From nobody Tue May 31 19:56:59 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4DBF61B41C31; Tue, 31 May 2022 19:57:13 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from forward500j.mail.yandex.net (forward500j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4LCNN7284Wz3PPB; Tue, 31 May 2022 19:57:10 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from sas1-345d03a7038e.qloud-c.yandex.net (sas1-345d03a7038e.qloud-c.yandex.net [IPv6:2a02:6b8:c08:4cab:0:640:345d:3a7]) by forward500j.mail.yandex.net (Yandex) with ESMTP id 5F8106CB6701; Tue, 31 May 2022 22:57:02 +0300 (MSK) Received: from sas2-cc22fd2335f8.qloud-c.yandex.net (sas2-cc22fd2335f8.qloud-c.yandex.net [2a02:6b8:c08:6c82:0:640:cc22:fd23]) by sas1-345d03a7038e.qloud-c.yandex.net (mxback/Yandex) with ESMTP id xrQNMGlg6H-v2fmVu5U; Tue, 31 May 2022 22:57:02 +0300 X-Yandex-Fwd: 2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfw.ru; s=mail; t=1654027022; bh=mDupoA+hUw0Lj6ygUNRGlnubfKZijxJEwjIZJ/uFKG8=; h=References:Date:In-Reply-To:Subject:Cc:From:Message-Id:To; b=N6/ehyJbe4d37c28khRURDkAiVvP00ouEwjeomh8MpuSnCDq1koG4LeBZ8l69wlVR lOuXO3NX3hRU/Ho7rdZJIaly6IzyhIiVk7nsx+s6a8cBhT+qx5ph91J7SnM7CcoONX 8ZH4kcaLUgf38T6fPb7TjEfGuEmt21xGMp5CXajc= Received: by sas2-cc22fd2335f8.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id kieQ4EDPd1-v1NWh2Mv; Tue, 31 May 2022 22:57:01 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) Content-Type: text/plain; charset=utf-8 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\)) Subject: Re: git: d6cd20cc5c47 - main - netinet6: fix ndp proxying From: "Alexander V. Chernikov" In-Reply-To: <9BB758A5-D0C4-476E-ACD4-A27C98276F7B@FreeBSD.org> Date: Tue, 31 May 2022 20:56:59 +0100 Cc: "Alexander V. Chernikov" , "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Content-Transfer-Encoding: quoted-printable Message-Id: References: <202205301054.24UAs4m6066923@gitrepo.freebsd.org> <9BB758A5-D0C4-476E-ACD4-A27C98276F7B@FreeBSD.org> To: Kristof Provost X-Mailer: Apple Mail (2.3693.60.0.1.1) X-Rspamd-Queue-Id: 4LCNN7284Wz3PPB X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ipfw.ru header.s=mail header.b="N6/ehyJb"; dmarc=none; spf=pass (mx1.freebsd.org: domain of melifaro@ipfw.ru designates 2a02:6b8:0:801:2::110 as permitted sender) smtp.mailfrom=melifaro@ipfw.ru X-Spamd-Result: default: False [-3.10 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[ipfw.ru:s=mail]; FREEFALL_USER(0.00)[melifaro]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; DMARC_NA(0.00)[ipfw.ru]; RCPT_COUNT_FIVE(0.00)[5]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[ipfw.ru:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MLMMJ_DEST(0.00)[dev-commits-src-all,dev-commits-src-main]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:208722, ipnet:2a02:6b8::/32, country:FI]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[2a02:6b8:0:801:2::110:from] X-ThisMailContainsUnwantedMimeParts: N > On 31 May 2022, at 20:34, Kristof Provost wrote: >=20 > On 30 May 2022, at 12:54, Alexander V. Chernikov wrote: >> The branch main has been updated by melifaro: >>=20 >> URL: = https://cgit.FreeBSD.org/src/commit/?id=3Dd6cd20cc5c475e8bbf257ac1474ff490= ae4dcab6 >>=20 >> commit d6cd20cc5c475e8bbf257ac1474ff490ae4dcab6 >> Author: KUROSAWA Takahiro >> AuthorDate: 2022-05-30 07:51:15 +0000 >> Commit: Alexander V. Chernikov >> CommitDate: 2022-05-30 10:53:33 +0000 >>=20 >> netinet6: fix ndp proxying >>=20 >> We could insert proxy NDP entries by the ndp command, but the host >> with proxy ndp entries had not responded to Neighbor = Solicitations. >> Change the following points for proxy NDP to work as expected: >> * join solicited-node multicast addresses for proxy NDP entries >> in order to receive Neighbor Solicitations. >> * look up proxy NDP entries not on the routing table but on the >> link-level address table when receiving Neighbor Solicitations. >>=20 >> Reviewed By: melifaro >> Differential Revision: https://reviews.freebsd.org/D35307 >> MFC after: 2 weeks >> --- >> sys/net/if.c | 10 ++ >> sys/net/if_llatbl.c | 48 +++++++++ >> sys/net/if_llatbl.h | 12 ++- >> sys/netinet6/in6.c | 111 ++++++++++++++++++-- >> sys/netinet6/in6_var.h | 2 + >> sys/netinet6/nd6_nbr.c | 57 ++++++----- >> tests/sys/netinet6/Makefile | 3 +- >> tests/sys/netinet6/proxy_ndp.sh | 222 = ++++++++++++++++++++++++++++++++++++++++ >> 8 files changed, 425 insertions(+), 40 deletions(-) >>=20 >=20 >> diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c >> index a39f7734e0ba..857e05c0f112 100644 >> --- a/sys/netinet6/in6.c >> +++ b/sys/netinet6/in6.c >=20 >> @@ -2621,3 +2643,72 @@ in6_sin_2_v4mapsin6_in_sock(struct sockaddr = **nam) >> free(*nam, M_SONAME); >> *nam =3D (struct sockaddr *)sin6_p; >> } >> + >> +/* >> + * Join/leave the solicited multicast groups for proxy NDP entries. >> + */ >> +static void >> +in6_join_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst) >> +{ >> + struct in6_multi *inm; >> + struct in6_addr mltaddr; >> + char ip6buf[INET6_ADDRSTRLEN]; >> + int error; >> + >> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) !=3D 0) >> + return; /* error logged in in6_solicited_node_maddr. */ >> + >> + error =3D in6_joingroup(ifp, &mltaddr, NULL, &inm, 0); >> + if (error !=3D 0) { >> + nd6log((LOG_WARNING, >> + "%s: in6_joingroup failed for %s on %s = (errno=3D%d)\n", >> + __func__, ip6_sprintf(ip6buf, &mltaddr), = if_name(ifp), >> + error)); >> + } >> +} >> + >> +static void >> +in6_leave_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr = *dst) >> +{ >> + struct epoch_tracker et; >> + struct in6_multi *inm; >> + struct in6_addr mltaddr; >> + char ip6buf[INET6_ADDRSTRLEN]; >> + >> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) !=3D 0) >> + return; /* error logged in in6_solicited_node_maddr. */ >> + >> + NET_EPOCH_ENTER(et); >> + inm =3D in6m_lookup(ifp, &mltaddr); >> + NET_EPOCH_EXIT(et); >> + if (inm !=3D NULL) >> + in6_leavegroup(inm, NULL); >> + else >> + nd6log((LOG_WARNING, "%s: in6m_lookup failed for %s on = %s\n", >> + __func__, ip6_sprintf(ip6buf, &mltaddr), = if_name(ifp))); >> +} >> + >> +static bool >> +in6_lle_match_pub(struct lltable *llt, struct llentry *lle, void = *farg) >> +{ >> + return ((lle->la_flags & LLE_PUB) !=3D 0); >> +} >> + >> +void >> +in6_purge_proxy_ndp(struct ifnet *ifp) >> +{ >> + struct lltable *llt; >> + bool need_purge; >> + >> + llt =3D LLTABLE6(ifp); >=20 > This panics here when I kldunload pfsync. > This fixes it for me: https://reviews.freebsd.org/D35374 Yep, I kinda forget the fact that not everything is IPv6-enabled (and = some interfaces don=E2=80=99t require NDP at all). Thank you for the fix! >=20 > Kristof