Re: carp BACKUP and NA

2014-03-06 Thread Martin Pieuchot 
On 06/03/14(Thu) 09:34, Martin Pieuchot wrote:
 On 19/02/14(Wed) 12:53, Martin Pieuchot wrote:
  Generally, when a NA is received we check if the receiving interface
  has the target address advertised and if it's the case we warn about
  duplicate addresses and bail.
  
  But in the case of a carp interface in BACKUP state it's different.  In
  this case we have a hack that sets the ifa to NULL and continue.  This
  hack relies on the fact that no cache entry will be found later on 
  (because it was removed when the state switch to BACKUP) or that there
  is no lladdr change in the NA (like it is right now) to work properly.
  
  So instead of expecting such things, simply ignore NAs with matching
  address on carp BACKUP nodes since they are more likely to come from
  the carp MASTER.
  
  Less is more, ok?
 
 Anybody?

And now a correct version without a typo (|| should be ) spotted by
sthen@.  Here's a freshly retested the diff:

Index: netinet6/nd6_nbr.c
===
RCS file: /home/ncvs/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.75
diff -u -p -r1.75 nd6_nbr.c
--- netinet6/nd6_nbr.c  24 Jan 2014 12:20:22 -  1.75
+++ netinet6/nd6_nbr.c  6 Mar 2014 10:08:17 -
@@ -570,9 +570,6 @@ nd6_na_input(struct mbuf *m, int off, in
struct rtentry *rt;
struct sockaddr_dl *sdl;
union nd_opts ndopts;
-#if NCARP  0
-   struct sockaddr_dl *proxydl = NULL;
-#endif
char addr[INET6_ADDRSTRLEN], addr0[INET6_ADDRSTRLEN];
 
if (ip6-ip6_hlim != 255) {
@@ -632,11 +629,6 @@ nd6_na_input(struct mbuf *m, int off, in
}
 
ifa = in6ifa_ifpwithaddr(ifp, taddr6)-ia_ifa;
-#if NCARP  0
-   if (ifp-if_type == IFT_CARP  ifa 
-   !carp_iamatch6(ifp, lladdr, proxydl))
-   ifa = NULL;
-#endif
 
/*
 * Target address matches one of my interface address.
@@ -652,8 +644,18 @@ nd6_na_input(struct mbuf *m, int off, in
goto freeit;
}
 
-   /* Just for safety, maybe unnecessary. */
if (ifa) {
+#if NCARP  0
+   struct sockaddr_dl *proxydl = NULL;
+
+   /*
+* Ignore NAs silently for carp addresses if we're not
+* the CARP master.
+*/
+   if (ifp-if_type == IFT_CARP 
+   !carp_iamatch6(ifp, lladdr, proxydl))
+   goto freeit;
+#endif
log(LOG_ERR,
nd6_na_input: duplicate IP6 address %s\n,
inet_ntop(AF_INET6, taddr6, addr, sizeof(addr)));

carp BACKUP and NA

2014-02-19 Thread Martin Pieuchot 
Generally, when a NA is received we check if the receiving interface
has the target address advertised and if it's the case we warn about
duplicate addresses and bail.

But in the case of a carp interface in BACKUP state it's different.  In
this case we have a hack that sets the ifa to NULL and continue.  This
hack relies on the fact that no cache entry will be found later on 
(because it was removed when the state switch to BACKUP) or that there
is no lladdr change in the NA (like it is right now) to work properly.

So instead of expecting such things, simply ignore NAs with matching
address on carp BACKUP nodes since they are more likely to come from
the carp MASTER.

Less is more, ok?


Index: nd6_nbr.c
===
RCS file: /home/ncvs/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.75
diff -u -p -r1.75 nd6_nbr.c
--- nd6_nbr.c   24 Jan 2014 12:20:22 -  1.75
+++ nd6_nbr.c   13 Feb 2014 11:14:04 -
@@ -570,9 +570,6 @@ nd6_na_input(struct mbuf *m, int off, in
struct rtentry *rt;
struct sockaddr_dl *sdl;
union nd_opts ndopts;
-#if NCARP  0
-   struct sockaddr_dl *proxydl = NULL;
-#endif
char addr[INET6_ADDRSTRLEN], addr0[INET6_ADDRSTRLEN];
 
if (ip6-ip6_hlim != 255) {
@@ -632,11 +629,6 @@ nd6_na_input(struct mbuf *m, int off, in
}
 
ifa = in6ifa_ifpwithaddr(ifp, taddr6)-ia_ifa;
-#if NCARP  0
-   if (ifp-if_type == IFT_CARP  ifa 
-   !carp_iamatch6(ifp, lladdr, proxydl))
-   ifa = NULL;
-#endif
 
/*
 * Target address matches one of my interface address.
@@ -652,8 +644,18 @@ nd6_na_input(struct mbuf *m, int off, in
goto freeit;
}
 
-   /* Just for safety, maybe unnecessary. */
if (ifa) {
+#if NCARP  0
+   struct sockaddr_dl *proxydl = NULL;
+
+   /*
+* Ignore NAs silently for carp addresses if we're not
+* the CARP master.
+*/
+   if (ifp-if_type == IFT_CARP ||
+   !carp_iamatch6(ifp, lladdr, proxydl))
+   goto freeit;
+#endif
log(LOG_ERR,
nd6_na_input: duplicate IP6 address %s\n,
inet_ntop(AF_INET6, taddr6, addr, sizeof(addr)));