From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Cc: passt-dev@passt.top, Paul Holzinger <pholzing@redhat.com>
Subject: Re: [PATCH 6/7] pasta: Disable neighbour solicitations on device up to prevent DAD
Date: Thu, 15 Aug 2024 13:06:52 +1000 [thread overview]
Message-ID: <Zr1wzKmc17kJwqFM@zatzit.fritz.box> (raw)
In-Reply-To: <20240814225429.3707908-7-sbrivio@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2258 bytes --]
On Thu, Aug 15, 2024 at 12:54:28AM +0200, Stefano Brivio wrote:
> As soon as we the kernel notifier for IPv6 address configuration
> (addrconf_notify()) sees that we bring the target interface up
> (NETDEV_UP), it will schedule duplicate address detection, so, by
> itself, setting the nodad flag later is useless, because that won't
> stop a detection that's already in progress.
Ah, I did wonder about that on the earlier patch.
> However, if we disable neighbour solicitations with IFF_NOARP (which
> is a misnomer for IPv6 interfaces, but there's no possibility of
> mixing things up), the notifier will not trigger DAD, because it can't
> be done, of course, without neighbour solicitations.
>
> Set IFF_NOARP as we bring up the device, and drop it after we had a
> chance to set the nodad attribute on the link.
>
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> pasta.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/pasta.c b/pasta.c
> index cebf54f..babbfd5 100644
> --- a/pasta.c
> +++ b/pasta.c
> @@ -303,10 +303,15 @@ void pasta_ns_conf(struct ctx *c)
> strerror(-rc));
>
> if (c->pasta_conf_ns) {
> + unsigned int flags = IFF_UP;
> +
> if (c->mtu != -1)
> nl_link_set_mtu(nl_sock_ns, c->pasta_ifi, c->mtu);
>
> - nl_link_set_flags(nl_sock_ns, c->pasta_ifi, IFF_UP, IFF_UP);
> + if (c->ifi6) /* Avoid duplicate address detection on link up */
> + flags |= IFF_NOARP;
> +
> + nl_link_set_flags(nl_sock_ns, c->pasta_ifi, flags, flags);
>
> if (c->ifi4) {
> if (c->ip4.no_copy_addrs) {
> @@ -353,6 +358,10 @@ void pasta_ns_conf(struct ctx *c)
> strerror(-rc));
> }
>
> + /* We dodged DAD: re-enable neighbour solicitations */
> + nl_link_set_flags(nl_sock_ns, c->pasta_ifi,
> + 0, IFF_NOARP);
> +
> if (c->ip6.no_copy_addrs) {
> rc = nl_addr_set(nl_sock_ns, c->pasta_ifi,
> AF_INET6, &c->ip6.addr, 64);
--
David Gibson (he or they) | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you, not the other way
| around.
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2024-08-15 3:43 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-14 22:54 [PATCH 0/7] Prevent DAD for link-local addresses in containers Stefano Brivio
2024-08-14 22:54 ` [PATCH 1/7] netlink: Fix typo in function comment for nl_addr_get() Stefano Brivio
2024-08-15 2:39 ` David Gibson
2024-08-14 22:54 ` [PATCH 2/7] netlink, pasta: Split MTU setting functionality out of nl_link_up() Stefano Brivio
2024-08-15 2:41 ` David Gibson
2024-08-14 22:54 ` [PATCH 3/7] netlink, pasta: Turn nl_link_up() into a generic function to set link flags Stefano Brivio
2024-08-15 2:42 ` David Gibson
2024-08-14 22:54 ` [PATCH 4/7] netlink, pasta: Disable DAD for link-local addresses on namespace interface Stefano Brivio
2024-08-15 3:01 ` David Gibson
2024-08-15 6:52 ` Stefano Brivio
2024-08-14 22:54 ` [PATCH 5/7] netlink, pasta: Fetch link-local address from namespace interface once it's up Stefano Brivio
2024-08-15 3:04 ` David Gibson
2024-08-15 6:53 ` Stefano Brivio
2024-08-14 22:54 ` [PATCH 6/7] pasta: Disable neighbour solicitations on device up to prevent DAD Stefano Brivio
2024-08-15 3:06 ` David Gibson [this message]
2024-08-14 22:54 ` [PATCH 7/7] netlink: Fix typo in function comment for nl_addr_set() Stefano Brivio
2024-08-15 3:07 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zr1wzKmc17kJwqFM@zatzit.fritz.box \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=pholzing@redhat.com \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).