Add support for NDA_FLAGS_EXT neighboring attribute #707
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This allows to set NTF_EXT_MANAGED neighbor flag for managed neighbor
entries as per kernel commit 7482e3841d52 ("net, neigh: Add NTF_MANAGED
flag for managed neighbor entries"). The flag then indicates to the
kernel that the neighbor entry should be periodically probed for keeping
the entry in NUD_REACHABLE state iff possible.
Signed-off-by: Daniel Borkmann <[email protected]>
tklauser
approved these changes
Oct 26, 2021
There was a problem hiding this comment.
LGTM, thanks @borkmann
Note for maintainers/reviewers: the respective kernel change is currently only available in the net-next tree and will be available in Linus' tree once the merge window opens (expected next weekend).
/cc @aboch @vishvananda
borkmann
added a commit
to cilium/cilium
that referenced
this pull request
Oct 26, 2021
For the neighboring subsystem, we need the NTF_EXT_MANAGED flag for newer kernels. While we wait for those patches to land upstream, temporarily point at cilium/netlink with included patches. The following was used for importing cilium/netlink: go mod edit -replace github.com/vishvananda/netlink=github.com/cilium/netlink@master go mod tidy go mod vendor git add vendor/ go.mod go.sum && git commit -sa Related: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=7482e3841d520a368426ac196720601687e2dc47 Related: vishvananda/netlink#707 Signed-off-by: Daniel Borkmann <[email protected]>
The condition to demand a lladdress for neigh.Flags != NTF_PROXY is just buggy, since there are various other flags such as NTF_USE, NTF_EXT_MANAGED, etc where this is not required. Besides, the kernel handles this internally anyway if it demands a NDA_LLADDR attribute. Simply get rid of the NTF_PROXY flag/condition since it's wrong. Fixes: d710fba ("Add proxy support to the neighbor functions (vishvananda#149)") Signed-off-by: Daniel Borkmann <[email protected]>
borkmann
added a commit
to cilium/cilium
that referenced
this pull request
Oct 29, 2021
For the neighboring subsystem, we need the NTF_EXT_MANAGED flag for newer kernels. Additionally, the netlink library is broken with regards to pushing nil lladdresses into the kernel. While we wait for those two patches to land upstream, temporarily point at cilium/netlink with included patches. The following was used for importing cilium/netlink: go mod edit -replace github.com/vishvananda/netlink=github.com/cilium/netlink@master go mod tidy go mod vendor git add vendor/ go.mod go.sum && git commit -sa Related: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=7482e3841d520a368426ac196720601687e2dc47 Related: vishvananda/netlink#707 Signed-off-by: Daniel Borkmann <[email protected]>
|
@tklauser Just fyi, I've added another bug fix in here, mainly that neigh.HardwareAddr handling is buggy right now. It adds it even if nil but flags other than NTF_PROXY are set. The latter conditional should just be removed since incorrect, and let the kernel handle argument sanity checking. ( By the way, corresponding iproute2 changes were merged recently: https://lore.kernel.org/netdev/[email protected]/ ) |
borkmann
added a commit
to cilium/cilium
that referenced
this pull request
Nov 2, 2021
For the neighboring subsystem, we need the NTF_EXT_MANAGED flag for newer kernels. Additionally, the netlink library is broken with regards to pushing nil lladdresses into the kernel. We addressed both recently in vishvananda/netlink. While we were waiting for those two patches to land upstream, we temporarily used cilium/netlink with included patches. The following was used for importing cilium/netlink instead: go mod edit -replace github.com/vishvananda/netlink=github.com/cilium/netlink@master go mod tidy go mod vendor git add vendor/ go.mod go.sum && git commit -sa However, just few days ago our PR was merged, so just regular update is already sufficient (above instructions are kept in log for future reference). We used the following for this patch: go get github.com/vishvananda/netlink@master go mod tidy go mod vendor git add vendor/ go.mod go.sum && git commit -sa Related: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=7482e3841d520a368426ac196720601687e2dc47 Related: vishvananda/netlink#707 Signed-off-by: Daniel Borkmann <[email protected]>
borkmann
added a commit
to cilium/cilium
that referenced
this pull request
Nov 4, 2021
For the neighboring subsystem, we need the NTF_EXT_MANAGED flag for newer kernels. Additionally, the netlink library is broken with regards to pushing nil lladdresses into the kernel. We addressed both recently in vishvananda/netlink. While we were waiting for those two patches to land upstream, we temporarily used cilium/netlink with included patches. The following was used for importing cilium/netlink instead: go mod edit -replace github.com/vishvananda/netlink=github.com/cilium/netlink@master go mod tidy go mod vendor git add vendor/ go.mod go.sum && git commit -sa However, just few days ago our PR was merged, so just regular update is already sufficient (above instructions are kept in log for future reference). We used the following for this patch: go get github.com/vishvananda/netlink@master go mod tidy go mod vendor git add vendor/ go.mod go.sum && git commit -sa Related: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=7482e3841d520a368426ac196720601687e2dc47 Related: vishvananda/netlink#707 Signed-off-by: Daniel Borkmann <[email protected]>
borkmann
added a commit
to cilium/cilium
that referenced
this pull request
Nov 5, 2021
For the neighboring subsystem, we need the NTF_EXT_MANAGED flag for newer kernels. Additionally, the netlink library is broken with regards to pushing nil lladdresses into the kernel. We addressed both recently in vishvananda/netlink. While we were waiting for those two patches to land upstream, we temporarily used cilium/netlink with included patches. The following was used for importing cilium/netlink instead: go mod edit -replace github.com/vishvananda/netlink=github.com/cilium/netlink@master go mod tidy go mod vendor git add vendor/ go.mod go.sum && git commit -sa However, just few days ago our PR was merged, so just regular update is already sufficient (above instructions are kept in log for future reference). We used the following for this patch: go get github.com/vishvananda/netlink@master go mod tidy go mod vendor git add vendor/ go.mod go.sum && git commit -sa Related: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=7482e3841d520a368426ac196720601687e2dc47 Related: vishvananda/netlink#707 Signed-off-by: Daniel Borkmann <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allows to set NTF_EXT_MANAGED neighbor flag for managed neighbor
entries as per kernel commit 7482e3841d52 ("net, neigh: Add NTF_MANAGED
flag for managed neighbor entries"). The flag then indicates to the
kernel that the neighbor entry should be periodically probed for keeping
the entry in NUD_REACHABLE state iff possible.
Signed-off-by: Daniel Borkmann [email protected]