[PATCH net] neighbour: allow NUD_NOARP entries to be forced GCed

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH net] neighbour: allow NUD_NOARP entries to be forced GCed
@ 2021-06-07 17:35 David Ahern
  2021-06-07 18:53 ` Roopa Prabhu
  2021-06-07 22:26 ` David Miller
  0 siblings, 2 replies; 5+ messages in thread
From: David Ahern @ 2021-06-07 17:35 UTC (permalink / raw)
  To: netdev, kuba, davem
  Cc: David Ahern, Kasper Dupont, Thadeu Lima de Souza Cascardo

IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to
fill up the neighbour table with enough entries that it will overflow for
valid connections after that.

This behaviour is more prevalent after commit 58956317c8de ("neighbor:
Improve garbage collection") is applied, as it prevents removal from
entries that are not NUD_FAILED, unless they are more than 5s old.

Fixes: 58956317c8de (neighbor: Improve garbage collection)
Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
---
rebased to net tree

 net/core/neighbour.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 98f20efbfadf..bf774575ad71 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -238,6 +238,7 @@ static int neigh_forced_gc(struct neigh_table *tbl)
 
 			write_lock(&n->lock);
 			if ((n->nud_state == NUD_FAILED) ||
+			    (n->nud_state == NUD_NOARP) ||
 			    (tbl->is_multicast &&
 			     tbl->is_multicast(n->primary_key)) ||
 			    time_after(tref, n->updated))
-- 
2.24.3 (Apple Git-128)


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH net] neighbour: allow NUD_NOARP entries to be forced GCed
  2021-06-07 17:35 [PATCH net] neighbour: allow NUD_NOARP entries to be forced GCed David Ahern
@ 2021-06-07 18:53 ` Roopa Prabhu
  2021-06-07 22:04   ` David Ahern
  2021-06-07 22:26 ` David Miller
  1 sibling, 1 reply; 5+ messages in thread
From: Roopa Prabhu @ 2021-06-07 18:53 UTC (permalink / raw)
  To: David Ahern, netdev, kuba, davem
  Cc: Kasper Dupont, Thadeu Lima de Souza Cascardo


On 6/7/21 10:35 AM, David Ahern wrote:
> IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to
> fill up the neighbour table with enough entries that it will overflow for
> valid connections after that.
>
> This behaviour is more prevalent after commit 58956317c8de ("neighbor:
> Improve garbage collection") is applied, as it prevents removal from
> entries that are not NUD_FAILED, unless they are more than 5s old.
>
> Fixes: 58956317c8de (neighbor: Improve garbage collection)
> Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net>
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
> Signed-off-by: David Ahern <dsahern@kernel.org>
> ---
> rebased to net tree


There are other use-cases  that use NUD_NOARP as static neighbour 
entries which should be exempt from forced gc.

for example when qualified by NTF_EXT_LEARNED for the E-VPN use-case.

The check in your patch below should exclude NTF_EXT_LEARNED entries.


(unrelated to the neighbour code ,  but bridge driver also uses 
NUD_NOARP for static entries)


>
>   net/core/neighbour.c | 1 +
>   1 file changed, 1 insertion(+)
>
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index 98f20efbfadf..bf774575ad71 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -238,6 +238,7 @@ static int neigh_forced_gc(struct neigh_table *tbl)
>   
>   			write_lock(&n->lock);
>   			if ((n->nud_state == NUD_FAILED) ||
> +			    (n->nud_state == NUD_NOARP) ||
>   			    (tbl->is_multicast &&
>   			     tbl->is_multicast(n->primary_key)) ||
>   			    time_after(tref, n->updated))

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net] neighbour: allow NUD_NOARP entries to be forced GCed
  2021-06-07 18:53 ` Roopa Prabhu
@ 2021-06-07 22:04   ` David Ahern
  2021-06-07 22:16     ` Roopa Prabhu
  0 siblings, 1 reply; 5+ messages in thread
From: David Ahern @ 2021-06-07 22:04 UTC (permalink / raw)
  To: Roopa Prabhu, David Ahern, netdev, kuba, davem
  Cc: Kasper Dupont, Thadeu Lima de Souza Cascardo

On 6/7/21 12:53 PM, Roopa Prabhu wrote:
> 
> On 6/7/21 10:35 AM, David Ahern wrote:
>> IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's
>> possible to
>> fill up the neighbour table with enough entries that it will overflow for
>> valid connections after that.
>>
>> This behaviour is more prevalent after commit 58956317c8de ("neighbor:
>> Improve garbage collection") is applied, as it prevents removal from
>> entries that are not NUD_FAILED, unless they are more than 5s old.
>>
>> Fixes: 58956317c8de (neighbor: Improve garbage collection)
>> Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net>
>> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
>> Signed-off-by: David Ahern <dsahern@kernel.org>
>> ---
>> rebased to net tree
> 
> 
> There are other use-cases  that use NUD_NOARP as static neighbour
> entries which should be exempt from forced gc.
> 
> for example when qualified by NTF_EXT_LEARNED for the E-VPN use-case.
> 
> The check in your patch below should exclude NTF_EXT_LEARNED entries.
> 
> 
> (unrelated to the neighbour code ,  but bridge driver also uses
> NUD_NOARP for static entries)
> 
> 

Maybe I misunderstand your comment: forced_gc does not apply to static
entries; those were moved to a separate list to avoid walking them.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net] neighbour: allow NUD_NOARP entries to be forced GCed
  2021-06-07 22:04   ` David Ahern
@ 2021-06-07 22:16     ` Roopa Prabhu
  0 siblings, 0 replies; 5+ messages in thread
From: Roopa Prabhu @ 2021-06-07 22:16 UTC (permalink / raw)
  To: David Ahern, David Ahern, netdev, kuba, davem
  Cc: Kasper Dupont, Thadeu Lima de Souza Cascardo


On 6/7/21 3:04 PM, David Ahern wrote:
> On 6/7/21 12:53 PM, Roopa Prabhu wrote:
>> On 6/7/21 10:35 AM, David Ahern wrote:
>>> IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's
>>> possible to
>>> fill up the neighbour table with enough entries that it will overflow for
>>> valid connections after that.
>>>
>>> This behaviour is more prevalent after commit 58956317c8de ("neighbor:
>>> Improve garbage collection") is applied, as it prevents removal from
>>> entries that are not NUD_FAILED, unless they are more than 5s old.
>>>
>>> Fixes: 58956317c8de (neighbor: Improve garbage collection)
>>> Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net>
>>> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
>>> Signed-off-by: David Ahern <dsahern@kernel.org>
>>> ---
>>> rebased to net tree
>>
>> There are other use-cases  that use NUD_NOARP as static neighbour
>> entries which should be exempt from forced gc.
>>
>> for example when qualified by NTF_EXT_LEARNED for the E-VPN use-case.
>>
>> The check in your patch below should exclude NTF_EXT_LEARNED entries.
>>
>>
>> (unrelated to the neighbour code ,  but bridge driver also uses
>> NUD_NOARP for static entries)
>>
>>
> Maybe I misunderstand your comment: forced_gc does not apply to static
> entries; those were moved to a separate list to avoid walking them.
>
I think you are right. so just to confirm, NUD_NOARP + NTF_EXT_LEARNED 
will never be included in the list for forced_gc and hence not affected 
by your patch ?

if yes, I am good.




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net] neighbour: allow NUD_NOARP entries to be forced GCed
  2021-06-07 17:35 [PATCH net] neighbour: allow NUD_NOARP entries to be forced GCed David Ahern
  2021-06-07 18:53 ` Roopa Prabhu
@ 2021-06-07 22:26 ` David Miller
  1 sibling, 0 replies; 5+ messages in thread
From: David Miller @ 2021-06-07 22:26 UTC (permalink / raw)
  To: dsahern; +Cc: netdev, kuba, kasperd, cascardo

From: David Ahern <dsahern@kernel.org>
Date: Mon,  7 Jun 2021 11:35:30 -0600

> IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to
> fill up the neighbour table with enough entries that it will overflow for
> valid connections after that.
> 
> This behaviour is more prevalent after commit 58956317c8de ("neighbor:
> Improve garbage collection") is applied, as it prevents removal from
> entries that are not NUD_FAILED, unless they are more than 5s old.
> 
> Fixes: 58956317c8de (neighbor: Improve garbage collection)
> Reported-by: Kasper Dupont <kasperd@gjkwv.06.feb.2021.kasperd.net>
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
> Signed-off-by: David Ahern <dsahern@kernel.org>
> ---
> rebased to net tree

Applied, thanks.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-06-07 22:26 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-07 17:35 [PATCH net] neighbour: allow NUD_NOARP entries to be forced GCed David Ahern
2021-06-07 18:53 ` Roopa Prabhu
2021-06-07 22:04   ` David Ahern
2021-06-07 22:16     ` Roopa Prabhu
2021-06-07 22:26 ` David Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.