Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()

From: Chunhui He
Date: Mon Jul 25 2016 - 03:53:01 EST

Next message: Auger Eric: "Re: [PATCH v11 4/8] vfio/type1: handle unmap/unpin and replay for VFIO_IOVA_RESERVED slots"
Previous message: Vlastimil Babka: "Re: [PATCH v2] mem-hotplug: alloc new page from the next node if zone is MOVABLE_ZONE"
In reply to: Julian Anastasov: "Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

On Sat, 23 Jul 2016 22:09:43 +0300 (EEST), Julian Anastasov <ja@xxxxxx> wrote:
>
> May be that is the problem: we receive such packet,
> ip_route_input_noref detects that we allow such packet
> from NEIGH_IP on this interface, tip is not RTN_LOCAL (no
> ARP reply from us), tip is RTN_UNICAST but proxy_arp is not
> allowed, so we continue and reach __neigh_lookup which finds
> the existing cache entry because we talked to GW before that.
> As this is an ARP request, neigh_update is called with NUD_STALE.
> No reply is sent because request was not for us but we
> just learned that NEIGH_IP is alive because it lookups
> for someone else. This is common to observe with broadcasts,
> GW lookups for other hosts and has to expose its IP+hwaddr.
> More difficult to happen with unicast packets, you need hub,
> not switch, to detect such packets.
>
> It is possible that you miss the packet that tries
> to set NUD_STALE. May be you can add some printk's to catch
> what kind of packet causes this. This can help too:
>
> tcpdump -lnnn -s0 arp and host GW_IP
>
> If you see such packet, that is it. Our cache is
> updated with NUD_STALE.
>
>> So I'm not sure if it can learn from ARP reply.
>
> See above, received broadcast GARP reply can set
> NUD_STALE. But the most trivial case of GW exposing its
> IP while looking for other hosts should be the culprit.
> It probably happens often, that is why we have no chance
> to send ARP requests, GW is more ARP-active than us and
> updates our cache and we are happy.
>

Thank you for your analysis.
I think the same, except that I don't think GW can update
our cache via broadcast ARP.

Please the comment in arp_process():
> int state = NUD_REACHABLE;
...
> /* Broadcast replies and request packets
> do not assert neighbour reachability.
> */
> if (arp->ar_op != htons(ARPOP_REPLY) ||
> skb->pkt_type != PACKET_HOST)
> state = NUD_STALE;
> neigh_update(n, sha, state,
...

Broadcast packets do not assert reachability, so they
should not interference our state machine. They are
just a hint.

Regards,
Chunhui

Next message: Auger Eric: "Re: [PATCH v11 4/8] vfio/type1: handle unmap/unpin and replay for VFIO_IOVA_RESERVED slots"
Previous message: Vlastimil Babka: "Re: [PATCH v2] mem-hotplug: alloc new page from the next node if zone is MOVABLE_ZONE"
In reply to: Julian Anastasov: "Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]