[PATCH] 2.2.13* ARP patch - LVS related

Julian Anastasov (uli@linux.tu-varna.acad.bg)
Sat, 6 Nov 1999 16:45:31 +0200 (EET)

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.

---1530068696-70216163-941899531=:11982
Content-Type: TEXT/PLAIN; charset=US-ASCII

Hi,

This patch is related to the Linux Virtual Server (LVS)
problems in Direct-Route mode.

It seems that other arp patches that rely on IFF_NOARP are
incorrect. But it is required that the arp code must be more
friendly to the Direct-Route mode of the LVS - if configured
properly.

This patch uses the concept of the "hidden" interface. You
can feed it with packets but don't expect the host to send ARP
replies for it even through other interfaces.

The good:

- We allow remote host to configure and to use interface with the same
IP as our "hidden" interface, in our case the LVS box.

- We don't check IFF_NOARP, i.e. proxy_arp can work. Instead, we
use new interface flag: /proc/sys/net/ipv4/conf/*/arp_invisible

The bad:

- There is no ioctl handling yet. In fact, may be it is not needed.
May be IFF_ARP_INVISIBLE can be used but not in 2.2.x ?

- May be we broke something in the kernel? It requires some
testing, of course.

Side effects:

- We change system structure: ipv4_devconf. Is this fatal for 2.2.x?
May be it is not exported?

- for the user: don't try to ping this interface from other hosts.
It can receive packets from hosts that know it is here - the LVS box.
You can always add permanent ARP entry in the remote host.

To all net folks, I want to ask some questions about the
ioctl handling.

What means this check for ATF_DONTPUB in arp_ioctl():

if (!(r.arp_flags & ATF_PUBL) &&
(r.arp_flags & (ATF_NETMASK|ATF_DONTPUB)))
return -EINVAL;

Why !ATF_PUBL && ATF_DONTPUB is not allowed ?

Is it possible ATF_DONTPUB to be used as flag aka
/proc/sys/net/ipv4/conf/*/arp_invisible ? Or we can use another
flag name ? In 2.2.x or 2.3.x ?

For the configuration.

arp_invisible=0 must be default for normal interfaces but
if the value is 1 we must skip the arp_send in arp_rcv(). Note that
/proc/sys/net/ipv4/conf/all/arp_invisible is "global enable", i.e.
it must be 1 to allow any interface to be marked as "hidden" using
echo 1 > /proc/sys/net/ipv4/conf/<interface_name>/arp_invisible.
And don't touch /proc/sys/net/ipv4/conf/default/arp_invisible. It
must be 0 or you host will be entirely invisible to the world.

We change the src ip in the ARP request if it is
caused by outgoing packet originated from the "hidden" interface.
We don't want to trigger remote ARP requests if we can't reply to
them. Let the LVS box reply to them.

Note that we still can use arp_send() to send requests with
sip == "hidden" IP, i.e. when IN_DEV_ARP_INVISIBLE is not checked.

In attached patch I use the name "arp_invisible". It can
be changed to arp_hidden, etc. All printk can be removed or
net_ratelimit()-ed. The patch is against 2.2.13ac2 but can be
safely used with 2.2.13. It is not required for the LVS box except
when this box can be used as "Real Server" (internal server, from the
LVS terms) from another host that can be LVS box too!

Configuration example:

# Global enable, you can use it only once
echo 1 > /proc/sys/net/ipv4/conf/all/arp_invisible
# Hide this interface and don't reply for it
echo 1 > /proc/sys/net/ipv4/conf/<the_bad_guy>/arp_invisible

OK, I expect Your comments and suggestions. May be something is
broken in the kernel from this patch. Feel free to fix it :)

Regards,

Julian Anastasov

---1530068696-70216163-941899531=:11982
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="arpfix-2213-1.diff"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.10.9911061645310.11982@linux.himel.bg>
Content-Description: ARP patch v1 against 2.2.13ac2
Content-Disposition: attachment; filename="arpfix-2213-1.diff"

LS0tIGxpbnV4L2luY2x1ZGUvbGludXgvaW5ldGRldmljZS5oLm9yaWcJTW9u
IEphbiAgNCAxNDozMTozNSAxOTk5DQorKysgbGludXgvaW5jbHVkZS9saW51
eC9pbmV0ZGV2aWNlLmgJU2F0IE5vdiAgNiAxMjozOTozOSAxOTk5DQpAQCAt
MTYsNiArMTYsNyBAQA0KIAlpbnQJbG9nX21hcnRpYW5zOw0KIAlpbnQJZm9y
d2FyZGluZzsNCiAJaW50CW1jX2ZvcndhcmRpbmc7DQorCWludAlhcnBfaW52
aXNpYmxlOw0KIAl2b2lkCSpzeXNjdGw7DQogfTsNCiANCkBAIC00MCw2ICs0
MSw3IEBADQogDQogI2RlZmluZSBJTl9ERVZfTE9HX01BUlRJQU5TKGluX2Rl
dikJKGlwdjRfZGV2Y29uZi5sb2dfbWFydGlhbnMgfHwgKGluX2RldiktPmNu
Zi5sb2dfbWFydGlhbnMpDQogI2RlZmluZSBJTl9ERVZfUFJPWFlfQVJQKGlu
X2RldikJKGlwdjRfZGV2Y29uZi5wcm94eV9hcnAgfHwgKGluX2RldiktPmNu
Zi5wcm94eV9hcnApDQorI2RlZmluZSBJTl9ERVZfQVJQX0lOVklTSUJMRShp
bl9kZXYpCShpcHY0X2RldmNvbmYuYXJwX2ludmlzaWJsZSAmJiAoaW5fZGV2
KS0+Y25mLmFycF9pbnZpc2libGUpDQogI2RlZmluZSBJTl9ERVZfU0hBUkVE
X01FRElBKGluX2RldikJKGlwdjRfZGV2Y29uZi5zaGFyZWRfbWVkaWEgfHwg
KGluX2RldiktPmNuZi5zaGFyZWRfbWVkaWEpDQogI2RlZmluZSBJTl9ERVZf
VFhfUkVESVJFQ1RTKGluX2RldikJKGlwdjRfZGV2Y29uZi5zZW5kX3JlZGly
ZWN0cyB8fCAoaW5fZGV2KS0+Y25mLnNlbmRfcmVkaXJlY3RzKQ0KICNkZWZp
bmUgSU5fREVWX1NFQ19SRURJUkVDVFMoaW5fZGV2KQkoaXB2NF9kZXZjb25m
LnNlY3VyZV9yZWRpcmVjdHMgfHwgKGluX2RldiktPmNuZi5zZWN1cmVfcmVk
aXJlY3RzKQ0KLS0tIGxpbnV4L2luY2x1ZGUvbGludXgvc3lzY3RsLmgub3Jp
ZwlGcmkgT2N0IDI5IDE0OjM2OjEyIDE5OTkNCisrKyBsaW51eC9pbmNsdWRl
L2xpbnV4L3N5c2N0bC5oCUZyaSBOb3YgIDUgMTc6NTA6NDkgMTk5OQ0KQEAg
LTI2Nyw3ICsyNjcsOCBAQA0KIAlORVRfSVBWNF9DT05GX1JQX0ZJTFRFUj04
LA0KIAlORVRfSVBWNF9DT05GX0FDQ0VQVF9TT1VSQ0VfUk9VVEU9OSwNCiAJ
TkVUX0lQVjRfQ09ORl9CT09UUF9SRUxBWT0xMCwNCi0JTkVUX0lQVjRfQ09O
Rl9MT0dfTUFSVElBTlM9MTENCisJTkVUX0lQVjRfQ09ORl9MT0dfTUFSVElB
TlM9MTEsDQorCU5FVF9JUFY0X0NPTkZfQVJQX0lOVklTSUJMRT0xMg0KIH07
DQogDQogLyogL3Byb2Mvc3lzL25ldC9pcHY2ICovDQotLS0gbGludXgvbmV0
L2lwdjQvYXJwLmMub3JpZwlGcmkgT2N0IDI5IDE0OjMzOjQ2IDE5OTkNCisr
KyBsaW51eC9uZXQvaXB2NC9hcnAuYwlTYXQgTm92ICA2IDE2OjUwOjMwIDE5
OTkNCkBAIC02NSw2ICs2NSw4IEBADQogICoJCQkJCWNsZWFuIHVwIHRoZSBB
UEZEREkgJiBnZW4uIEZEREkgYml0cy4NCiAgKgkJQWxleGV5IEt1em5ldHNv
djoJbmV3IGFycCBzdGF0ZSBtYWNoaW5lOw0KICAqCQkJCQlub3cgaXQgaXMg
aW4gbmV0L2NvcmUvbmVpZ2hib3VyLmMuDQorICoJCUp1bGlhbiBBbmFzdGFz
b3Y6CWFycF9pbnZpc2libGUgZmxhZzogaGlkZSB0aGUNCisgKgkJCQkJaW50
ZXJmYWNlIGFuZCBkb24ndCByZXBseSBmb3IgaXQNCiAgKi8NCiANCiAvKiBS
RkMxMTIyIFN0YXR1czoNCkBAIC0zMDgsMTMgKzMxMCwyMyBAQA0KIAl1MzIg
c2FkZHI7DQogCXU4ICAqZHN0X2hhID0gTlVMTDsNCiAJc3RydWN0IGRldmlj
ZSAqZGV2ID0gbmVpZ2gtPmRldjsNCisJc3RydWN0IGRldmljZSAqZGV2MjsN
CisJc3RydWN0IGluX2RldmljZSAqaW5fZGV2ID0gTlVMTDsNCiAJdTMyIHRh
cmdldCA9ICoodTMyKiluZWlnaC0+cHJpbWFyeV9rZXk7DQogCWludCBwcm9i
ZXMgPSBuZWlnaC0+cHJvYmVzOw0KIA0KLQlpZiAoc2tiICYmIGluZXRfYWRk
cl90eXBlKHNrYi0+bmguaXBoLT5zYWRkcikgPT0gUlROX0xPQ0FMKQ0KKwlp
ZiAoc2tiICYmIGluZXRfYWRkcl90eXBlKHNrYi0+bmguaXBoLT5zYWRkcikg
PT0gUlROX0xPQ0FMKSB7DQogCQlzYWRkciA9IHNrYi0+bmguaXBoLT5zYWRk
cjsNCi0JZWxzZQ0KKwkJZGV2MiA9IGlwX2Rldl9maW5kKHNhZGRyKTsNCisJ
CWlmIChkZXYyKSBpbl9kZXYgPSAoc3RydWN0IGluX2RldmljZSAqKSBkZXYy
LT5pcF9wdHI7DQorCQlpZiAoaW5fZGV2ICYmIElOX0RFVl9BUlBfSU5WSVNJ
QkxFKGluX2RldikpIHsNCisJCQlwcmludGsoS0VSTl9JTkZPICIlczogc3Jj
IGlwPSVkLiVkLiVkLiVkIGlzIGhpZGRlbiwgd2lsbCBzZWxlY3QgYW5vdGhl
ciBzcmMgaXBcbiIsIF9fRlVOQ1RJT05fXywgTklQUVVBRChzYWRkcikpOw0K
KwkJCWluX2RldiA9IE5VTEw7DQorCQl9DQorCX0gDQorCWlmICghaW5fZGV2
KSB7DQogCQlzYWRkciA9IGluZXRfc2VsZWN0X2FkZHIoZGV2LCB0YXJnZXQs
IFJUX1NDT1BFX0xJTkspOw0KKwl9DQogDQogCWlmICgocHJvYmVzIC09IG5l
aWdoLT5wYXJtcy0+dWNhc3RfcHJvYmVzKSA8IDApIHsNCiAJCWlmICghKG5l
aWdoLT5udWRfc3RhdGUmTlVEX1ZBTElEKSkNCkBAIC01NDIsNiArNTU0LDgg
QEANCiAJdTE2IGRldl90eXBlID0gZGV2LT50eXBlOw0KIAlpbnQgYWRkcl90
eXBlOw0KIAlzdHJ1Y3QgaW5fZGV2aWNlICppbl9kZXYgPSBkZXYtPmlwX3B0
cjsNCisJc3RydWN0IGluX2RldmljZSAqaW5fZGV2MjsNCisJc3RydWN0IGRl
dmljZSAqdGRldjsNCiAJc3RydWN0IG5laWdoYm91ciAqbjsNCiANCiAvKg0K
QEAgLTY1NCw4ICs2NjgsMTcgQEANCiAJLyogU3BlY2lhbCBjYXNlOiBJUHY0
IGR1cGxpY2F0ZSBhZGRyZXNzIGRldGVjdGlvbiBwYWNrZXQgKFJGQzIxMzEp
ICovDQogCWlmIChzaXAgPT0gMCkgew0KIAkJaWYgKGFycC0+YXJfb3AgPT0g
X19jb25zdGFudF9odG9ucyhBUlBPUF9SRVFVRVNUKSAmJg0KLQkJICAgIGlu
ZXRfYWRkcl90eXBlKHRpcCkgPT0gUlROX0xPQ0FMKQ0KLQkJCWFycF9zZW5k
KEFSUE9QX1JFUExZLEVUSF9QX0FSUCx0aXAsZGV2LHRpcCxzaGEsZGV2LT5k
ZXZfYWRkcixkZXYtPmRldl9hZGRyKTsNCisJCSAgICBpbmV0X2FkZHJfdHlw
ZSh0aXApID09IFJUTl9MT0NBTCkgew0KKwkJCWluX2RldjIgPSBOVUxMOw0K
KwkJCXRkZXYgPSBpcF9kZXZfZmluZCh0aXApOw0KKwkJCWlmICh0ZGV2KSBp
bl9kZXYyID0gKHN0cnVjdCBpbl9kZXZpY2UgKikgdGRldi0+aXBfcHRyOw0K
KwkJCS8qDQorCQkJICogSW4gZmFjdCwgd2UgYWxsb3cgcmVtb3RlIGhvc3Qg
dG8gdXNlIHRoaXMgSVANCisJCQkgKiBpZiBvdXIgaW50ZXJmYWNlIGlzICJo
aWRkZW4iDQorCQkJICovDQorCQkJaWYgKGluX2RldjIgJiYgIUlOX0RFVl9B
UlBfSU5WSVNJQkxFKGluX2RldjIpKQ0KKwkJCQlhcnBfc2VuZChBUlBPUF9S
RVBMWSxFVEhfUF9BUlAsdGlwLGRldix0aXAsc2hhLGRldi0+ZGV2X2FkZHIs
ZGV2LT5kZXZfYWRkcik7DQorCQl9DQogCQlnb3RvIG91dDsNCiAJfQ0KIA0K
QEAgLTY2OCw3ICs2OTEsMTQgQEANCiAJCWlmIChhZGRyX3R5cGUgPT0gUlRO
X0xPQ0FMKSB7DQogCQkJbiA9IG5laWdoX2V2ZW50X25zKCZhcnBfdGJsLCBz
aGEsICZzaXAsIGRldik7DQogCQkJaWYgKG4pIHsNCi0JCQkJYXJwX3NlbmQo
QVJQT1BfUkVQTFksRVRIX1BfQVJQLHNpcCxkZXYsdGlwLHNoYSxkZXYtPmRl
dl9hZGRyLHNoYSk7DQorCQkJCWluX2RldjIgPSBOVUxMOw0KKwkJCQl0ZGV2
ID0gaXBfZGV2X2ZpbmQodGlwKTsNCisJCQkJaWYgKHRkZXYpIGluX2RldjIg
PSAoc3RydWN0IGluX2RldmljZSAqKSB0ZGV2LT5pcF9wdHI7DQorCQkJCWlm
IChpbl9kZXYyICYmIElOX0RFVl9BUlBfSU5WSVNJQkxFKGluX2RldjIpKSB7
DQorCQkJCQlwcmludGsoS0VSTl9JTkZPICIlczogU2tpcHBpbmcgYW5zd2Vy
IGZvciBoaWRkZW4gSVAgJWQuJWQuJWQuJWRcbiIsIF9fRlVOQ1RJT05fXywg
TklQUVVBRCh0aXApKTsNCisJCQkJfQ0KKwkJCQlpZiAoaW5fZGV2MiAmJiAh
SU5fREVWX0FSUF9JTlZJU0lCTEUoaW5fZGV2MikpDQorCQkJCQlhcnBfc2Vu
ZChBUlBPUF9SRVBMWSxFVEhfUF9BUlAsc2lwLGRldix0aXAsc2hhLGRldi0+
ZGV2X2FkZHIsc2hhKTsNCiAJCQkJbmVpZ2hfcmVsZWFzZShuKTsNCiAJCQl9
DQogCQkJZ290byBvdXQ7DQotLS0gbGludXgvbmV0L2lwdjQvZGV2aW5ldC5j
Lm9yaWcJRnJpIE9jdCAyOSAxNDozMzowMyAxOTk5DQorKysgbGludXgvbmV0
L2lwdjQvZGV2aW5ldC5jCUZyaSBOb3YgIDUgMTc6NTM6NDIgMTk5OQ0KQEAg
LTkyMyw3ICs5MjMsNyBAQA0KIHN0YXRpYyBzdHJ1Y3QgZGV2aW5ldF9zeXNj
dGxfdGFibGUNCiB7DQogCXN0cnVjdCBjdGxfdGFibGVfaGVhZGVyICpzeXNj
dGxfaGVhZGVyOw0KLQljdGxfdGFibGUgZGV2aW5ldF92YXJzWzEyXTsNCisJ
Y3RsX3RhYmxlIGRldmluZXRfdmFyc1sxM107DQogCWN0bF90YWJsZSBkZXZp
bmV0X2RldlsyXTsNCiAJY3RsX3RhYmxlIGRldmluZXRfY29uZl9kaXJbMl07
DQogCWN0bF90YWJsZSBkZXZpbmV0X3Byb3RvX2RpclsyXTsNCkBAIC05NTYs
NiArOTU2LDkgQEANCiAgICAgICAgICAmcHJvY19kb2ludHZlY30sDQogCXtO
RVRfSVBWNF9DT05GX1BST1hZX0FSUCwgInByb3h5X2FycCIsDQogICAgICAg
ICAgJmlwdjRfZGV2Y29uZi5wcm94eV9hcnAsIHNpemVvZihpbnQpLCAwNjQ0
LCBOVUxMLA0KKyAgICAgICAgICZwcm9jX2RvaW50dmVjfSwNCisJe05FVF9J
UFY0X0NPTkZfQVJQX0lOVklTSUJMRSwgImFycF9pbnZpc2libGUiLA0KKyAg
ICAgICAgICZpcHY0X2RldmNvbmYuYXJwX2ludmlzaWJsZSwgc2l6ZW9mKGlu
dCksIDA2NDQsIE5VTEwsDQogICAgICAgICAgJnByb2NfZG9pbnR2ZWN9LA0K
IAl7TkVUX0lQVjRfQ09ORl9CT09UUF9SRUxBWSwgImJvb3RwX3JlbGF5IiwN
CiAgICAgICAgICAmaXB2NF9kZXZjb25mLmJvb3RwX3JlbGF5LCBzaXplb2Yo
aW50KSwgMDY0NCwgTlVMTCwNCi0tLSBsaW51eC9Eb2N1bWVudGF0aW9uL25l
dHdvcmtpbmcvaXAtc3lzY3RsLnR4dC5vcmlnCUZyaSBPY3QgMjkgMTQ6MzE6
MzkgMTk5OQ0KKysrIGxpbnV4L0RvY3VtZW50YXRpb24vbmV0d29ya2luZy9p
cC1zeXNjdGwudHh0CVNhdCBOb3YgIDYgMTY6NTc6MjcgMTk5OQ0KQEAgLTE1
Niw2ICsxNTYsOSBAQA0KIHByb3h5X2FycCAtIEJPT0xFQU4NCiAJRG8gcHJv
eHkgYXJwLg0KIA0KK2FycF9pbnZpc2libGUgLSBCT09MRUFODQorCUhpZGUg
dGhpcyBpbnRlcmZhY2UgYW5kIGRvbid0IHNlbmQgQVJQIHJlcGxpZXMgZm9y
IGl0Lg0KKw0KIHNoYXJlZF9tZWRpYSAtIEJPT0xFQU4NCiAJdW5kb2N1bWVu
dGVkLg0KIA0KLS0tIGxpbnV4L0RvY3VtZW50YXRpb24vcHJvYy50eHQub3Jp
ZwlGcmkgT2N0IDI5IDE0OjMwOjEwIDE5OTkNCisrKyBsaW51eC9Eb2N1bWVu
dGF0aW9uL3Byb2MudHh0CVNhdCBOb3YgIDYgMTI6MzY6MjMgMTk5OQ0KQEAg
LTExNjMsNiArMTE2Myw5IEBADQogcHJveHlfYXJwDQogICAgRG8gKDEpIG9y
IGRvbid0ICgwKSBkbyBwcm94eSBBUlAuDQogDQorYXJwX2ludmlzaWJsZQ0K
KyAgIEhpZGUgdGhpcyBpbnRlcmZhY2UgYW5kIGRvbid0IHNlbmQgQVJQIHJl
cGxpZXMgZm9yIGl0Lg0KKw0KIHJwX2ZpbHRlcg0KICAgIEludGVnZXIgdmFs
dWUgZGVjaWRpbmcgaWYgc291cmNlIHZhbGlkYXRpb24gc2hvdWxkIGJlIG1h
ZGUuIA0KICAgIDEgbWVhbnMgeWVzLCAwIG1lYW5zIG5vLiBEaXNhYmxlZCBi
eSBkZWZhdWx0LCBidXQgDQo=
---1530068696-70216163-941899531=:11982--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/