Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3086224imw; Mon, 18 Jul 2022 01:41:03 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sEfiEQGGfHiOX8tye+Cz7xt0u0DxEBQZwbKqYRx7IJixl5eAiNUUZIoPKGfjb1zf0PprL0 X-Received: by 2002:a17:907:7b95:b0:6f4:ff03:981a with SMTP id ne21-20020a1709077b9500b006f4ff03981amr25093458ejc.653.1658133663535; Mon, 18 Jul 2022 01:41:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658133663; cv=none; d=google.com; s=arc-20160816; b=Q2pAoc97Gs9NPD4Y3O5+NP19NRRbNbzaDpnFJRnRtaaVxFuIEImCc5MWc585s3crSs Y6SQeoxgRtP7qWJ4gmxSVukxY2GoUTxQqwtDslhcbFfzy8Gzz8NjZ6+O66Wh+McJssaw 2tgjlTZkYtdKiYIItKq/u7a8ZBmZyYD2a75e4zoX/3p/yflTX8aJ5xIfzLJiw9vmYlOP CTjnAvN9wWGN8GD1yN3yBj/jqk+obhQxNx1MixbnApN0+sMTOrgDlQI/k5vpq3aB0Gtb F0/CRcDhJ+Idprg3V+WywXjgHBb9QJP4HxUeAYDePqheUNY0Za15ZHx+ppAuq+Ld4R1x QiSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :organization:from:references:cc:to:content-language:subject :reply-to:user-agent:mime-version:date:message-id:dkim-signature; bh=P3caFHY/AQzs5BO83S5M5JAahAivvQwwjdxW9ETjPso=; b=XSfXqiNrfcmjXJLaN5a2EyiGEgt+vyzqADs/PfQT+P7kkmydtpSOQGWfv2JuBCRgZS LVwYqtUilb0Tl+xJLEy1UwtdxqRpWdbw2aNFh3NFu0LVzAFosxTEmWs89etS2IN0Chex CkrPd2qzfrfpNZj8SMo9ZXD+wZ3k5y/uYy2ECFIy7LHvVDlOF0OD5B3TRisgbYcEad5/ Qq5SmKhfVd+sCmJwRLZg26OwCkiGLb8n5LbTgPubpdZdVUDRT+yW6kqrYz8kACok59xA uUbHtPlEzX5F6+QpbVBBIexi9ZD0x5U7XlOgi+HsmwZJPMJCl9nhzl5LcaBPdff/uncC BgUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@6wind.com header.s=google header.b=c1gqFmei; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=6wind.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i2-20020a50d742000000b0043a41067d41si15641339edj.274.2022.07.18.01.40.38; Mon, 18 Jul 2022 01:41:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@6wind.com header.s=google header.b=c1gqFmei; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=6wind.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233478AbiGRIgD (ORCPT + 99 others); Mon, 18 Jul 2022 04:36:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41946 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232852AbiGRIf7 (ORCPT ); Mon, 18 Jul 2022 04:35:59 -0400 Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BDFA2DF36 for ; Mon, 18 Jul 2022 01:35:57 -0700 (PDT) Received: by mail-wr1-x435.google.com with SMTP id a5so15928201wrx.12 for ; Mon, 18 Jul 2022 01:35:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind.com; s=google; h=message-id:date:mime-version:user-agent:reply-to:subject :content-language:to:cc:references:from:organization:in-reply-to :content-transfer-encoding; bh=P3caFHY/AQzs5BO83S5M5JAahAivvQwwjdxW9ETjPso=; b=c1gqFmeiSJxeyYwyGaYT01eKgOKge3crMM+Iug/PbsGgFyaV75muyKgPaCLRG5yuHD lAO4Va7DQHQZCspzgdCn9A/do9wpBi0NCG9As1nSPVgBFqN3LMfJscMGd1AbY9Y2HjCo Tur7H4li1TfcQBSouSSqpepsM2XkKvIBqoW1Km1gWjwnWnSe+RAUGAAAMaY3j3LNVyRc H2r+gcNOzH1mWw/Eg508NlxtQGSEACNWHIYrTPymgvwkOa9THvOaB2qfRrdCYu6Idk4T f9IIOPnn4h2T36J/nZRGg3QNLuTDlMnBNxQy2rrclgJGwGsOUX2aFy1NbCk1KhieUEfj y4iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:reply-to :subject:content-language:to:cc:references:from:organization :in-reply-to:content-transfer-encoding; bh=P3caFHY/AQzs5BO83S5M5JAahAivvQwwjdxW9ETjPso=; b=bDnKOrBV5b1xU/PakVZcuEVRl34sDOMmsYXEPvM/+d3rt8Pd4ivDqHT1f2N6ciYczm FYFaO+pnOZmy8d50wqS9ULZ9GjaJ8Bz/hZ7pufDwYyfyBLHCTme3QxAWNv914H1ty1cz y5exkzSA7PvX0+TcuQ+iD5OK3H7gfFaBIzRrhiULJWzqIRp6eIPkC2w+p8fpn/OyN2u9 fNnUitzqJTg36/DUidrdN65ZJuaP0JxW7zEMOWmMyjpJGeWXV17ps0Zxcchw2N+eD6uW v2TsT9CijgTi3qsDyhTFAm8I6zJe6CFZdcBk9eXeJsG/j1lpEBps+co9YYwJmUmbjI+u KW3w== X-Gm-Message-State: AJIora/ci8TQGZWyhKwEGECexFgI9TQLbGi/jhzOjf8d3egSw5D4OJd4 TlxuMzjE6Mygn1+RjanDJVq4Ug== X-Received: by 2002:a05:6000:25a:b0:21d:727b:5017 with SMTP id m26-20020a056000025a00b0021d727b5017mr21464678wrz.184.1658133356325; Mon, 18 Jul 2022 01:35:56 -0700 (PDT) Received: from ?IPV6:2a01:e0a:b41:c160:d436:f98:472e:dac? ([2a01:e0a:b41:c160:d436:f98:472e:dac]) by smtp.gmail.com with ESMTPSA id e5-20020adfe385000000b0021d9630d50dsm10107617wrm.42.2022.07.18.01.35.55 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 18 Jul 2022 01:35:55 -0700 (PDT) Message-ID: Date: Mon, 18 Jul 2022 10:35:55 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Reply-To: nicolas.dichtel@6wind.com Subject: Re: [PATCH v3 net-next 2/3] net: ipv6: new accept_untracked_na option to accept na only if in-network Content-Language: en-US To: Jaehee Park , netdev@vger.kernel.org Cc: davem@davemloft.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org, dsahern@gmail.com, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, shuah@kernel.org, linux-kernel@vger.kernel.org, aajith@arista.com, roopa@nvidia.com, roopa.prabhu@gmail.com, aroulin@nvidia.com, sbrivio@redhat.com References: <56d57be31141c12e9034cfa7570f2012528ca884.1657755189.git.jhpark1013@gmail.com> From: Nicolas Dichtel Organization: 6WIND In-Reply-To: <56d57be31141c12e9034cfa7570f2012528ca884.1657755189.git.jhpark1013@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 14/07/2022 à 01:40, Jaehee Park a écrit : > This patch adds a third knob, '2', which extends the > accept_untracked_na option to learn a neighbor only if the src ip is > in the same subnet as an address configured on the interface that > received the neighbor advertisement. This is similar to the arp_accept > configuration for ipv4. > > Signed-off-by: Jaehee Park > Suggested-by: Roopa Prabhu > --- > Documentation/networking/ip-sysctl.rst | 51 +++++++++++++++----------- > net/ipv6/addrconf.c | 2 +- > net/ipv6/ndisc.c | 29 ++++++++++++--- > 3 files changed, 55 insertions(+), 27 deletions(-) > > diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst > index 5c017fc1e24d..722ec4f491db 100644 > --- a/Documentation/networking/ip-sysctl.rst > +++ b/Documentation/networking/ip-sysctl.rst > @@ -2483,27 +2483,36 @@ drop_unsolicited_na - BOOLEAN > > By default this is turned off. > > -accept_untracked_na - BOOLEAN > - Add a new neighbour cache entry in STALE state for routers on receiving a > - neighbour advertisement (either solicited or unsolicited) with target > - link-layer address option specified if no neighbour entry is already > - present for the advertised IPv6 address. Without this knob, NAs received > - for untracked addresses (absent in neighbour cache) are silently ignored. > - > - This is as per router-side behaviour documented in RFC9131. > - > - This has lower precedence than drop_unsolicited_na. > - > - This will optimize the return path for the initial off-link communication > - that is initiated by a directly connected host, by ensuring that > - the first-hop router which turns on this setting doesn't have to > - buffer the initial return packets to do neighbour-solicitation. > - The prerequisite is that the host is configured to send > - unsolicited neighbour advertisements on interface bringup. > - This setting should be used in conjunction with the ndisc_notify setting > - on the host to satisfy this prerequisite. > - > - By default this is turned off. > +accept_untracked_na - INTEGER > + Define behavior for accepting neighbor advertisements from devices that > + are absent in the neighbor cache: > + > + - 0 - (default) Do not accept unsolicited and untracked neighbor > + advertisements. > + > + - 1 - Add a new neighbor cache entry in STALE state for routers on > + receiving a neighbor advertisement (either solicited or unsolicited) > + with target link-layer address option specified if no neighbor entry > + is already present for the advertised IPv6 address. Without this knob, > + NAs received for untracked addresses (absent in neighbor cache) are > + silently ignored. > + > + This is as per router-side behavior documented in RFC9131. > + > + This has lower precedence than drop_unsolicited_na. > + > + This will optimize the return path for the initial off-link > + communication that is initiated by a directly connected host, by > + ensuring that the first-hop router which turns on this setting doesn't > + have to buffer the initial return packets to do neighbor-solicitation. > + The prerequisite is that the host is configured to send unsolicited > + neighbor advertisements on interface bringup. This setting should be > + used in conjunction with the ndisc_notify setting on the host to > + satisfy this prerequisite. > + > + - 2 - Extend option (1) to add a new neighbor cache entry only if the > + source IP address is in the same subnet as an address configured on > + the interface that received the neighbor advertisement. > > enhanced_dad - BOOLEAN > Include a nonce option in the IPv6 neighbor solicitation messages used for > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > index 88becb037eb6..6ed807b6c647 100644 > --- a/net/ipv6/addrconf.c > +++ b/net/ipv6/addrconf.c > @@ -7042,7 +7042,7 @@ static const struct ctl_table addrconf_sysctl[] = { > .data = &ipv6_devconf.accept_untracked_na, > .maxlen = sizeof(int), > .mode = 0644, > - .proc_handler = proc_dointvec_minmax, > + .proc_handler = proc_dointvec, > .extra1 = (void *)SYSCTL_ZERO, > .extra2 = (void *)SYSCTL_ONE, Maybe keeping proc_dointvec_minmax with SYSCTL_TWO for extra2 is better to avoid accepting all values. It enables to add another value later. Regards, Nicolas