Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3814837imw; Mon, 11 Jul 2022 16:52:50 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tjPRQJJHODGlnK5545h6KuSf1xoF8kTITX1fqVgAqxVcO9oswyIfoHU7bQ5JpJZrCqcJ2F X-Received: by 2002:a05:6402:40c2:b0:43a:b4c9:f7e9 with SMTP id z2-20020a05640240c200b0043ab4c9f7e9mr23721785edb.95.1657583570546; Mon, 11 Jul 2022 16:52:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657583570; cv=none; d=google.com; s=arc-20160816; b=d3PToG1I8kCBa12q8IPGfHvlxFACgGLq65Qu3SHeqZ/wgiqJEHkQqqPfLTvLfKLVQ8 lrOv1OgEbbrMKpbNJxZC/3/wQx3gkbQ+ZeUmrpnIqCoXoCc7BIlT5iRHgncZ2ZuCWw1o 7+2b4IQuHrTdpDBb6XLNckv0HALaesZTn+xgDnxW+iZTGTn33DlMBYuAwdg4ASd4UXA0 OPPPsYo/P9UVA9aRrJwy0N+FWJSYpDit2ft6yBOOxnwTdZyUvyXBT0p4DZ4iyhrXGLvb oJYeE/rJk1yqlTMDNMRqYD4aI+mN5P0hjbYegZ6DJQq3r0t/t+Zcovp96H6RbM/vsdCL C0EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=huQyBNaLi+rnS6hPpdKZkF89bhus7inuhiN+hMoHvBQ=; b=L1nhxcVtTyAvGOUrRKz+HEVVlV/pP7u2xubPtLYuZIfWwyX86VUjnfPVtfGqDNpZ0X evN6Sl/ELJYd/KXz1Nbgst+1QCpw8QeonwTx00ZsI9XF788XrhuyrGXpRxObL36F8fY8 M+1/6ItzERQIKwiKoi7kA8cBj2hi7ougFA/A5N+Yy09EN67GiDaqSo5XSV0ZC6A5xL8S obDyLsGKLMh2wkb6OiTULCZyashRYZAARGJcp8YqYcOTEAV/QbQeNcsHwo9E5BYuykNX IjgnmW8EJr2itFSigDfVVzrc478dvp6TrxNyUShy9R5ZVswTkBWnb0QA9KoLZBaEn7vb YhMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="jxY/JP45"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o22-20020a170906975600b0072636d040c2si12916102ejy.104.2022.07.11.16.52.26; Mon, 11 Jul 2022 16:52:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="jxY/JP45"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231216AbiGKXmP (ORCPT + 99 others); Mon, 11 Jul 2022 19:42:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56310 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229500AbiGKXmO (ORCPT ); Mon, 11 Jul 2022 19:42:14 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C5BF2B63D; Mon, 11 Jul 2022 16:42:13 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id e15so8109683edj.2; Mon, 11 Jul 2022 16:42:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=huQyBNaLi+rnS6hPpdKZkF89bhus7inuhiN+hMoHvBQ=; b=jxY/JP45BhlQP3lBMxyWEQEllqy3vEWLHl/BHPMe7fWuTRohdf6wV789EFvMz8fIFr CRRkuLci2+pUc1YhdDkQpTcyq6peF74XMedvlpbdpcvsWr7+z/+jygiQr3RjHWm27LA6 42gGkliM2JwIpigwsynlfwwKIoqGX8Bslj1o5eWyO3ZttFFInnLvQSAvykjwkdf1COiJ uCAGKU7gQc6zag4a6Gwz+kwAtyG1YC4Ji+JZ54CB8TAYXp6E1IjSWuQm3zes/NqQyBea FuwNwGreba8kf1KzXqn8p6UK3xA/LBhvxQAAUF07dbtH/0vqlCyuxNjM6OnNfE/TvZ14 ZLWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=huQyBNaLi+rnS6hPpdKZkF89bhus7inuhiN+hMoHvBQ=; b=N/hVbHi51dWlhIS/snYAYOCsqELy1Z9yQIRmbDyH7R+HcF/hr30C4GwrB4pBB8naj3 /LC3e6zqkVUeDnkM28ToSO5TaLQilW/0KA/26S/l/U8DBto36O2vfvW0rAQlNjbdoru+ I7zpQ6FG3/Kwc6up0OQKg/H9h2rjySw72mZIcAzGskujgq3NnMknwc9xujxAcD5Ln724 4ZqlPMSpsDemQsyyiwjl5zkZO99Yi2Yq2k1BjJwZAacClTSi7K1kZ+uf82d/auoIx8XJ AOhpOmpYUasHblkxl3vmVmk0JG3CzbOAWPT49ETJlp9bWVV5bk8E6YNV2KZE8eB51+dD 4Luw== X-Gm-Message-State: AJIora+EccIhob835XgfNt508SpYk58aPWBz+uGwV8mq1JpQhERjbiwu KVsn9peSUFU02DJAuTPealxqV7/MjFXq4fmePwN57C0Le6WqfD3nwfw= X-Received: by 2002:a05:6402:5cb:b0:434:eb48:754f with SMTP id n11-20020a05640205cb00b00434eb48754fmr28441808edx.421.1657582931539; Mon, 11 Jul 2022 16:42:11 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jaehee Date: Mon, 11 Jul 2022 16:42:06 -0700 Message-ID: Subject: Re: [PATCH net-next 0/3] net: ipv4/ipv6: new option to accept garp/untracked na only if in-network To: netdev@vger.kernel.org Cc: "David S. Miller" , yoshfuji@linux-ipv6.org, dsahern@kernel.org, edumazet@google.com, Jakub Kicinski , Paolo Abeni , shuah@kernel.org, linux-kernel@vger.kernel.org, aajith@arista.com, Roopa Prabhu , Andy Roulin , Stefano Brivio Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 11, 2022 at 10:51 AM Jaehee Park wrote: > > The first patch adds an option to learn a neighbor from garp only if > the src ip is in the same subnet of addresses configured on the > interface. The option has been added to arp_accept in ipv4. > > The same feature has been added to ndisc (patch 2). For ipv6, the > subnet filtering knob is an extension of the accept_untracked_na > option introduced in these patches: > https://lore.kernel.org/all/642672cb-8b11-c78f-8975-f287ece9e89e@gmail.com/t/ > https://lore.kernel.org/netdev/20220530101414.65439-1-aajith@arista.com/T/ > > The third patch contains selftests for testing the different options > for accepting arp and neighbor advertisements. > > Jaehee Park (3): > net: ipv4: new arp_accept option to accept garp only if in-network > net: ipv6: new accept_untracked_na option to accept na only if > in-network > selftests: net: arp_ndisc_untracked_subnets: test for arp_accept and > accept_untracked_na > > Documentation/networking/ip-sysctl.rst | 48 +-- > include/linux/inetdevice.h | 2 +- > net/ipv4/arp.c | 24 +- > net/ipv6/addrconf.c | 2 +- > net/ipv6/ndisc.c | 29 +- > tools/testing/selftests/net/Makefile | 1 + > .../net/arp_ndisc_untracked_subnets.sh | 281 ++++++++++++++++++ > 7 files changed, 360 insertions(+), 27 deletions(-) > create mode 100755 tools/testing/selftests/net/arp_ndisc_untracked_subnets.sh > > -- > 2.30.2 > I forgot a few cleanups. I will post a v2 soon. Sorry about that! Thanks, Jaehee