Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1328785pxu; Mon, 23 Nov 2020 18:45:12 -0800 (PST) X-Google-Smtp-Source: ABdhPJzwdlqMLvg8fbMWtgM4MwWvn+s2wVnPN/h+qFHests56SfJ4iUD0eYoLvKAbP+gRjHOJFqW X-Received: by 2002:a17:906:1b01:: with SMTP id o1mr2317554ejg.334.1606185912368; Mon, 23 Nov 2020 18:45:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606185912; cv=none; d=google.com; s=arc-20160816; b=xNLeoOkAssta6ntgydy1d+ihfpqFEEZuV9mnwGmxHNutPfQ2SBoOiVo9p5TwBSWGI5 zfM7wlvsMbul0wG+M/Rv2hTkb3wbuxjxf6UXz8kJCGHDqskTlaoZwfickKLNS9INwahz RU6E7utL6Eq7f5UKRTGNE8WtCBZ9esGdKcYue7+5pzT0/Zx42BADjHHB9O11PzY5X7uI 4F/jiD30DkXLZJ1XvR9fEeIL1fOk0Zn4X4u3hNHOk5VM+vmug//p5mJkaYhzhuiPL2L2 BKhmboL9d9ljaMZehgm3Cc6/6ekxRtSwycBFhBqp5E5iqG2XU3zLgKqBtVLvsOYJJViW Kz2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KuCv8Ozrrk8cNKQ05OWKM//5uaKXYMOnQy2l7wJHZcU=; b=COiUoTCYZP0AS3Ja7AjOMDbYpvz7D/VszjBE3gcNz9YkN5UcK6EKDlvHEEP2z1+M+o 7vx0DwKfUe0aZjJ3nYhlNc62swYa/Hm6pEP0PH/gNwyRIWm8pe+XwJyVthGpyeZFA//T h+5UNmUw8dO4/K4MPxSCbPj96CJdnfY0rXEVmWFW/Wjr0uMAek8e3bwG6+iZQ9XJOK2a ucmAe03kwLKNk6fVhUA+czZ8R2vF99xcujiivDI6DOjLGl3t3cUc4ObK7OE4TrxUh3/P GLY0R1vT/eQK4cdLGHq8uumI13H3bMQV3jiLQ5uBgxCL2wsxXXBqXwGNERK+P1/Mpf2p kchA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=H+bw+cai; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n19si8030884edv.187.2020.11.23.18.44.49; Mon, 23 Nov 2020 18:45:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=H+bw+cai; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389048AbgKWNX7 (ORCPT + 99 others); Mon, 23 Nov 2020 08:23:59 -0500 Received: from mail.kernel.org ([198.145.29.99]:46454 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731406AbgKWMek (ORCPT ); Mon, 23 Nov 2020 07:34:40 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B6B7F2065E; Mon, 23 Nov 2020 12:34:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1606134878; bh=PNofzJqDA0dtMHEGKWWJ9dyTQzFrM7e/h705iNEd7P4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=H+bw+caiK+AnuqCQwfDhz38mYdN1wr3DElJbraDUo3Wu4ofOHvRDhfogjAcjr6++n APuDr/Z9V7CdVLeNeSU8iNZzIYoOLdl1O+X1RZSzTLMH4wsELV67P+fyxffmQeD71B 1C6r4uUf+6yGEEdd16cl0XwPopXvr4pbFdlOmKQA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jeff Dike , David Ahern , Jakub Kicinski Subject: [PATCH 5.4 005/158] Exempt multicast addresses from five-second neighbor lifetime Date: Mon, 23 Nov 2020 13:20:33 +0100 Message-Id: <20201123121820.202813756@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201123121819.943135899@linuxfoundation.org> References: <20201123121819.943135899@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jeff Dike [ Upstream commit 8cf8821e15cd553339a5b48ee555a0439c2b2742 ] Commit 58956317c8de ("neighbor: Improve garbage collection") guarantees neighbour table entries a five-second lifetime. Processes which make heavy use of multicast can fill the neighour table with multicast addresses in five seconds. At that point, neighbour entries can't be GC-ed because they aren't five seconds old yet, the kernel log starts to fill up with "neighbor table overflow!" messages, and sends start to fail. This patch allows multicast addresses to be thrown out before they've lived out their five seconds. This makes room for non-multicast addresses and makes messages to all addresses more reliable in these circumstances. Fixes: 58956317c8de ("neighbor: Improve garbage collection") Signed-off-by: Jeff Dike Reviewed-by: David Ahern Link: https://lore.kernel.org/r/20201113015815.31397-1-jdike@akamai.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- include/net/neighbour.h | 1 + net/core/neighbour.c | 2 ++ net/ipv4/arp.c | 6 ++++++ net/ipv6/ndisc.c | 7 +++++++ 4 files changed, 16 insertions(+) --- a/include/net/neighbour.h +++ b/include/net/neighbour.h @@ -204,6 +204,7 @@ struct neigh_table { int (*pconstructor)(struct pneigh_entry *); void (*pdestructor)(struct pneigh_entry *); void (*proxy_redo)(struct sk_buff *skb); + int (*is_multicast)(const void *pkey); bool (*allow_add)(const struct net_device *dev, struct netlink_ext_ack *extack); char *id; --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -235,6 +235,8 @@ static int neigh_forced_gc(struct neigh_ write_lock(&n->lock); if ((n->nud_state == NUD_FAILED) || + (tbl->is_multicast && + tbl->is_multicast(n->primary_key)) || time_after(tref, n->updated)) remove = true; write_unlock(&n->lock); --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -125,6 +125,7 @@ static int arp_constructor(struct neighb static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb); static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb); static void parp_redo(struct sk_buff *skb); +static int arp_is_multicast(const void *pkey); static const struct neigh_ops arp_generic_ops = { .family = AF_INET, @@ -156,6 +157,7 @@ struct neigh_table arp_tbl = { .key_eq = arp_key_eq, .constructor = arp_constructor, .proxy_redo = parp_redo, + .is_multicast = arp_is_multicast, .id = "arp_cache", .parms = { .tbl = &arp_tbl, @@ -928,6 +930,10 @@ static void parp_redo(struct sk_buff *sk arp_process(dev_net(skb->dev), NULL, skb); } +static int arp_is_multicast(const void *pkey) +{ + return ipv4_is_multicast(*((__be32 *)pkey)); +} /* * Receive an arp request from the device layer. --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -81,6 +81,7 @@ static void ndisc_error_report(struct ne static int pndisc_constructor(struct pneigh_entry *n); static void pndisc_destructor(struct pneigh_entry *n); static void pndisc_redo(struct sk_buff *skb); +static int ndisc_is_multicast(const void *pkey); static const struct neigh_ops ndisc_generic_ops = { .family = AF_INET6, @@ -115,6 +116,7 @@ struct neigh_table nd_tbl = { .pconstructor = pndisc_constructor, .pdestructor = pndisc_destructor, .proxy_redo = pndisc_redo, + .is_multicast = ndisc_is_multicast, .allow_add = ndisc_allow_add, .id = "ndisc_cache", .parms = { @@ -1705,6 +1707,11 @@ static void pndisc_redo(struct sk_buff * kfree_skb(skb); } +static int ndisc_is_multicast(const void *pkey) +{ + return ipv6_addr_is_multicast((struct in6_addr *)pkey); +} + static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb) { struct inet6_dev *idev = __in6_dev_get(skb->dev);