Re: git: d6cd20cc5c47 - main - netinet6: fix ndp proxying
Date: Tue, 31 May 2022 19:34:25 UTC
On 30 May 2022, at 12:54, Alexander V. Chernikov wrote:
> The branch main has been updated by melifaro:
>
> URL: https://cgit.FreeBSD.org/src/commit/?id=d6cd20cc5c475e8bbf257ac1474ff490ae4dcab6
>
> commit d6cd20cc5c475e8bbf257ac1474ff490ae4dcab6
> Author: KUROSAWA Takahiro <takahiro.kurosawa@gmail.com>
> AuthorDate: 2022-05-30 07:51:15 +0000
> Commit: Alexander V. Chernikov <melifaro@FreeBSD.org>
> CommitDate: 2022-05-30 10:53:33 +0000
>
> netinet6: fix ndp proxying
>
> We could insert proxy NDP entries by the ndp command, but the host
> with proxy ndp entries had not responded to Neighbor Solicitations.
> Change the following points for proxy NDP to work as expected:
> * join solicited-node multicast addresses for proxy NDP entries
> in order to receive Neighbor Solicitations.
> * look up proxy NDP entries not on the routing table but on the
> link-level address table when receiving Neighbor Solicitations.
>
> Reviewed By: melifaro
> Differential Revision: https://reviews.freebsd.org/D35307
> MFC after: 2 weeks
> ---
> sys/net/if.c | 10 ++
> sys/net/if_llatbl.c | 48 +++++++++
> sys/net/if_llatbl.h | 12 ++-
> sys/netinet6/in6.c | 111 ++++++++++++++++++--
> sys/netinet6/in6_var.h | 2 +
> sys/netinet6/nd6_nbr.c | 57 ++++++-----
> tests/sys/netinet6/Makefile | 3 +-
> tests/sys/netinet6/proxy_ndp.sh | 222 ++++++++++++++++++++++++++++++++++++++++
> 8 files changed, 425 insertions(+), 40 deletions(-)
>
> diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
> index a39f7734e0ba..857e05c0f112 100644
> --- a/sys/netinet6/in6.c
> +++ b/sys/netinet6/in6.c
> @@ -2621,3 +2643,72 @@ in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam)
> free(*nam, M_SONAME);
> *nam = (struct sockaddr *)sin6_p;
> }
> +
> +/*
> + * Join/leave the solicited multicast groups for proxy NDP entries.
> + */
> +static void
> +in6_join_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst)
> +{
> + struct in6_multi *inm;
> + struct in6_addr mltaddr;
> + char ip6buf[INET6_ADDRSTRLEN];
> + int error;
> +
> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) != 0)
> + return; /* error logged in in6_solicited_node_maddr. */
> +
> + error = in6_joingroup(ifp, &mltaddr, NULL, &inm, 0);
> + if (error != 0) {
> + nd6log((LOG_WARNING,
> + "%s: in6_joingroup failed for %s on %s (errno=%d)\n",
> + __func__, ip6_sprintf(ip6buf, &mltaddr), if_name(ifp),
> + error));
> + }
> +}
> +
> +static void
> +in6_leave_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst)
> +{
> + struct epoch_tracker et;
> + struct in6_multi *inm;
> + struct in6_addr mltaddr;
> + char ip6buf[INET6_ADDRSTRLEN];
> +
> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) != 0)
> + return; /* error logged in in6_solicited_node_maddr. */
> +
> + NET_EPOCH_ENTER(et);
> + inm = in6m_lookup(ifp, &mltaddr);
> + NET_EPOCH_EXIT(et);
> + if (inm != NULL)
> + in6_leavegroup(inm, NULL);
> + else
> + nd6log((LOG_WARNING, "%s: in6m_lookup failed for %s on %s\n",
> + __func__, ip6_sprintf(ip6buf, &mltaddr), if_name(ifp)));
> +}
> +
> +static bool
> +in6_lle_match_pub(struct lltable *llt, struct llentry *lle, void *farg)
> +{
> + return ((lle->la_flags & LLE_PUB) != 0);
> +}
> +
> +void
> +in6_purge_proxy_ndp(struct ifnet *ifp)
> +{
> + struct lltable *llt;
> + bool need_purge;
> +
> + llt = LLTABLE6(ifp);
This panics here when I kldunload pfsync.
This fixes it for me: https://reviews.freebsd.org/D35374
Kristof