Re: [PATCH net-next v3] net/ipv6: Introduce accept_unsolicited_na knob to implement router-side changes for RFC9131

From: Arun Ajith S <aajith@arista.com>
To: David Ahern <dsahern@kernel.org>
Cc: netdev@vger.kernel.org, davem@davemloft.net,
	linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
	yoshfuji@linux-ipv6.org, kuba@kernel.org, pabeni@redhat.com,
	corbet@lwn.net, prestwoj@gmail.com, gilligan@arista.com,
	noureddine@arista.com, gk@arista.com
Subject: Re: [PATCH net-next v3] net/ipv6: Introduce accept_unsolicited_na knob to implement router-side changes for RFC9131
Date: Fri, 20 May 2022 12:49:53 +0530	[thread overview]
Message-ID: <CAOvjArTAce_68CkoUff_=Hi+mr731dsWcQdEbaev4xaMDFZNug@mail.gmail.com> (raw)
In-Reply-To: <350f6a02-2975-ac1b-1c9d-ab738722a9fe@kernel.org>

On Thu, Apr 14, 2022 at 3:37 AM David Ahern <dsahern@kernel.org> wrote:
>
> On 4/13/22 8:34 AM, Arun Ajith S wrote:
> > diff --git a/tools/testing/selftests/net/ndisc_unsolicited_na_test.py b/tools/testing/selftests/net/ndisc_unsolicited_na_test.py
> > new file mode 100755
> > index 000000000000..f508657ee126
> > --- /dev/null
> > +++ b/tools/testing/selftests/net/ndisc_unsolicited_na_test.py
> > @@ -0,0 +1,255 @@
> > +#!/bin/bash
>
> that file name suffix should be .sh since it is a bash script; not .py
>
> other than that looks good to me.
>
> Reviewed-by: David Ahern <dsahern@kernel.org>

Hi David,

It has been pointed out to me that I might have read RFC9131 in a
narrower sense than what was intended.
The behavior of adding a new entry in the neighbour cache on receiving
a NA if none exists presently
shouldn't be limited to unsolicited NAs like in my original patch,
rather it should extend to all NAs.

I am quoting from the RFC below

   |  When a valid Neighbor Advertisement is received (either solicited
   |  or unsolicited), the Neighbor Cache is searched for the target's
   |  entry.  If no entry exists:
   |
   |  *  Hosts SHOULD silently discard the advertisement.  There is no
   |     need to create an entry if none exists, since the recipient has
   |     apparently not initiated any communication with the target.
   |
   |  *  Routers SHOULD create a new entry for the target address with
   |     the link-layer address set to the Target Link-Layer Address
   |     Option (if supplied).  The entry's reachability state MUST be
   |     set to STALE.  If the received Neighbor Advertisement does not
   |     contain the Target Link-Layer Address Option, the advertisement
   |     SHOULD be silently discarded.

I want to fix this, but this would mean the sysctl name
accept_unsolicited_na is no longer appropriate
I see that the net-next window for 5.19 is still open and changing the
sysctl name
wouldn't mean changing an existing interface.
I was thinking of renaming the sysctl to accept_untracked_na to
highlight that we are accepting NAs even if there is
no corresponding entry tracked in the neighbor cache.

Also, there's an error in my comment, where I say "pass up the stack"
as we don't pass NAs up the stack.
The comment can be updated as:
        /* RFC 9131 updates original Neighbour Discovery RFC 4861.
         * NAs with Target LL Address option without a corresponding
         * entry in the neighbour cache can now create a STALE neighbour
         * cache entry on routers.
         *
         *   entry accept  fwding  solicited        behaviour
         * ------- ------  ------  ---------    ----------------------
         * present      X       X         0     Set state to STALE
         * present      X       X         1     Set state to REACHABLE
         *  absent      0       X         X     Do nothing
         *  absent      1       0         X     Do nothing
         *  absent      1       1         X     Add a new STALE entry
         */

In summary
1. accept=0 keeps original(5.18) behavior for all cases.
2. accept=1 changes original behavior for entry=asbent, fwding=1 case
provided the NA had specified target link-layer address.

Please let me know what you think.

Thanks,
Arun