Date: Tue, 31 May 2022 20:56:59 +0100 From: "Alexander V. Chernikov" <melifaro@ipfw.ru> To: Kristof Provost <kp@FreeBSD.org> Cc: "Alexander V. Chernikov" <melifaro@FreeBSD.org>, "src-committers@freebsd.org" <src-committers@FreeBSD.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@FreeBSD.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@FreeBSD.org> Subject: Re: git: d6cd20cc5c47 - main - netinet6: fix ndp proxying Message-ID: <D4C3E332-D017-4A0A-8D7E-55BF37F9585C@ipfw.ru> In-Reply-To: <9BB758A5-D0C4-476E-ACD4-A27C98276F7B@FreeBSD.org> References: <202205301054.24UAs4m6066923@gitrepo.freebsd.org> <9BB758A5-D0C4-476E-ACD4-A27C98276F7B@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 31 May 2022, at 20:34, Kristof Provost <kp@FreeBSD.org> wrote: >=20 > On 30 May 2022, at 12:54, Alexander V. Chernikov wrote: >> The branch main has been updated by melifaro: >>=20 >> URL: = https://cgit.FreeBSD.org/src/commit/?id=3Dd6cd20cc5c475e8bbf257ac1474ff490= ae4dcab6 >>=20 >> commit d6cd20cc5c475e8bbf257ac1474ff490ae4dcab6 >> Author: KUROSAWA Takahiro <takahiro.kurosawa@gmail.com> >> AuthorDate: 2022-05-30 07:51:15 +0000 >> Commit: Alexander V. Chernikov <melifaro@FreeBSD.org> >> CommitDate: 2022-05-30 10:53:33 +0000 >>=20 >> netinet6: fix ndp proxying >>=20 >> We could insert proxy NDP entries by the ndp command, but the host >> with proxy ndp entries had not responded to Neighbor = Solicitations. >> Change the following points for proxy NDP to work as expected: >> * join solicited-node multicast addresses for proxy NDP entries >> in order to receive Neighbor Solicitations. >> * look up proxy NDP entries not on the routing table but on the >> link-level address table when receiving Neighbor Solicitations. >>=20 >> Reviewed By: melifaro >> Differential Revision: https://reviews.freebsd.org/D35307 >> MFC after: 2 weeks >> --- >> sys/net/if.c | 10 ++ >> sys/net/if_llatbl.c | 48 +++++++++ >> sys/net/if_llatbl.h | 12 ++- >> sys/netinet6/in6.c | 111 ++++++++++++++++++-- >> sys/netinet6/in6_var.h | 2 + >> sys/netinet6/nd6_nbr.c | 57 ++++++----- >> tests/sys/netinet6/Makefile | 3 +- >> tests/sys/netinet6/proxy_ndp.sh | 222 = ++++++++++++++++++++++++++++++++++++++++ >> 8 files changed, 425 insertions(+), 40 deletions(-) >>=20 >=20 >> diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c >> index a39f7734e0ba..857e05c0f112 100644 >> --- a/sys/netinet6/in6.c >> +++ b/sys/netinet6/in6.c >=20 >> @@ -2621,3 +2643,72 @@ in6_sin_2_v4mapsin6_in_sock(struct sockaddr = **nam) >> free(*nam, M_SONAME); >> *nam =3D (struct sockaddr *)sin6_p; >> } >> + >> +/* >> + * Join/leave the solicited multicast groups for proxy NDP entries. >> + */ >> +static void >> +in6_join_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr *dst) >> +{ >> + struct in6_multi *inm; >> + struct in6_addr mltaddr; >> + char ip6buf[INET6_ADDRSTRLEN]; >> + int error; >> + >> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) !=3D 0) >> + return; /* error logged in in6_solicited_node_maddr. */ >> + >> + error =3D in6_joingroup(ifp, &mltaddr, NULL, &inm, 0); >> + if (error !=3D 0) { >> + nd6log((LOG_WARNING, >> + "%s: in6_joingroup failed for %s on %s = (errno=3D%d)\n", >> + __func__, ip6_sprintf(ip6buf, &mltaddr), = if_name(ifp), >> + error)); >> + } >> +} >> + >> +static void >> +in6_leave_proxy_ndp_mc(struct ifnet *ifp, const struct in6_addr = *dst) >> +{ >> + struct epoch_tracker et; >> + struct in6_multi *inm; >> + struct in6_addr mltaddr; >> + char ip6buf[INET6_ADDRSTRLEN]; >> + >> + if (in6_solicited_node_maddr(&mltaddr, ifp, dst) !=3D 0) >> + return; /* error logged in in6_solicited_node_maddr. */ >> + >> + NET_EPOCH_ENTER(et); >> + inm =3D in6m_lookup(ifp, &mltaddr); >> + NET_EPOCH_EXIT(et); >> + if (inm !=3D NULL) >> + in6_leavegroup(inm, NULL); >> + else >> + nd6log((LOG_WARNING, "%s: in6m_lookup failed for %s on = %s\n", >> + __func__, ip6_sprintf(ip6buf, &mltaddr), = if_name(ifp))); >> +} >> + >> +static bool >> +in6_lle_match_pub(struct lltable *llt, struct llentry *lle, void = *farg) >> +{ >> + return ((lle->la_flags & LLE_PUB) !=3D 0); >> +} >> + >> +void >> +in6_purge_proxy_ndp(struct ifnet *ifp) >> +{ >> + struct lltable *llt; >> + bool need_purge; >> + >> + llt =3D LLTABLE6(ifp); >=20 > This panics here when I kldunload pfsync. > This fixes it for me: https://reviews.freebsd.org/D35374 Yep, I kinda forget the fact that not everything is IPv6-enabled (and = some interfaces don=E2=80=99t require NDP at all). Thank you for the fix! >=20 > Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D4C3E332-D017-4A0A-8D7E-55BF37F9585C>