From nobody Thu Mar 5 11:12:51 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fRRhz5FVVz6SqTx for ; Thu, 05 Mar 2026 11:12:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fRRhz35pCz3y0y for ; Thu, 05 Mar 2026 11:12:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1772709171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oVBUKqEKgLjm7vg8m8a0I4n20fU3E1tkNyWYTKs8FQ0=; b=KIpnnU8ssZSfkv8cpPOroHvq4ZUA+mI4Zr8Hvhpp2PyUjVmp2VyxRlPc6D81mSn9mk19yy 2ccs4qUwtdSRkfKa/LvBvvHueEenSWUTBEw1MIh1lGfOEyeu79gCGVnFjN6e2GLxeY/pNI E/rJ9ZWNl1QRnllU3U7ApL2RYx26Y3dZSU9I4gxY+wqV9k/945eEBLADptsUJORIAl0RY6 KFgAGo3BTTGocnE65z+pNbqEzJ8xZ5o2YeL4RGrkHy88abDhtH+vEYnUOrX9PHVj7TCY4F A3/sG7r411RtACvgcos0yruUro9VPTUwF4N05TtG4ublGzj7muculwtefLSZGA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1772709171; a=rsa-sha256; cv=none; b=I3e4vC99+tgtzftcHGS/9ZJaqiIFIDt5SbwsS7Aorq9YE1GyFtg1x/YNseAj/Jst7vil4o 56GpJC9kDbZfUsJIa1gkOS5l3fg9x7LSCvyWG4bkaoxtmWf1mo9Wm5Rmq7jj19XmwCKu05 VNvNMjvDdgqSjRO++evUfgv/+pNJVyTp1h2gofBUyZfPHp/KVtoh4Os8X+4i2qWIhZ8ONg ZjqLsxUV1Kc41NlfHI7+gbKXOLzl1mdV1k4EA8uHh8zLDppZ5OKRAxEBXLDLYQKJyFN/jj 3Nou/jWYruW7qMZjy9OmFqqMtaAoxy4AjpBb1GxhnOI009hGD54frBbTBNPJgQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1772709171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oVBUKqEKgLjm7vg8m8a0I4n20fU3E1tkNyWYTKs8FQ0=; b=eh8YcaMfYDcZ3ZQSihwa6cRPFv0318/bQUMVo5GQfLtTh5R3Lt2A2T3CZJTyesukPVf+SW u8FShftKw33/GHepaq0LpUee/yANyd5QbFvioNbYQsAoVzf+Fn0V1aYDsReEQ/4nUXD6uJ dloQNXuBobrrcLOmsxJAzwTmO0asu/pKoLuuk9YLC+NaYwj4nqk9GPM63DuY3g1ZT8PIch Kp/4/C3gngw0uwT0hmo4pBQca9gtV6IYnLxHLZbPjwTWfYMliAbicFOGBArqeTvloeLTU/ BNSG0d2E6xgDcTQplVBhkRXUNpqhS4S1gJmn0wMHZHh3XkQ/Xpprpa4mZZvAEg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fRRhz2R0szbKd for ; Thu, 05 Mar 2026 11:12:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3eacf by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 05 Mar 2026 11:12:51 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Cochard Subject: git: 9f71153aec0c - main - carp: fix global demotion counter to VRRP advertisements List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olivier X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9f71153aec0cb455cd49af6d4ca7e4c16fd45d7a Auto-Submitted: auto-generated Date: Thu, 05 Mar 2026 11:12:51 +0000 Message-Id: <69a96533.3eacf.766f5032@gitrepo.freebsd.org> The branch main has been updated by olivier: URL: https://cgit.FreeBSD.org/src/commit/?id=9f71153aec0cb455cd49af6d4ca7e4c16fd45d7a commit 9f71153aec0cb455cd49af6d4ca7e4c16fd45d7a Author: Olivier Cochard AuthorDate: 2026-03-05 11:02:20 +0000 Commit: Olivier Cochard CommitDate: 2026-03-05 11:02:20 +0000 carp: fix global demotion counter to VRRP advertisements When net.inet.carp.preempt=1 and a physical interface goes down, the global V_carp_demotion counter is incremented. For CARP this was already reflected in outgoing advertisements via DEMOTE_ADVSKEW(), but VRRP sent the raw sc_vrrp_prio unchanged, so demotion had no effect. Add DEMOTE_VRRP_PRIO(), a macro analogous to DEMOTE_ADVSKEW(): It subtracts V_carp_demotion from the configured priority and clamps the result to [0, 254]. Priority 0 is VRRPv3's "resign" signal and causes backups to preempt immediately. Priority 255 (IP address owner) is never demoted. Reviewed by: kp Approved by: kp Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D55558 --- sys/netinet/ip_carp.c | 17 ++++++++++--- tests/sys/netinet/carp.sh | 61 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 3 deletions(-) diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c index d33ac4e9a154..3fedbda6b57f 100644 --- a/sys/netinet/ip_carp.c +++ b/sys/netinet/ip_carp.c @@ -331,6 +331,17 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_carp, OID_AUTO, stats, struct carpstats, (((sc)->sc_advskew + V_carp_demotion < 0) ? \ 0 : ((sc)->sc_advskew + V_carp_demotion))) +/* + * VRRPv3 priority is the inverse of CARP advskew: higher is better. + * Subtract the global demotion counter and clamp to [0, 254]. + * Priority 255 (IP address owner) is never demoted. + */ +#define DEMOTE_VRRP_PRIO(sc) \ + ((sc)->sc_vrrp_prio == 255 ? 255 : \ + (((int)(sc)->sc_vrrp_prio - V_carp_demotion < 0) ? 0 : \ + (((int)(sc)->sc_vrrp_prio - V_carp_demotion > 254) ? 254 : \ + (int)(sc)->sc_vrrp_prio - V_carp_demotion))) + static void carp_input_c(struct mbuf *, struct carp_header *, sa_family_t, int); static void vrrp_input_c(struct mbuf *, int, sa_family_t, int, int, uint16_t); static struct carp_softc @@ -1009,7 +1020,7 @@ vrrp_input_c(struct mbuf *m, int off, sa_family_t af, int ttl, * Same if the peer has a higher priority than us. */ if (ntohs(vh->vrrp_max_adver_int) < sc->sc_vrrp_adv_inter || - vh->vrrp_priority > sc->sc_vrrp_prio) { + vh->vrrp_priority > DEMOTE_VRRP_PRIO(sc)) { callout_stop(&sc->sc_ad_tmo); carp_set_state(sc, BACKUP, "more frequent advertisement received"); @@ -1023,7 +1034,7 @@ vrrp_input_c(struct mbuf *m, int off, sa_family_t af, int ttl, * and this one claims to be slower, treat him as down. */ if (V_carp_preempt && (ntohs(vh->vrrp_max_adver_int) > sc->sc_vrrp_adv_inter - || vh->vrrp_priority < sc->sc_vrrp_prio)) { + || vh->vrrp_priority < DEMOTE_VRRP_PRIO(sc))) { carp_master_down_locked(sc, "preempting a slower master"); break; @@ -1359,7 +1370,7 @@ vrrp_send_ad_locked(struct carp_softc *sc) .vrrp_version = CARP_VERSION_VRRPv3, .vrrp_type = VRRP_TYPE_ADVERTISEMENT, .vrrp_vrtid = sc->sc_vhid, - .vrrp_priority = sc->sc_vrrp_prio, + .vrrp_priority = DEMOTE_VRRP_PRIO(sc), .vrrp_count_addr = 0, .vrrp_max_adver_int = htons(sc->sc_vrrp_adv_inter), .vrrp_checksum = 0, diff --git a/tests/sys/netinet/carp.sh b/tests/sys/netinet/carp.sh index 90ed9d6f9baf..e0ef2fd97583 100755 --- a/tests/sys/netinet/carp.sh +++ b/tests/sys/netinet/carp.sh @@ -497,6 +497,66 @@ negative_demotion_cleanup() vnet_cleanup } +atf_test_case "vrrp_preempt" "cleanup" +vrrp_preempt_head() +{ + atf_set descr 'Test VRRP preemption' + atf_set require.user root +} + +vrrp_preempt_body() +{ + carp_init + + epair1=$(vnet_mkepair) + epair2=$(vnet_mkepair) + + vnet_mkjail one ${epair1}a ${epair2}a + jexec one sysctl net.inet.carp.preempt=1 + jexec one ifconfig ${epair1}a 192.0.2.1/24 up + jexec one ifconfig ${epair1}a add vhid 1 carpver 3 192.0.2.254/24 \ + vrrpprio 10 pass foobar1 + jexec one ifconfig ${epair2}a 192.0.3.1/24 up + jexec one ifconfig ${epair2}a add vhid 2 carpver 3 192.0.3.254/24 \ + vrrpprio 10 pass foobar2 + + vnet_mkjail two ${epair1}b ${epair2}b + jexec two sysctl net.inet.carp.preempt=1 + jexec two ifconfig ${epair1}b 192.0.2.2/24 up + jexec two ifconfig ${epair2}b 192.0.3.2/24 up + jexec two ifconfig ${epair1}b add vhid 1 carpver 3 192.0.2.254/24 \ + vrrpprio 1 pass foobar1 + jexec two ifconfig ${epair2}b add vhid 2 carpver 3 192.0.3.254/24 \ + vrrpprio 1 pass foobar2 + + # Allow things to settle + wait_for_carp one ${epair1}a two ${epair1}b + wait_for_carp one ${epair2}a two ${epair2}b + + # Bring down one interface; preemption should demote the second interface too + jexec one ifconfig ${epair1}a down + sleep 3 + + if is_master one ${epair2}a + then + atf_fail "preemption did not affect the second interface" + fi + + # Bring interface back up; one should reclaim master + jexec one ifconfig ${epair1}a up + sleep 3 + + if ! is_master one ${epair2}a + then + atf_fail "Priority router did not take its master role back" + fi +} + +vrrp_preempt_cleanup() +{ + vnet_cleanup +} + atf_test_case "nd6_ns_source_mac" "cleanup" @@ -596,5 +656,6 @@ atf_init_test_cases() atf_add_test_case "unicast_ll_v6" atf_add_test_case "negative_demotion" atf_add_test_case "nd6_ns_source_mac" + atf_add_test_case "vrrp_preempt" atf_add_test_case "switch" }