From owner-dev-commits-src-main@freebsd.org Mon Jan 11 20:00:43 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C1E954E45E8; Mon, 11 Jan 2021 20:00:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DF4MH598Vz4mgr; Mon, 11 Jan 2021 20:00:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A3FAA20358; Mon, 11 Jan 2021 20:00:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 10BK0hsD073031; Mon, 11 Jan 2021 20:00:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 10BK0hNn073030; Mon, 11 Jan 2021 20:00:43 GMT (envelope-from git) Date: Mon, 11 Jan 2021 20:00:43 GMT Message-Id: <202101112000.10BK0hNn073030@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Alexander V. Chernikov" Subject: git: 0da3f8c98d17 - main - Bump amount of queued packets in for unresolved ARP/NDP entries to 16. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: melifaro X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0da3f8c98d17d9c6e67d0f6cf45085df6a5ef041 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jan 2021 20:00:43 -0000 The branch main has been updated by melifaro: URL: https://cgit.FreeBSD.org/src/commit/?id=0da3f8c98d17d9c6e67d0f6cf45085df6a5ef041 commit 0da3f8c98d17d9c6e67d0f6cf45085df6a5ef041 Author: Alexander V. Chernikov AuthorDate: 2021-01-11 19:50:21 +0000 Commit: Alexander V. Chernikov CommitDate: 2021-01-11 19:51:11 +0000 Bump amount of queued packets in for unresolved ARP/NDP entries to 16. Currently default behaviour is to keep only 1 packet per unresolved entry. Ability to queue more than one packet was added 10 years ago, in r215207, though the default value was kep intact. Things have changed since that time. Systems tend to initiate multiple connections at once for a variety of reasons. For example, recent kern/252278 bug report describe happy-eyeball DNS behaviour sending multiple requests to the DNS server. The primary driver for upper value for the queue length determination is memory consumption. Remote actors should not be able to easily exhaust local memory by sending packets to unresolved arp/ND entries. For now, bump value to 16 packets, to match Darwin implementation. The proper approach would be to switch the limit to calculate memory consumption instead of packet count and limit based on memory. We should MFC this with a variation of D22447. Reviewers: #manpages, #network, bz, emaste Reviewed By: emaste, gbe(doc), jilles(doc) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D28068 --- sys/netinet/if_ether.c | 2 +- sys/netinet6/nd6.c | 2 +- usr.sbin/arp/arp.4 | 25 +++++++------------------ 3 files changed, 9 insertions(+), 20 deletions(-) diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index 972701369d13..e09ad3d47382 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -114,7 +114,7 @@ VNET_PCPUSTAT_SYSINIT(arpstat); VNET_PCPUSTAT_SYSUNINIT(arpstat); #endif /* VIMAGE */ -VNET_DEFINE_STATIC(int, arp_maxhold) = 1; +VNET_DEFINE_STATIC(int, arp_maxhold) = 16; #define V_arpt_keep VNET(arpt_keep) #define V_arpt_down VNET(arpt_down) diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index 5b66375e6613..386eb7cca922 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -106,7 +106,7 @@ VNET_DEFINE_STATIC(int, nd6_maxndopt) = 10; /* max # of ND options allowed */ VNET_DEFINE(int, nd6_maxnudhint) = 0; /* max # of subsequent upper * layer hints */ -VNET_DEFINE_STATIC(int, nd6_maxqueuelen) = 1; /* max pkts cached in unresolved +VNET_DEFINE_STATIC(int, nd6_maxqueuelen) = 16; /* max pkts cached in unresolved * ND entries */ #define V_nd6_maxndopt VNET(nd6_maxndopt) #define V_nd6_maxqueuelen VNET(nd6_maxqueuelen) diff --git a/usr.sbin/arp/arp.4 b/usr.sbin/arp/arp.4 index f13af95778a8..c9c9002cf908 100644 --- a/usr.sbin/arp/arp.4 +++ b/usr.sbin/arp/arp.4 @@ -40,9 +40,7 @@ The Address Resolution Protocol (ARP) is used to dynamically map between Protocol Addresses (such as IP addresses) and Local Network Addresses (such as Ethernet addresses). -This implementation maps IP addresses to Ethernet, -ARCnet, -or Token Ring addresses. +This implementation maps IP addresses to Ethernet addresses. It is used by all the Ethernet interface drivers. .Pp ARP caches Internet-Ethernet address mappings. @@ -51,9 +49,10 @@ ARP queues the message which requires the mapping and broadcasts a message on the associated network requesting the address mapping. If a response is provided, the new mapping is cached and any pending message is transmitted. -ARP will queue at most one packet while waiting for a response to a -mapping request; -only the most recently ``transmitted'' packet is kept. +ARP will queue at most +.Va net.link.ether.inet.maxhold +packets while waiting for a response to a mapping request; +only the most recently ``transmitted'' packets are kept. If the target host does not respond after several requests, the host is considered to be down allowing an error to be returned to transmission attempts. @@ -65,17 +64,7 @@ for a non-responding destination host, and .Er EHOSTUNREACH for a non-responding router. .Pp -The ARP cache is stored in the system routing table as -dynamically-created host routes. -The route to a directly-attached Ethernet network is installed as a -.Dq cloning -route (one with the -.Li RTF_CLONING -flag set), -causing routes to individual hosts on that network to be created on -demand. -These routes time out periodically (normally 20 minutes after validated; -entries are not validated when not in use). +The ARP cache is stored in per-interface link-level table. .Pp ARP entries may be added, deleted or changed with the .Xr arp 8 @@ -173,7 +162,7 @@ Default is 1200 seconds. .It Va maxhold How many packets to hold in the per-entry output queue while the entry is being resolved. -Default is one packet. +Default is 16 packets. .It Va maxtries Number of retransmits before a host is considered down and an error is returned.