Re: git: d6cd20cc5c47 - main - netinet6: fix ndp proxying
- In reply to: Kristof Provost : "Re: git: d6cd20cc5c47 - main - netinet6: fix ndp proxying"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 31 May 2022 19:56:59 UTC
> On 31 May 2022, at 20:34, Kristof Provost <kp@FreeBSD.org> wrote: > > On 30 May 2022, at 12:54, Alexander V. Chernikov wrote: >> The branch main has been updated by melifaro: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=d6cd20cc5c475e8bbf257ac1474ff490ae4dcab6 >> >> commit d6cd20cc5c475e8bbf257ac1474ff490ae4dcab6 >> Author: KUROSAWA Takahiro <takahiro.kurosawa@gmail.com> >> AuthorDate: 2022-05-30 07:51:15 +0000 >> Commit: Alexander V. Chernikov <melifaro@FreeBSD.org> >> CommitDate: 2022-05-30 10:53:33 +0000 >> >> netinet6: fix ndp proxying >> >> We could insert proxy NDP entries by the ndp command, but the host >> with proxy ndp entries had not responded to Neighbor Solicitations. >> Change the following points for proxy NDP to work as expected: >> * join solicited-node multicast addresses for proxy NDP entries >> in order to receive Neighbor Solicitations. >> * look up proxy NDP entries not on the routing table but on the >> link-level address table when receiving Neighbor Solicitations. >> >> Reviewed By: melifaro >> Differential Revision: https://reviews.freebsd.org/D35307 >> MFC after: 2 weeks >> --- >> sys/net/if.c | 10 ++ >> sys/net/if_llatbl.c | 48 +++++++++ >> sys/net/if_llatbl.h | 12 ++- >> sys/netinet6/in6.c | 111 ++++++++++++++++++-- >> sys/netinet6/in6_var.h | 2 + >> sys/netinet6/nd6_nbr.c | 57 ++++++----- >> tests/sys/netinet6/Makefile | 3 +- >> tests/sys/netinet6/proxy_ndp.sh | 222 ++++++++++++++++++++++++++++++++++++++++ >> 8 files changed, 425 insertions(+), 40 deletions(-) >> > >> diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c >> index a39f7734e0ba..857e05c0f112 100644 >> --- a/sys/netinet6/in6.c >> +++ b/sys/netinet6/in6.c > >> @@ -2621,3 +2643,72 @@ in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam) >> free(*nam, M_SONAME); >> *nam = (struct sockaddr *)sin6_p; >> } >> + >> +/* >> + * Join/leave the solicited multicast groups for proxy NDP entries. >> + */ >> +static void >> +in6_join_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst) >> +{ >> + struct in6_multi *inm; >> + struct in6_addr mltaddr; >> + char ip6buf[INET6_ADDRSTRLEN]; >> + int error; >> + >> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) != 0) >> + return; /* error logged in in6_solicited_node_maddr. */ >> + >> + error = in6_joingroup(ifp, &mltaddr, NULL, &inm, 0); >> + if (error != 0) { >> + nd6log((LOG_WARNING, >> + "%s: in6_joingroup failed for %s on %s (errno=%d)\n", >> + __func__, ip6_sprintf(ip6buf, &mltaddr), if_name(ifp), >> + error)); >> + } >> +} >> + >> +static void >> +in6_leave_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst) >> +{ >> + struct epoch_tracker et; >> + struct in6_multi *inm; >> + struct in6_addr mltaddr; >> + char ip6buf[INET6_ADDRSTRLEN]; >> + >> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) != 0) >> + return; /* error logged in in6_solicited_node_maddr. */ >> + >> + NET_EPOCH_ENTER(et); >> + inm = in6m_lookup(ifp, &mltaddr); >> + NET_EPOCH_EXIT(et); >> + if (inm != NULL) >> + in6_leavegroup(inm, NULL); >> + else >> + nd6log((LOG_WARNING, "%s: in6m_lookup failed for %s on %s\n", >> + __func__, ip6_sprintf(ip6buf, &mltaddr), if_name(ifp))); >> +} >> + >> +static bool >> +in6_lle_match_pub(struct lltable *llt, struct llentry *lle, void *farg) >> +{ >> + return ((lle->la_flags & LLE_PUB) != 0); >> +} >> + >> +void >> +in6_purge_proxy_ndp(struct ifnet *ifp) >> +{ >> + struct lltable *llt; >> + bool need_purge; >> + >> + llt = LLTABLE6(ifp); > > This panics here when I kldunload pfsync. > This fixes it for me: https://reviews.freebsd.org/D35374 Yep, I kinda forget the fact that not everything is IPv6-enabled (and some interfaces don’t require NDP at all). Thank you for the fix! > > Kristof