On Sun, Aug 06, 2017 at 01:56:08PM -0400, Martin Pieuchot wrote:
> On 06/08/17(Sun) 17:04, Florian Obser wrote:
> > On Sun, Aug 06, 2017 at 10:29:09AM -0400, Martin Pieuchot wrote:
> > > On 03/08/17(Thu) 09:13, Florian Obser wrote:
> > > >
> > > > as mpi pointed out in "nd6 address expiration & NET_LOCK() contention"
> > > > we run nd6_expire every second. That seems a bit silly considering
> > > > that we normally have a pltime of a day.
> > > >
> > > > With a bit of math we can work out when the timer should fire when we
> > > > set pltime/vltime and when we walk the list in nd6_expire.
> > > >
> > > > This intentionally only lowers the timeout in in6_update_ifa(). That
> > > > means in the case of no privacy addresses and default pltime/vltime
> > > > and no router advertisements getting lost the timer fires every week
> > > > and notices that it has nothing to do. I think that is acceptable
> > > > since it fires 600.000 times less...
> > > >
> > > > Tests, comments, OKs?
> > >
> > > I like it, comments below.
> >
> > next try, but I probably missunderstood your comments.
>
> A bit, more comments below :)
>
> > If I try to printf-debug this in nd6_expire_timer_update()
>
> Are you trying to print something at an invalid address?
yeah, I got tripped by clang not (yet) checking kprintf format strings
and went in the wrong direction to find the problem :(
> >
> > + nd6_next_expire_time(ia6, &expire_time);
> > +
> > + nd6_expire_timer_update(expire_time, 0);
>
> I was suggesting to put everything in one function.
>
Ah gotcha, I thought this to be impossible. But with a bit of
rejiggling I got it now. With this we might call timeout_add_sec more
often than we need. But that shouldn't be an issue since one usually
doesn't have that many v6 addresses configured.
diff --git lib/libc/gen/sysctl.3 lib/libc/gen/sysctl.3
index bb0317d7187..0f6ea4233fe 100644
--- lib/libc/gen/sysctl.3
+++ lib/libc/gen/sysctl.3
@@ -1639,7 +1639,6 @@ The currently defined protocols and names are:
.It icmp6 Ta nd6_delay Ta integer Ta yes
.It icmp6 Ta nd6_maxnudhint Ta integer Ta yes
.It icmp6 Ta nd6_mmaxtries Ta integer Ta yes
-.It icmp6 Ta nd6_prune Ta integer Ta yes
.It icmp6 Ta nd6_umaxtries Ta integer Ta yes
.It icmp6 Ta redirtimeout Ta integer Ta yes
.It ip6 Ta auto_flowlabel Ta integer Ta yes
@@ -1718,10 +1717,6 @@ This variable specifies the
constant in IPv6 neighbor discovery specification
.Pq RFC 4861 .
.Pp
-.It Li icmp6.nd6_prune Pq Va net.inet6.icmp6.nd6_prune
-This variable specifies the interval between IPv6 neighbor cache babysitting
-in seconds.
-.Pp
.It Li icmp6.nd6_umaxtries Pq Va net.inet6.icmp6.nd6_umaxtries
This variable specifies the
.Dv MAX_UNICAST_SOLICIT
diff --git sys/netinet/icmp6.h sys/netinet/icmp6.h
index 1713f6c2125..628ffe36dd4 100644
--- sys/netinet/icmp6.h
+++ sys/netinet/icmp6.h
@@ -502,7 +502,6 @@ struct icmp6stat {
#define ICMPV6CTL_STATS 1
#define ICMPV6CTL_REDIRACCEPT 2 /* accept/process redirects */
#define ICMPV6CTL_REDIRTIMEOUT 3 /* redirect cache time */
-#define ICMPV6CTL_ND6_PRUNE 6
#define ICMPV6CTL_ND6_DELAY 8
#define ICMPV6CTL_ND6_UMAXTRIES 9
#define ICMPV6CTL_ND6_MMAXTRIES 10
@@ -521,7 +520,7 @@ struct icmp6stat {
{ "redirtimeout", CTLTYPE_INT }, \
{ 0, 0 }, \
{ 0, 0 }, \
- { "nd6_prune", CTLTYPE_INT }, \
+ { 0, 0 }, \
{ 0, 0 }, \
{ "nd6_delay", CTLTYPE_INT }, \
{ "nd6_umaxtries", CTLTYPE_INT }, \
@@ -543,7 +542,7 @@ struct icmp6stat {
&icmp6_redirtimeout, \
NULL, \
NULL, \
- &nd6_prune, \
+ NULL, \
NULL, \
&nd6_delay, \
&nd6_umaxtries, \
diff --git sys/netinet6/in6.c sys/netinet6/in6.c
index cafdd9fe36f..7796af6191c 100644
--- sys/netinet6/in6.c
+++ sys/netinet6/in6.c
@@ -686,6 +686,10 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq
*ifra,
*/
ia6->ia6_flags = ifra->ifra_flags;
+ KERNEL_LOCK();
+ nd6_expire_timer_update(ia6);
+ KERNEL_UNLOCK();
+
/*
* We are done if we have simply modified an existing address.
*/
diff --git sys/netinet6/nd6.c sys/netinet6/nd6.c
index 245b64c6155..b162da3b611 100644
--- sys/netinet6/nd6.c
+++ sys/netinet6/nd6.c
@@ -45,6 +45,7 @@
#include <sys/ioctl.h>
#include <sys/syslog.h>
#include <sys/queue.h>
+#include <sys/stdint.h>
#include <sys/task.h>
#include <net/if.h>
@@ -66,7 +67,7 @@
#define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */
/* timer values */
-int nd6_prune = 1; /* walk list every 1 seconds */
+time_t nd6_expire_time = -1; /* at which time_uptime nd6_expire runs */
int nd6_delay = 5; /* delay first probe time 5 second */
int nd6_umaxtries = 3; /* maximum unicast query */
int nd6_mmaxtries = 3; /* maximum multicast query */
@@ -122,8 +123,6 @@ nd6_init(void)
timeout_set_proc(&nd6_slowtimo_ch, nd6_slowtimo, NULL);
timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL);
timeout_set(&nd6_expire_timeout, nd6_expire_timer, NULL);
- timeout_add_sec(&nd6_expire_timeout, nd6_prune);
-
}
struct nd_ifinfo *
@@ -417,6 +416,37 @@ nd6_llinfo_timer(void *arg)
NET_UNLOCK(s);
}
+void
+nd6_expire_timer_update(struct in6_ifaddr *ia6)
+{
+ time_t expire_time = INT64_MAX;
+ int secs;
+
+ KERNEL_ASSERT_LOCKED();
+
+ if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME)
+ expire_time = ia6->ia6_lifetime.ia6t_expire;
+
+ if (!(ia6->ia6_flags & IN6_IFF_DEPRECATED) &&
+ ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME &&
+ expire_time > ia6->ia6_lifetime.ia6t_preferred)
+ expire_time = ia6->ia6_lifetime.ia6t_preferred;
+
+ if (expire_time == INT64_MAX)
+ return;
+
+ if (!timeout_pending(&nd6_expire_timeout) || nd6_expire_time >
+ expire_time) {
+ expire_time++; /* fire one second after expiry */
+ secs = expire_time - time_uptime;
+ if ( secs < 0)
+ secs = 0;
+
+ timeout_add_sec(&nd6_expire_timeout, secs);
+ nd6_expire_time = expire_time;
+ }
+}
+
/*
* Expire interface addresses.
*/
@@ -429,8 +459,6 @@ nd6_expire(void *unused)
KERNEL_LOCK();
NET_LOCK(s);
- timeout_add_sec(&nd6_expire_timeout, nd6_prune);
-
TAILQ_FOREACH(ifp, &ifnet, if_list) {
struct ifaddr *ifa, *nifa;
struct in6_ifaddr *ia6;
@@ -442,14 +470,10 @@ nd6_expire(void *unused)
/* check address lifetime */
if (IFA6_IS_INVALID(ia6)) {
in6_purgeaddr(&ia6->ia_ifa);
- } else if (IFA6_IS_DEPRECATED(ia6)) {
- ia6->ia6_flags |= IN6_IFF_DEPRECATED;
} else {
- /*
- * A new RA might have made a deprecated address
- * preferred.
- */
- ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;
+ if (IFA6_IS_DEPRECATED(ia6))
+ ia6->ia6_flags |= IN6_IFF_DEPRECATED;
+ nd6_expire_timer_update(ia6);
}
}
}
diff --git sys/netinet6/nd6.h sys/netinet6/nd6.h
index 3b08e2c5dfe..5db1684895e 100644
--- sys/netinet6/nd6.h
+++ sys/netinet6/nd6.h
@@ -138,7 +138,6 @@ struct llinfo_nd6 {
(((MIN_RANDOM_FACTOR * (x >> 10)) + (arc4random() & \
((MAX_RANDOM_FACTOR - MIN_RANDOM_FACTOR) * (x >> 10)))) /1000)
-extern int nd6_prune;
extern int nd6_delay;
extern int nd6_umaxtries;
extern int nd6_mmaxtries;
@@ -208,6 +207,7 @@ void nd6_rs_input(struct mbuf *, int, int);
int in6_ifdel(struct ifnet *, struct in6_addr *);
void rt6_flush(struct in6_addr *, struct ifnet *);
+void nd6_expire_timer_update(struct in6_ifaddr *);
#endif /* _KERNEL */
#endif /* _NETINET6_ND6_H_ */
--
I'm not entirely sure you are real.
