Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ebtables] install ebtables in base image and install filter rules #2805

Merged
merged 1 commit into from
May 9, 2019
Merged

[ebtables] install ebtables in base image and install filter rules #2805

merged 1 commit into from
May 9, 2019

Conversation

yxieca
Copy link
Contributor

@yxieca yxieca commented Apr 19, 2019
edited
Loading

- What I did

  • Add ebtables package, and install some filter rules:
    1. ebtables -A FORWARD -d BGA -j DROP
    2. ebtables -A FORWARD -p ARP -j DROP

Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.

Signed-off-by: Ying Xie [email protected]

- Dependencies

- General information
This PR changes how SONiC handles ARP/response packet in VLAN. All vendor SAIs should move to SAI head version v1.3.7 (tag) or later, and make sure that trap action 'copy' is supported.

- How to verify it

  • warm reboot test keeps track of number of ARP packets get forwarded in the VLAN. The number should be always one(1) before/during/after warm reboot.

@yxieca
[ebtables] install ebtables in base image and install filter rules
0e841a5 
- Add ebtables package, and install some filter rules:
  1. ebtables -A FORWARD -d BGA -j DROP
  2. ebtables -A FORWARD -p ARP -j DROP

Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.

Signed-off-by: Ying Xie <[email protected]>
@lguohan
Copy link
Collaborator

lguohan commented Apr 19, 2019

it needs SAI supports.

@yxieca yxieca merged commit 9efcf17 into sonic-net:master May 9, 2019
@yxieca yxieca deleted the ebtables branch May 9, 2019 16:44
MichelMoriniaux pushed a commit to criteo-forks/sonic-buildimage that referenced this pull request May 28, 2019
@yxieca @MichelMoriniaux
[ebtables] install ebtables in base image and install filter rules (s…
4cf8457 
…onic-net#2805)

- Add ebtables package, and install some filter rules:
  1. ebtables -A FORWARD -d BGA -j DROP
  2. ebtables -A FORWARD -p ARP -j DROP

Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.

Signed-off-by: Ying Xie <[email protected]>
@prsunny prsunny mentioned this pull request Feb 8, 2020
Merged
mssonicbld added a commit that referenced this pull request Jun 13, 2023
@mssonicbld
[submodule] Update submodule sonic-swss to the latest HEAD automatica…
4098a90 
…lly (#15441)

#### Why I did it
src/sonic-swss
```
* bccb1cc - (HEAD -> 202211, origin/202211) [202211] [sflowmgrd] Infer sampling rate dynamically based on oper speed (#2805) (4 hours ago) [Vivek]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andriymoroz-mlnx andriymoroz-mlnx andriymoroz-mlnx approved these changes

@prsunny prsunny prsunny approved these changes

@lguohan lguohan lguohan approved these changes

Assignees
No one assigned
Labels
Enhancement ➕ Included in 201811 Branch Request for 201811 Branch :shipit:
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yxieca @lguohan @prsunny @andriymoroz-mlnx