* [PATCH iproute2 -next 0/4] ip, neigh: Add managed neighbor support
@ 2021-10-15 22:53 Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 1/4] Update kernel headers Daniel Borkmann
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Daniel Borkmann @ 2021-10-15 22:53 UTC (permalink / raw)
To: dsahern; +Cc: netdev, Daniel Borkmann
iproute2 patches to add support for managed neighbor entries as per recent
net-next commits:
2ed08b5ead3c ("Merge branch 'Managed-Neighbor-Entries'")
c47fedba94bc ("Merge branch 'minor-managed-neighbor-follow-ups'")
Thanks!
Daniel Borkmann (4):
Update kernel headers
ip, neigh: Fix up spacing in netlink dump
ip, neigh: Add missing NTF_USE support
ip, neigh: Add NTF_EXT_MANAGED support
include/uapi/linux/neighbour.h | 35 +++++++++++++++++++++----------
ip/ipneigh.c | 38 ++++++++++++++++++++++------------
man/man8/ip-neighbour.8 | 17 +++++++++++++++
3 files changed, 66 insertions(+), 24 deletions(-)
--
2.27.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH iproute2 -next 1/4] Update kernel headers
2021-10-15 22:53 [PATCH iproute2 -next 0/4] ip, neigh: Add managed neighbor support Daniel Borkmann
@ 2021-10-15 22:53 ` Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 2/4] ip, neigh: Fix up spacing in netlink dump Daniel Borkmann
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Daniel Borkmann @ 2021-10-15 22:53 UTC (permalink / raw)
To: dsahern; +Cc: netdev, Daniel Borkmann
Update kernel headers to commits:
2c611ad97a82 ("net, neigh: Extend neigh->flags to 32 bit to allow for extensions")
7482e3841d52 ("net, neigh: Add NTF_MANAGED flag for managed neighbor entries")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
include/uapi/linux/neighbour.h | 35 +++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)
diff --git a/include/uapi/linux/neighbour.h b/include/uapi/linux/neighbour.h
index 00a60695..db05fb55 100644
--- a/include/uapi/linux/neighbour.h
+++ b/include/uapi/linux/neighbour.h
@@ -31,6 +31,7 @@ enum {
NDA_PROTOCOL, /* Originator of entry */
NDA_NH_ID,
NDA_FDB_EXT_ATTRS,
+ NDA_FLAGS_EXT,
__NDA_MAX
};
@@ -40,14 +41,16 @@ enum {
* Neighbor Cache Entry Flags
*/
-#define NTF_USE 0x01
-#define NTF_SELF 0x02
-#define NTF_MASTER 0x04
-#define NTF_PROXY 0x08 /* == ATF_PUBL */
-#define NTF_EXT_LEARNED 0x10
-#define NTF_OFFLOADED 0x20
-#define NTF_STICKY 0x40
-#define NTF_ROUTER 0x80
+#define NTF_USE (1 << 0)
+#define NTF_SELF (1 << 1)
+#define NTF_MASTER (1 << 2)
+#define NTF_PROXY (1 << 3) /* == ATF_PUBL */
+#define NTF_EXT_LEARNED (1 << 4)
+#define NTF_OFFLOADED (1 << 5)
+#define NTF_STICKY (1 << 6)
+#define NTF_ROUTER (1 << 7)
+/* Extended flags under NDA_FLAGS_EXT: */
+#define NTF_EXT_MANAGED (1 << 0)
/*
* Neighbor Cache Entry States.
@@ -65,12 +68,22 @@ enum {
#define NUD_PERMANENT 0x80
#define NUD_NONE 0x00
-/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
- * and make no address resolution or NUD.
- * NUD_PERMANENT also cannot be deleted by garbage collectors.
+/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change and make no
+ * address resolution or NUD.
+ *
+ * NUD_PERMANENT also cannot be deleted by garbage collectors. This holds true
+ * for dynamic entries with NTF_EXT_LEARNED flag as well. However, upon carrier
+ * down event, NUD_PERMANENT entries are not flushed whereas NTF_EXT_LEARNED
+ * flagged entries explicitly are (which is also consistent with the routing
+ * subsystem).
+ *
* When NTF_EXT_LEARNED is set for a bridge fdb entry the different cache entry
* states don't make sense and thus are ignored. Such entries don't age and
* can roam.
+ *
+ * NTF_EXT_MANAGED flagged neigbor entries are managed by the kernel on behalf
+ * of a user space control plane, and automatically refreshed so that (if
+ * possible) they remain in NUD_REACHABLE state.
*/
struct nda_cacheinfo {
--
2.27.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH iproute2 -next 2/4] ip, neigh: Fix up spacing in netlink dump
2021-10-15 22:53 [PATCH iproute2 -next 0/4] ip, neigh: Add managed neighbor support Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 1/4] Update kernel headers Daniel Borkmann
@ 2021-10-15 22:53 ` Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 3/4] ip, neigh: Add missing NTF_USE support Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 4/4] ip, neigh: Add NTF_EXT_MANAGED support Daniel Borkmann
3 siblings, 0 replies; 7+ messages in thread
From: Daniel Borkmann @ 2021-10-15 22:53 UTC (permalink / raw)
To: dsahern; +Cc: netdev, Daniel Borkmann
Fix up spacing to consistently add a single ' ' after an attribute has
been printed. Currently, it is a bit of a mix of before and after which
can lead to double spacing to be printed.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
ip/ipneigh.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/ip/ipneigh.c b/ip/ipneigh.c
index b778de00..564e787c 100644
--- a/ip/ipneigh.c
+++ b/ip/ipneigh.c
@@ -235,7 +235,7 @@ static void print_neigh_state(unsigned int nud)
#define PRINT_FLAG(f) \
if (nud & NUD_##f) { \
nud &= ~NUD_##f; \
- print_string(PRINT_ANY, NULL, " %s", #f); \
+ print_string(PRINT_ANY, NULL, "%s ", #f); \
}
PRINT_FLAG(INCOMPLETE);
@@ -423,27 +423,27 @@ int print_neigh(struct nlmsghdr *n, void *arg)
fprintf(fp, "lladdr ");
print_color_string(PRINT_ANY, COLOR_MAC,
- "lladdr", "%s", lladdr);
+ "lladdr", "%s ", lladdr);
}
if (r->ndm_flags & NTF_ROUTER)
- print_null(PRINT_ANY, "router", " %s", "router");
+ print_null(PRINT_ANY, "router", "%s ", "router");
if (r->ndm_flags & NTF_PROXY)
- print_null(PRINT_ANY, "proxy", " %s", "proxy");
+ print_null(PRINT_ANY, "proxy", "%s ", "proxy");
if (r->ndm_flags & NTF_EXT_LEARNED)
- print_null(PRINT_ANY, "extern_learn", " %s ", "extern_learn");
+ print_null(PRINT_ANY, "extern_learn", "%s ", "extern_learn");
if (r->ndm_flags & NTF_OFFLOADED)
- print_null(PRINT_ANY, "offload", " %s", "offload");
+ print_null(PRINT_ANY, "offload", "%s ", "offload");
if (show_stats) {
if (tb[NDA_CACHEINFO])
print_cacheinfo(RTA_DATA(tb[NDA_CACHEINFO]));
if (tb[NDA_PROBES])
- print_uint(PRINT_ANY, "probes", " probes %u",
+ print_uint(PRINT_ANY, "probes", "probes %u ",
rta_getattr_u32(tb[NDA_PROBES]));
}
@@ -453,7 +453,7 @@ int print_neigh(struct nlmsghdr *n, void *arg)
if (protocol) {
SPRINT_BUF(b1);
- print_string(PRINT_ANY, "protocol", " proto %s ",
+ print_string(PRINT_ANY, "protocol", "proto %s ",
rtnl_rtprot_n2a(protocol, b1, sizeof(b1)));
}
--
2.27.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH iproute2 -next 3/4] ip, neigh: Add missing NTF_USE support
2021-10-15 22:53 [PATCH iproute2 -next 0/4] ip, neigh: Add managed neighbor support Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 1/4] Update kernel headers Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 2/4] ip, neigh: Fix up spacing in netlink dump Daniel Borkmann
@ 2021-10-15 22:53 ` Daniel Borkmann
2021-10-16 0:18 ` David Ahern
2021-10-15 22:53 ` [PATCH iproute2 -next 4/4] ip, neigh: Add NTF_EXT_MANAGED support Daniel Borkmann
3 siblings, 1 reply; 7+ messages in thread
From: Daniel Borkmann @ 2021-10-15 22:53 UTC (permalink / raw)
To: dsahern; +Cc: netdev, Daniel Borkmann
Currently, ip neigh does not support the NTF_USE flag. Similar to other flags
such as extern_learn, add cmdline support. The flag dump support is explicitly
missing here, since the kernel does not propagate the flag back to user space.
Usage example:
# ./ip/ip n replace 192.168.178.30 dev enp5s0 use extern_learn
# ./ip/ip n
192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a extern_learn REACHABLE
[...]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
ip/ipneigh.c | 4 +++-
man/man8/ip-neighbour.8 | 8 ++++++++
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/ip/ipneigh.c b/ip/ipneigh.c
index 564e787c..9510e03e 100644
--- a/ip/ipneigh.c
+++ b/ip/ipneigh.c
@@ -51,7 +51,7 @@ static void usage(void)
fprintf(stderr,
"Usage: ip neigh { add | del | change | replace }\n"
" { ADDR [ lladdr LLADDR ] [ nud STATE ] proxy ADDR }\n"
- " [ dev DEV ] [ router ] [ extern_learn ] [ protocol PROTO ]\n"
+ " [ dev DEV ] [ router ] [ use ] [ extern_learn ] [ protocol PROTO ]\n"
"\n"
" ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n"
" [ vrf NAME ]\n"
@@ -148,6 +148,8 @@ static int ipneigh_modify(int cmd, int flags, int argc, char **argv)
req.ndm.ndm_flags |= NTF_PROXY;
} else if (strcmp(*argv, "router") == 0) {
req.ndm.ndm_flags |= NTF_ROUTER;
+ } else if (strcmp(*argv, "use") == 0) {
+ req.ndm.ndm_flags |= NTF_USE;
} else if (matches(*argv, "extern_learn") == 0) {
req.ndm.ndm_flags |= NTF_EXT_LEARNED;
} else if (strcmp(*argv, "dev") == 0) {
diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8
index a27f9ef8..ed2dcd5a 100644
--- a/man/man8/ip-neighbour.8
+++ b/man/man8/ip-neighbour.8
@@ -25,6 +25,7 @@ ip-neighbour \- neighbour/arp tables management.
.B dev
.IR DEV " ] [ "
.BR router " ] [ "
+.BR use " ] [ "
.BR extern_learn " ]"
.ti -8
@@ -91,6 +92,13 @@ indicates whether we are proxying for this neighbour entry
.BI router
indicates whether neighbour is a router
+.TP
+.BI use
+this neigh entry is in "use". This option can be used to indicate to
+the kernel that a controller is using this dynamic entry. If the entry
+does not exist, the kernel will resolve it. If it exists, an attempt
+to refresh the neighbor entry will be triggered.
+
.TP
.BI extern_learn
this neigh entry was learned externally. This option can be used to
--
2.27.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH iproute2 -next 4/4] ip, neigh: Add NTF_EXT_MANAGED support
2021-10-15 22:53 [PATCH iproute2 -next 0/4] ip, neigh: Add managed neighbor support Daniel Borkmann
` (2 preceding siblings ...)
2021-10-15 22:53 ` [PATCH iproute2 -next 3/4] ip, neigh: Add missing NTF_USE support Daniel Borkmann
@ 2021-10-15 22:53 ` Daniel Borkmann
3 siblings, 0 replies; 7+ messages in thread
From: Daniel Borkmann @ 2021-10-15 22:53 UTC (permalink / raw)
To: dsahern; +Cc: netdev, Daniel Borkmann
Currently, ip neigh does not support the NTF_EXT_MANAGED flag. Add cmdline
support.
Usage example:
# ./ip/ip n replace 192.168.178.30 dev enp5s0 managed extern_learn
# ./ip/ip n
192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a managed extern_learn REACHABLE
[...]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
ip/ipneigh.c | 20 +++++++++++++++-----
man/man8/ip-neighbour.8 | 9 +++++++++
2 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/ip/ipneigh.c b/ip/ipneigh.c
index 9510e03e..9a56b4a5 100644
--- a/ip/ipneigh.c
+++ b/ip/ipneigh.c
@@ -51,7 +51,8 @@ static void usage(void)
fprintf(stderr,
"Usage: ip neigh { add | del | change | replace }\n"
" { ADDR [ lladdr LLADDR ] [ nud STATE ] proxy ADDR }\n"
- " [ dev DEV ] [ router ] [ use ] [ extern_learn ] [ protocol PROTO ]\n"
+ " [ dev DEV ] [ router ] [ use ] [ managed ] [ extern_learn ]\n"
+ " [ protocol PROTO ]\n"
"\n"
" ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n"
" [ vrf NAME ]\n"
@@ -115,6 +116,7 @@ static int ipneigh_modify(int cmd, int flags, int argc, char **argv)
.ndm.ndm_family = preferred_family,
.ndm.ndm_state = NUD_PERMANENT,
};
+ __u32 ext_flags = 0;
char *dev = NULL;
int dst_ok = 0;
int dev_ok = 0;
@@ -150,6 +152,9 @@ static int ipneigh_modify(int cmd, int flags, int argc, char **argv)
req.ndm.ndm_flags |= NTF_ROUTER;
} else if (strcmp(*argv, "use") == 0) {
req.ndm.ndm_flags |= NTF_USE;
+ } else if (strcmp(*argv, "managed") == 0) {
+ ext_flags |= NTF_EXT_MANAGED;
+ req.ndm.ndm_state = NUD_NONE;
} else if (matches(*argv, "extern_learn") == 0) {
req.ndm.ndm_flags |= NTF_EXT_LEARNED;
} else if (strcmp(*argv, "dev") == 0) {
@@ -185,7 +190,10 @@ static int ipneigh_modify(int cmd, int flags, int argc, char **argv)
req.ndm.ndm_family = dst.family;
if (addattr_l(&req.n, sizeof(req), NDA_DST, &dst.data, dst.bytelen) < 0)
return -1;
-
+ if (ext_flags &&
+ addattr_l(&req.n, sizeof(req), NDA_FLAGS_EXT, &ext_flags,
+ sizeof(ext_flags)) < 0)
+ return -1;
if (lla && strcmp(lla, "null")) {
char llabuf[20];
int l;
@@ -305,6 +313,7 @@ int print_neigh(struct nlmsghdr *n, void *arg)
int len = n->nlmsg_len;
struct rtattr *tb[NDA_MAX+1];
static int logit = 1;
+ __u32 ext_flags = 0;
__u8 protocol = 0;
if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH &&
@@ -348,6 +357,8 @@ int print_neigh(struct nlmsghdr *n, void *arg)
if (tb[NDA_PROTOCOL])
protocol = rta_getattr_u8(tb[NDA_PROTOCOL]);
+ if (tb[NDA_FLAGS_EXT])
+ ext_flags = rta_getattr_u32(tb[NDA_FLAGS_EXT]);
if (filter.protocol && filter.protocol != protocol)
return 0;
@@ -430,13 +441,12 @@ int print_neigh(struct nlmsghdr *n, void *arg)
if (r->ndm_flags & NTF_ROUTER)
print_null(PRINT_ANY, "router", "%s ", "router");
-
if (r->ndm_flags & NTF_PROXY)
print_null(PRINT_ANY, "proxy", "%s ", "proxy");
-
+ if (ext_flags & NTF_EXT_MANAGED)
+ print_null(PRINT_ANY, "managed", "%s ", "managed");
if (r->ndm_flags & NTF_EXT_LEARNED)
print_null(PRINT_ANY, "extern_learn", "%s ", "extern_learn");
-
if (r->ndm_flags & NTF_OFFLOADED)
print_null(PRINT_ANY, "offload", "%s ", "offload");
diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8
index ed2dcd5a..1331d7cb 100644
--- a/man/man8/ip-neighbour.8
+++ b/man/man8/ip-neighbour.8
@@ -26,6 +26,7 @@ ip-neighbour \- neighbour/arp tables management.
.IR DEV " ] [ "
.BR router " ] [ "
.BR use " ] [ "
+.BR managed " ] [ "
.BR extern_learn " ]"
.ti -8
@@ -99,6 +100,14 @@ the kernel that a controller is using this dynamic entry. If the entry
does not exist, the kernel will resolve it. If it exists, an attempt
to refresh the neighbor entry will be triggered.
+.TP
+.BI managed
+this neigh entry is "managed". This option can be used to indicate to
+the kernel that a controller is using this dynamic entry. In contrast
+to "use", if the entry does not exist, the kernel will resolve it and
+periodically attempt to auto-refresh the neighbor entry such that it
+remains in resolved state when possible.
+
.TP
.BI extern_learn
this neigh entry was learned externally. This option can be used to
--
2.27.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH iproute2 -next 3/4] ip, neigh: Add missing NTF_USE support
2021-10-15 22:53 ` [PATCH iproute2 -next 3/4] ip, neigh: Add missing NTF_USE support Daniel Borkmann
@ 2021-10-16 0:18 ` David Ahern
2021-10-25 11:43 ` Daniel Borkmann
0 siblings, 1 reply; 7+ messages in thread
From: David Ahern @ 2021-10-16 0:18 UTC (permalink / raw)
To: Daniel Borkmann, dsahern; +Cc: netdev
On 10/15/21 4:53 PM, Daniel Borkmann wrote:
> diff --git a/ip/ipneigh.c b/ip/ipneigh.c
> index 564e787c..9510e03e 100644
> --- a/ip/ipneigh.c
> +++ b/ip/ipneigh.c
> @@ -51,7 +51,7 @@ static void usage(void)
> fprintf(stderr,
> "Usage: ip neigh { add | del | change | replace }\n"
> " { ADDR [ lladdr LLADDR ] [ nud STATE ] proxy ADDR }\n"
> - " [ dev DEV ] [ router ] [ extern_learn ] [ protocol PROTO ]\n"
> + " [ dev DEV ] [ router ] [ use ] [ extern_learn ] [ protocol PROTO ]\n"
> "\n"
> " ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n"
> " [ vrf NAME ]\n"
does not apply to iproute2-next; looks like you made the change against
main branch.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH iproute2 -next 3/4] ip, neigh: Add missing NTF_USE support
2021-10-16 0:18 ` David Ahern
@ 2021-10-25 11:43 ` Daniel Borkmann
0 siblings, 0 replies; 7+ messages in thread
From: Daniel Borkmann @ 2021-10-25 11:43 UTC (permalink / raw)
To: David Ahern, dsahern; +Cc: netdev
On 10/16/21 2:18 AM, David Ahern wrote:
> On 10/15/21 4:53 PM, Daniel Borkmann wrote:
>> diff --git a/ip/ipneigh.c b/ip/ipneigh.c
>> index 564e787c..9510e03e 100644
>> --- a/ip/ipneigh.c
>> +++ b/ip/ipneigh.c
>> @@ -51,7 +51,7 @@ static void usage(void)
>> fprintf(stderr,
>> "Usage: ip neigh { add | del | change | replace }\n"
>> " { ADDR [ lladdr LLADDR ] [ nud STATE ] proxy ADDR }\n"
>> - " [ dev DEV ] [ router ] [ extern_learn ] [ protocol PROTO ]\n"
>> + " [ dev DEV ] [ router ] [ use ] [ extern_learn ] [ protocol PROTO ]\n"
>> "\n"
>> " ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n"
>> " [ vrf NAME ]\n"
>
>
> does not apply to iproute2-next; looks like you made the change against
> main branch.
Sorry for the delay, was on PTO whole last week. Looks like it, will rebase and send a v2.
Thanks!
Daniel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-10-25 11:43 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-15 22:53 [PATCH iproute2 -next 0/4] ip, neigh: Add managed neighbor support Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 1/4] Update kernel headers Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 2/4] ip, neigh: Fix up spacing in netlink dump Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 3/4] ip, neigh: Add missing NTF_USE support Daniel Borkmann
2021-10-16 0:18 ` David Ahern
2021-10-25 11:43 ` Daniel Borkmann
2021-10-15 22:53 ` [PATCH iproute2 -next 4/4] ip, neigh: Add NTF_EXT_MANAGED support Daniel Borkmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).