Re: git: d6cd20cc5c47 - main - netinet6: fix ndp proxying
- In reply to: Kristof Provost : "Re: git: d6cd20cc5c47 - main - netinet6: fix ndp proxying"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 31 May 2022 19:56:59 UTC
> On 31 May 2022, at 20:34, Kristof Provost <kp@FreeBSD.org> wrote:
>
> On 30 May 2022, at 12:54, Alexander V. Chernikov wrote:
>> The branch main has been updated by melifaro:
>>
>> URL: https://cgit.FreeBSD.org/src/commit/?id=d6cd20cc5c475e8bbf257ac1474ff490ae4dcab6
>>
>> commit d6cd20cc5c475e8bbf257ac1474ff490ae4dcab6
>> Author: KUROSAWA Takahiro <takahiro.kurosawa@gmail.com>
>> AuthorDate: 2022-05-30 07:51:15 +0000
>> Commit: Alexander V. Chernikov <melifaro@FreeBSD.org>
>> CommitDate: 2022-05-30 10:53:33 +0000
>>
>> netinet6: fix ndp proxying
>>
>> We could insert proxy NDP entries by the ndp command, but the host
>> with proxy ndp entries had not responded to Neighbor Solicitations.
>> Change the following points for proxy NDP to work as expected:
>> * join solicited-node multicast addresses for proxy NDP entries
>> in order to receive Neighbor Solicitations.
>> * look up proxy NDP entries not on the routing table but on the
>> link-level address table when receiving Neighbor Solicitations.
>>
>> Reviewed By: melifaro
>> Differential Revision: https://reviews.freebsd.org/D35307
>> MFC after: 2 weeks
>> ---
>> sys/net/if.c | 10 ++
>> sys/net/if_llatbl.c | 48 +++++++++
>> sys/net/if_llatbl.h | 12 ++-
>> sys/netinet6/in6.c | 111 ++++++++++++++++++--
>> sys/netinet6/in6_var.h | 2 +
>> sys/netinet6/nd6_nbr.c | 57 ++++++-----
>> tests/sys/netinet6/Makefile | 3 +-
>> tests/sys/netinet6/proxy_ndp.sh | 222 ++++++++++++++++++++++++++++++++++++++++
>> 8 files changed, 425 insertions(+), 40 deletions(-)
>>
>
>> diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
>> index a39f7734e0ba..857e05c0f112 100644
>> --- a/sys/netinet6/in6.c
>> +++ b/sys/netinet6/in6.c
>
>> @@ -2621,3 +2643,72 @@ in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
>> free(*nam, M_SONAME);
>> *nam = (struct sockaddr *)sin6_p;
>> }
>> +
>> +/*
>> + * Join/leave the solicited multicast groups for proxy NDP entries.
>> + */
>> +static void
>> +in6_join_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst)
>> +{
>> + struct in6_multi *inm;
>> + struct in6_addr mltaddr;
>> + char ip6buf[INET6_ADDRSTRLEN];
>> + int error;
>> +
>> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) != 0)
>> + return; /* error logged in in6_solicited_node_maddr. */
>> +
>> + error = in6_joingroup(ifp, &mltaddr, NULL, &inm, 0);
>> + if (error != 0) {
>> + nd6log((LOG_WARNING,
>> + "%s: in6_joingroup failed for %s on %s (errno=%d)\n",
>> + __func__, ip6_sprintf(ip6buf, &mltaddr), if_name(ifp),
>> + error));
>> + }
>> +}
>> +
>> +static void
>> +in6_leave_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst)
>> +{
>> + struct epoch_tracker et;
>> + struct in6_multi *inm;
>> + struct in6_addr mltaddr;
>> + char ip6buf[INET6_ADDRSTRLEN];
>> +
>> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) != 0)
>> + return; /* error logged in in6_solicited_node_maddr. */
>> +
>> + NET_EPOCH_ENTER(et);
>> + inm = in6m_lookup(ifp, &mltaddr);
>> + NET_EPOCH_EXIT(et);
>> + if (inm != NULL)
>> + in6_leavegroup(inm, NULL);
>> + else
>> + nd6log((LOG_WARNING, "%s: in6m_lookup failed for %s on %s\n",
>> + __func__, ip6_sprintf(ip6buf, &mltaddr), if_name(ifp)));
>> +}
>> +
>> +static bool
>> +in6_lle_match_pub(struct lltable *llt, struct llentry *lle, void *farg)
>> +{
>> + return ((lle->la_flags & LLE_PUB) != 0);
>> +}
>> +
>> +void
>> +in6_purge_proxy_ndp(struct ifnet *ifp)
>> +{
>> + struct lltable *llt;
>> + bool need_purge;
>> +
>> + llt = LLTABLE6(ifp);
>
> This panics here when I kldunload pfsync.
> This fixes it for me: https://reviews.freebsd.org/D35374
Yep, I kinda forget the fact that not everything is IPv6-enabled (and some interfaces don’t require NDP at all).
Thank you for the fix!
>
> Kristof