummy 
>     bridge_slave state forwarding priority 32 cost 100 hairpin off guard off
> root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1
> designated_port 32769 designated_cost 0 designated_bridge
> 8020.be:54:75:98:46:6f designated_root 8020.be:54:75:98:46:6f hold_timer   
> 0.00 message_age_timer    0.00 forward_delay_timer    7.41
> topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off
> mcast_router 1 mcast_fast_leave off mcast_flood on addrgenmode none
> 
> It set forwarding instead of blocking.

No, it does not. The blocking state is used by STP to avoid loops. In the example below there you can find that port state is set to blocking and immediately back to forwarding.

# ip -d link set dev enp3s0np5s0 type bridge_slave state 4
[root@mlxsw-1 ~]# dmesg
[79184.884240] t_br0: port 1(enp3s0np5s0) entered blocking state
[79184.884247] t_br0: port 1(enp3s0np5s0) entered forwarding state
Comment 13 Jaroslav Aster 2017-03-30 14:29:42 UTC 
The original state was disabled, so there is transition from blocking to forwarding, right?

What is the trigger to switch from blocking to forwarding state? My test interface is dummy, so there is no traffic.
Comment 14 Ivan Vecera 2017-03-30 14:48:08 UTC 
(In reply to Jaroslav Aster from comment #13)
> The original state was disabled, so there is transition from blocking to
> forwarding, right?
> 
> What is the trigger to switch from blocking to forwarding state? My test
> interface is dummy, so there is no traffic.

When:
1. (bridge_id == designated_bridge && port_id == designated_port)
2. (port == bridge_root_port)
Comment 15 Phil Sutter 2017-04-04 15:18:46 UTC 
Documentation fix submitted upstream:

http://marc.info/?l=linux-netdev&m=149131855608683&w=2
Comment 16 Phil Sutter 2017-04-05 14:11:33 UTC 
Documentation fix backported. AFAICT, there are no open questions anymore for this ticket, hence setting it to MODIFIED again. In case I'm wrong, feel free to reset back to ASSIGNED.
Comment 17 Phil Sutter 2017-04-05 14:18:39 UTC 
Ah, my fault - it was ON_QA before.
Comment 19 errata-xmlrpc 2017-08-01 21:32:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2171