From nobody Thu Jun 1 12:08:16 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QX4f86CZTz4YNWs; Thu, 1 Jun 2023 12:08:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QX4f85m8vz4DJq; Thu, 1 Jun 2023 12:08:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685621296; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yoRgzmiGoK62DAw81KQnSyt8xN61txDf7re5ylBNGi8=; b=a2whLsHj+sBQifpGGyHgvZg6DNjtCe6I9rZ3topDNEfq85geZerx8A76Phdm8F1hn209Mj r0R74j7DIB8cmnr1paewURnpNMeXDAU8knII8flAhUoo+LmCrVwksnDLA7LrHlr+WxVHHt 7PANsG5LkjSjpoExXn88MLqmRcHlwED1XmLnylyGdL4+a75SPdl0jxP44eee/f+Ns2I77u 44e2TSF1PNwNv1DKBC3r9UYlLmU/wLD8kpCZwm6drPKTwRXCUzTZsnZlCe0G0gQvpEJNbO VChMUekHeYF/O9fJS8d4Okp1TZK5ps2+6bff7CZqqeBfT9NLtQwoSTV5F7eQZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685621296; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yoRgzmiGoK62DAw81KQnSyt8xN61txDf7re5ylBNGi8=; b=PuK+nx1zEdkUiaPbFsX5ZIKX4JJKCPdclyyX3r3v04UCV0vLPTltB83lHxpv4M2zYQoXw2 cDK77ElRMPpe30QXAnHaS+Zw0u6F3qCiY/ci8qsnRdEmWmVTh6GRe5Ods/QOpoHAGRH+27 cLgqZeeatvgrQLd36J6sq7BZZiw65yCQQ8T75uqFrv8Vp4oeuhKRz7mqzsQNZyCV7D5JBZ 3mogiwfiGNcnpN4d/l1EjMuS9XlGK6uu9QeTU7WpXERhJcvz1Pz7imCYge57m2O4mCi4gZ trtP/DojAqeGt2M+25UUmNhLQou4TRcyGEgSI4kg5jcDlmxCnvLGoHNk36sxKw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685621296; a=rsa-sha256; cv=none; b=KHhv80p0RAj5N0t0cCE6vdM7T4pfoGNNY9E4CtOhUWVrfZ2gaLjE2e3FXJSUqNVuXRx9t9 iA9Zf4hB7axPZu0LB0THH+ZSYM46t771xZc5wdsq558urNMNmOhQU+8kJfoJEyaP97wGcs lkspF9h0gaAkV2z0SZQEe1gwZ5Q02dof6zgheFRaSMD/yMYZCaeludXECUF7hlj9vzOKTj CAw2+DRXSy0a9SLYCI3AwlkXyhjseMxIreFZTviPegyp1uV+PavOTDXjNrGyw9gwSYqLii XC071dCH1JBAEgY7zwrIswGuvjMRN/bgrHZOGdQuMGahfxq6oZZZMe8rZVeirg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QX4f84qLmzGVK; Thu, 1 Jun 2023 12:08:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 351C8GSO072092; Thu, 1 Jun 2023 12:08:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 351C8Gca072091; Thu, 1 Jun 2023 12:08:16 GMT (envelope-from git) Date: Thu, 1 Jun 2023 12:08:16 GMT Message-Id: <202306011208.351C8Gca072091@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Alexander V. Chernikov" Subject: git: e32221a15f08 - main - netinet6: make IPv6 fragment TTL per-VNET configurable. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: melifaro X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e32221a15f089282e5dfe18891c5312b26cbe3ba Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by melifaro: URL: https://cgit.FreeBSD.org/src/commit/?id=e32221a15f089282e5dfe18891c5312b26cbe3ba commit e32221a15f089282e5dfe18891c5312b26cbe3ba Author: Alexander V. Chernikov AuthorDate: 2023-06-01 12:04:49 +0000 Commit: Alexander V. Chernikov CommitDate: 2023-06-01 12:04:49 +0000 netinet6: make IPv6 fragment TTL per-VNET configurable. Having it configurable adds more flexibility, especially for the systems with low amount of memory. Additionally, it allows to speedup frag6/ tests execution. Reviewed by: kp, markj, bz Differential Revision: https://reviews.freebsd.org/D35755 MFC after: 2 weeks --- sys/netinet/ip6.h | 2 +- sys/netinet6/frag6.c | 64 +++++++++++++++++++++++++++++++++--- sys/netinet6/ip6_var.h | 2 +- tests/sys/netinet6/frag6/frag6.subr | 10 ++++-- tests/sys/netinet6/frag6/frag6_01.py | 2 +- tests/sys/netinet6/frag6/frag6_05.py | 2 +- tests/sys/netinet6/frag6/frag6_07.py | 2 +- tests/sys/netinet6/frag6/frag6_08.py | 2 +- tests/sys/netinet6/frag6/frag6_09.py | 2 +- tests/sys/netinet6/frag6/frag6_10.py | 2 +- tests/sys/netinet6/frag6/frag6_11.py | 2 +- tests/sys/netinet6/frag6/frag6_12.py | 2 +- tests/sys/netinet6/frag6/frag6_13.py | 2 +- tests/sys/netinet6/frag6/frag6_14.py | 2 +- tests/sys/netinet6/frag6/frag6_20.py | 2 +- 15 files changed, 79 insertions(+), 21 deletions(-) diff --git a/sys/netinet/ip6.h b/sys/netinet/ip6.h index 6617e1ca7d00..30482c6985cf 100644 --- a/sys/netinet/ip6.h +++ b/sys/netinet/ip6.h @@ -254,7 +254,7 @@ struct ip6_frag { */ #define IPV6_MAXHLIM 255 /* maximum hoplimit */ #define IPV6_DEFHLIM 64 /* default hlim */ -#define IPV6_FRAGTTL 120 /* ttl for fragment packets, in slowtimo tick */ +#define IPV6_DEFFRAGTTL 60000 /* Default fragment packets lifetime, in milliseconds */ #define IPV6_HLIMDEC 1 /* subtracted when forwarding */ #define IPV6_MMTU 1280 /* minimal MTU and reassembly. 1024 + 256 */ diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c index d634f869acd5..5acdc1b20981 100644 --- a/sys/netinet6/frag6.c +++ b/sys/netinet6/frag6.c @@ -125,6 +125,10 @@ VNET_DEFINE_STATIC(volatile u_int, frag6_nfragpackets); #define V_ip6_maxfragpackets VNET(ip6_maxfragpackets) #define V_frag6_nfragpackets VNET(frag6_nfragpackets) +/* Maximum per-VNET reassembly timeout (milliseconds) */ +VNET_DEFINE_STATIC(u_int, ip6_fraglifetime) = IPV6_DEFFRAGTTL; +#define V_ip6_fraglifetime VNET(ip6_fraglifetime) + /* Maximum per-VNET reassembly queues per bucket and fragments per packet. */ VNET_DEFINE_STATIC(int, ip6_maxfragbucketsize); VNET_DEFINE_STATIC(int, ip6_maxfragsperpacket); @@ -159,6 +163,9 @@ VNET_DEFINE_STATIC(uint32_t, ip6qb_hashseed); #define IP6_MAXFRAGS (nmbclusters / 32) #define IP6_MAXFRAGPACKETS (imin(IP6_MAXFRAGS, IP6REASS_NHASH * 50)) +/* Interval between periodic reassembly queue inspections */ +#define IP6_CALLOUT_INTERVAL_MS 500 + /* * Sysctls and helper function. */ @@ -213,6 +220,53 @@ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGBUCKETSIZE, maxfragbucketsize, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_maxfragbucketsize), 0, "Maximum number of reassembly queues per hash bucket"); +static int +frag6_milli_to_callout_ticks(int ms) +{ + return (ms / IP6_CALLOUT_INTERVAL_MS); +} + +static int +frag6_callout_ticks_to_milli(int ms) +{ + return (ms * IP6_CALLOUT_INTERVAL_MS); +} + +_Static_assert(sizeof(((struct ip6q *)NULL)->ip6q_ttl) >= 2, + "ip6q_ttl field is not large enough"); + +static int +sysctl_ip6_fraglifetime(SYSCTL_HANDLER_ARGS) +{ + int error, val; + + val = V_ip6_fraglifetime; + error = sysctl_handle_int(oidp, &val, 0, req); + if (error != 0 || !req->newptr) + return (error); + if (val <= 0) + val = IPV6_DEFFRAGTTL; + + if (frag6_milli_to_callout_ticks(val) >= 65536) + val = frag6_callout_ticks_to_milli(65535); +#ifdef VIMAGE + if (!IS_DEFAULT_VNET(curvnet)) { + CURVNET_SET(vnet0); + int host_val = V_ip6_fraglifetime; + CURVNET_RESTORE(); + + if (val > host_val) + val = host_val; + } +#endif + V_ip6_fraglifetime = val; + return (0); +} +SYSCTL_PROC(_net_inet6_ip6, OID_AUTO, fraglifetime_ms, + CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, + NULL, 0, sysctl_ip6_fraglifetime, "I", + "Fragment lifetime, in milliseconds"); + /* * Remove the IPv6 fragmentation header from the mbuf. */ @@ -552,7 +606,7 @@ frag6_input(struct mbuf **mp, int *offp, int proto) /* ip6q_nxt will be filled afterwards, from 1st fragment. */ TAILQ_INIT(&q6->ip6q_frags); q6->ip6q_ident = ip6f->ip6f_ident; - q6->ip6q_ttl = IPV6_FRAGTTL; + q6->ip6q_ttl = frag6_milli_to_callout_ticks(V_ip6_fraglifetime); q6->ip6q_src = ip6->ip6_src; q6->ip6q_dst = ip6->ip6_dst; q6->ip6q_ecn = IPV6_ECN(ip6); @@ -952,8 +1006,8 @@ frag6_slowtimo(void *arg __unused) } VNET_LIST_RUNLOCK_NOSLEEP(); done: - callout_reset_sbt(&frag6_callout, SBT_1MS * 500, SBT_1MS * 10, - frag6_slowtimo, NULL, 0); + callout_reset_sbt(&frag6_callout, SBT_1MS * IP6_CALLOUT_INTERVAL_MS, + SBT_1MS * 10, frag6_slowtimo, NULL, 0); } static void @@ -961,8 +1015,8 @@ frag6_slowtimo_init(void *arg __unused) { callout_init(&frag6_callout, 1); - callout_reset_sbt(&frag6_callout, SBT_1MS * 500, SBT_1MS * 10, - frag6_slowtimo, NULL, 0); + callout_reset_sbt(&frag6_callout, SBT_1MS * IP6_CALLOUT_INTERVAL_MS, + SBT_1MS * 10, frag6_slowtimo, NULL, 0); } SYSINIT(frag6, SI_SUB_VNET_DONE, SI_ORDER_ANY, frag6_slowtimo_init, NULL); diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index c267503d7151..bc409780feec 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -81,7 +81,7 @@ struct ip6q { u_int32_t ip6q_ident; u_int8_t ip6q_nxt; u_int8_t ip6q_ecn; - u_int8_t ip6q_ttl; + u_int16_t ip6q_ttl; struct in6_addr ip6q_src, ip6q_dst; TAILQ_ENTRY(ip6q) ip6q_tq; int ip6q_unfrglen; /* len of unfragmentable part */ diff --git a/tests/sys/netinet6/frag6/frag6.subr b/tests/sys/netinet6/frag6/frag6.subr index 1ea947c72de5..6f7d0799642c 100644 --- a/tests/sys/netinet6/frag6/frag6.subr +++ b/tests/sys/netinet6/frag6/frag6.subr @@ -59,13 +59,17 @@ frag6_body() jname="v6t-${id}-${yl}-${xl}" vnet_mkjail ${jname} ${epair}b + jexec ${jname} sysctl net.inet6.ip6.dad_count=0 jexec ${jname} ifconfig ${epair}b up jexec ${jname} ifconfig ${epair}b inet6 ${ip6b}/64 + # Set max fragment reassembly time to 2 seconds + jexec ${jname} sysctl net.inet6.ip6.fraglifetime_ms=2000 + # Let IPv6 ND do its thing. - #ping6 -q -c 1 ff02::1%${epair}a - #ping6 -q -c 1 ${ip6b} - sleep 3 + while [ `ifconfig ${epair}a inet6 | grep -c tentative` != "0" ]; do + sleep 0.1 + done # We need to try to make sure all expiry happened, otherwise there might # be global fragments queued. (This still does not rule out that there diff --git a/tests/sys/netinet6/frag6/frag6_01.py b/tests/sys/netinet6/frag6/frag6_01.py index efa99ce65759..db6cabc1a84a 100644 --- a/tests/sys/netinet6/frag6/frag6_01.py +++ b/tests/sys/netinet6/frag6/frag6_01.py @@ -105,7 +105,7 @@ def main(): # We should only need to sleep 0.10 but it seems scapy # takes time for this one. - sleep(75) + sleep(3) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: diff --git a/tests/sys/netinet6/frag6/frag6_05.py b/tests/sys/netinet6/frag6/frag6_05.py index f9bc947d5465..9c98ea1aaf2e 100644 --- a/tests/sys/netinet6/frag6/frag6_05.py +++ b/tests/sys/netinet6/frag6/frag6_05.py @@ -79,7 +79,7 @@ def main(): sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # Wait for possible expiry to happen. - sleep(75) + sleep(3) sys.exit(0) if __name__ == '__main__': diff --git a/tests/sys/netinet6/frag6/frag6_07.py b/tests/sys/netinet6/frag6/frag6_07.py index 231f49eac2e0..540c5012e524 100644 --- a/tests/sys/netinet6/frag6/frag6_07.py +++ b/tests/sys/netinet6/frag6/frag6_07.py @@ -168,7 +168,7 @@ def main(): sys.exit(1) # Wait for expiry from first test run. - sleep(75) + sleep(3) sniffer2.setEnd() sniffer2.join() if not sniffer2.foundCorrectPacket: diff --git a/tests/sys/netinet6/frag6/frag6_08.py b/tests/sys/netinet6/frag6/frag6_08.py index 25f57f702e71..74d7495f43cb 100644 --- a/tests/sys/netinet6/frag6/frag6_08.py +++ b/tests/sys/netinet6/frag6/frag6_08.py @@ -142,7 +142,7 @@ def main(): sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) - sleep(75) + sleep(3) sniffer2.setEnd() sniffer2.join() if not sniffer2.foundCorrectPacket: diff --git a/tests/sys/netinet6/frag6/frag6_09.py b/tests/sys/netinet6/frag6/frag6_09.py index 63ec646e1175..b5c519040292 100644 --- a/tests/sys/netinet6/frag6/frag6_09.py +++ b/tests/sys/netinet6/frag6/frag6_09.py @@ -99,7 +99,7 @@ def main(): sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # Wait for ICMPv6 error generation on timeout. - sleep(75) + sleep(3) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: diff --git a/tests/sys/netinet6/frag6/frag6_10.py b/tests/sys/netinet6/frag6/frag6_10.py index fcd331190c02..191e3fc3e075 100644 --- a/tests/sys/netinet6/frag6/frag6_10.py +++ b/tests/sys/netinet6/frag6/frag6_10.py @@ -75,7 +75,7 @@ def main(): # We do not generate ICMPv6 for non-off=0-segments. # Wait for expiry. - sleep(75) + sleep(3) sys.exit(0) diff --git a/tests/sys/netinet6/frag6/frag6_11.py b/tests/sys/netinet6/frag6/frag6_11.py index 6b9643337597..be50a766ab1a 100644 --- a/tests/sys/netinet6/frag6/frag6_11.py +++ b/tests/sys/netinet6/frag6/frag6_11.py @@ -75,7 +75,7 @@ def main(): # Wait for expiration to happen. We will not see an ICMPv6 as there # is no frag with offset=0. - sleep(75) + sleep(3) sys.exit(0) diff --git a/tests/sys/netinet6/frag6/frag6_12.py b/tests/sys/netinet6/frag6/frag6_12.py index a683782f2b69..d82610a0f75b 100644 --- a/tests/sys/netinet6/frag6/frag6_12.py +++ b/tests/sys/netinet6/frag6/frag6_12.py @@ -101,7 +101,7 @@ def main(): sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # Wait for ICMPv6 error generation on timeout. - sleep(75) + sleep(3) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: diff --git a/tests/sys/netinet6/frag6/frag6_13.py b/tests/sys/netinet6/frag6/frag6_13.py index e377a4272fa1..a8717c2c795c 100644 --- a/tests/sys/netinet6/frag6/frag6_13.py +++ b/tests/sys/netinet6/frag6/frag6_13.py @@ -117,7 +117,7 @@ def main(): sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) # Wait for expiry. - sleep(75) + sleep(3) sys.exit(0) if __name__ == '__main__': diff --git a/tests/sys/netinet6/frag6/frag6_14.py b/tests/sys/netinet6/frag6/frag6_14.py index b53a65e67529..49fae50f4bae 100644 --- a/tests/sys/netinet6/frag6/frag6_14.py +++ b/tests/sys/netinet6/frag6/frag6_14.py @@ -132,7 +132,7 @@ def main(): sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) # Wait for expiry. - sleep(75) + sleep(3) sys.exit(0) if __name__ == '__main__': diff --git a/tests/sys/netinet6/frag6/frag6_20.py b/tests/sys/netinet6/frag6/frag6_20.py index 6dd4c2379357..4a68b242a23e 100755 --- a/tests/sys/netinet6/frag6/frag6_20.py +++ b/tests/sys/netinet6/frag6/frag6_20.py @@ -127,7 +127,7 @@ def main(): sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) - sleep(75) + sleep(3) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: