On Sun, Aug 06, 2017 at 01:56:08PM -0400, Martin Pieuchot wrote: > On 06/08/17(Sun) 17:04, Florian Obser wrote: > > On Sun, Aug 06, 2017 at 10:29:09AM -0400, Martin Pieuchot wrote: > > > On 03/08/17(Thu) 09:13, Florian Obser wrote: > > > > > > > > as mpi pointed out in "nd6 address expiration & NET_LOCK() contention" > > > > we run nd6_expire every second. That seems a bit silly considering > > > > that we normally have a pltime of a day. > > > > > > > > With a bit of math we can work out when the timer should fire when we > > > > set pltime/vltime and when we walk the list in nd6_expire. > > > > > > > > This intentionally only lowers the timeout in in6_update_ifa(). That > > > > means in the case of no privacy addresses and default pltime/vltime > > > > and no router advertisements getting lost the timer fires every week > > > > and notices that it has nothing to do. I think that is acceptable > > > > since it fires 600.000 times less... > > > > > > > > Tests, comments, OKs? > > > > > > I like it, comments below. > > > > next try, but I probably missunderstood your comments. > > A bit, more comments below :) > > > If I try to printf-debug this in nd6_expire_timer_update() > > Are you trying to print something at an invalid address?
yeah, I got tripped by clang not (yet) checking kprintf format strings and went in the wrong direction to find the problem :( > > > > + nd6_next_expire_time(ia6, &expire_time); > > + > > + nd6_expire_timer_update(expire_time, 0); > > I was suggesting to put everything in one function. > Ah gotcha, I thought this to be impossible. But with a bit of rejiggling I got it now. With this we might call timeout_add_sec more often than we need. But that shouldn't be an issue since one usually doesn't have that many v6 addresses configured. diff --git lib/libc/gen/sysctl.3 lib/libc/gen/sysctl.3 index bb0317d7187..0f6ea4233fe 100644 --- lib/libc/gen/sysctl.3 +++ lib/libc/gen/sysctl.3 @@ -1639,7 +1639,6 @@ The currently defined protocols and names are: .It icmp6 Ta nd6_delay Ta integer Ta yes .It icmp6 Ta nd6_maxnudhint Ta integer Ta yes .It icmp6 Ta nd6_mmaxtries Ta integer Ta yes -.It icmp6 Ta nd6_prune Ta integer Ta yes .It icmp6 Ta nd6_umaxtries Ta integer Ta yes .It icmp6 Ta redirtimeout Ta integer Ta yes .It ip6 Ta auto_flowlabel Ta integer Ta yes @@ -1718,10 +1717,6 @@ This variable specifies the constant in IPv6 neighbor discovery specification .Pq RFC 4861 . .Pp -.It Li icmp6.nd6_prune Pq Va net.inet6.icmp6.nd6_prune -This variable specifies the interval between IPv6 neighbor cache babysitting -in seconds. -.Pp .It Li icmp6.nd6_umaxtries Pq Va net.inet6.icmp6.nd6_umaxtries This variable specifies the .Dv MAX_UNICAST_SOLICIT diff --git sys/netinet/icmp6.h sys/netinet/icmp6.h index 1713f6c2125..628ffe36dd4 100644 --- sys/netinet/icmp6.h +++ sys/netinet/icmp6.h @@ -502,7 +502,6 @@ struct icmp6stat { #define ICMPV6CTL_STATS 1 #define ICMPV6CTL_REDIRACCEPT 2 /* accept/process redirects */ #define ICMPV6CTL_REDIRTIMEOUT 3 /* redirect cache time */ -#define ICMPV6CTL_ND6_PRUNE 6 #define ICMPV6CTL_ND6_DELAY 8 #define ICMPV6CTL_ND6_UMAXTRIES 9 #define ICMPV6CTL_ND6_MMAXTRIES 10 @@ -521,7 +520,7 @@ struct icmp6stat { { "redirtimeout", CTLTYPE_INT }, \ { 0, 0 }, \ { 0, 0 }, \ - { "nd6_prune", CTLTYPE_INT }, \ + { 0, 0 }, \ { 0, 0 }, \ { "nd6_delay", CTLTYPE_INT }, \ { "nd6_umaxtries", CTLTYPE_INT }, \ @@ -543,7 +542,7 @@ struct icmp6stat { &icmp6_redirtimeout, \ NULL, \ NULL, \ - &nd6_prune, \ + NULL, \ NULL, \ &nd6_delay, \ &nd6_umaxtries, \ diff --git sys/netinet6/in6.c sys/netinet6/in6.c index cafdd9fe36f..7796af6191c 100644 --- sys/netinet6/in6.c +++ sys/netinet6/in6.c @@ -686,6 +686,10 @@ in6_update_ifa(struct ifnet *ifp, struct in6_aliasreq *ifra, */ ia6->ia6_flags = ifra->ifra_flags; + KERNEL_LOCK(); + nd6_expire_timer_update(ia6); + KERNEL_UNLOCK(); + /* * We are done if we have simply modified an existing address. */ diff --git sys/netinet6/nd6.c sys/netinet6/nd6.c index 245b64c6155..b162da3b611 100644 --- sys/netinet6/nd6.c +++ sys/netinet6/nd6.c @@ -45,6 +45,7 @@ #include <sys/ioctl.h> #include <sys/syslog.h> #include <sys/queue.h> +#include <sys/stdint.h> #include <sys/task.h> #include <net/if.h> @@ -66,7 +67,7 @@ #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ /* timer values */ -int nd6_prune = 1; /* walk list every 1 seconds */ +time_t nd6_expire_time = -1; /* at which time_uptime nd6_expire runs */ int nd6_delay = 5; /* delay first probe time 5 second */ int nd6_umaxtries = 3; /* maximum unicast query */ int nd6_mmaxtries = 3; /* maximum multicast query */ @@ -122,8 +123,6 @@ nd6_init(void) timeout_set_proc(&nd6_slowtimo_ch, nd6_slowtimo, NULL); timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); timeout_set(&nd6_expire_timeout, nd6_expire_timer, NULL); - timeout_add_sec(&nd6_expire_timeout, nd6_prune); - } struct nd_ifinfo * @@ -417,6 +416,37 @@ nd6_llinfo_timer(void *arg) NET_UNLOCK(s); } +void +nd6_expire_timer_update(struct in6_ifaddr *ia6) +{ + time_t expire_time = INT64_MAX; + int secs; + + KERNEL_ASSERT_LOCKED(); + + if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) + expire_time = ia6->ia6_lifetime.ia6t_expire; + + if (!(ia6->ia6_flags & IN6_IFF_DEPRECATED) && + ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && + expire_time > ia6->ia6_lifetime.ia6t_preferred) + expire_time = ia6->ia6_lifetime.ia6t_preferred; + + if (expire_time == INT64_MAX) + return; + + if (!timeout_pending(&nd6_expire_timeout) || nd6_expire_time > + expire_time) { + expire_time++; /* fire one second after expiry */ + secs = expire_time - time_uptime; + if ( secs < 0) + secs = 0; + + timeout_add_sec(&nd6_expire_timeout, secs); + nd6_expire_time = expire_time; + } +} + /* * Expire interface addresses. */ @@ -429,8 +459,6 @@ nd6_expire(void *unused) KERNEL_LOCK(); NET_LOCK(s); - timeout_add_sec(&nd6_expire_timeout, nd6_prune); - TAILQ_FOREACH(ifp, &ifnet, if_list) { struct ifaddr *ifa, *nifa; struct in6_ifaddr *ia6; @@ -442,14 +470,10 @@ nd6_expire(void *unused) /* check address lifetime */ if (IFA6_IS_INVALID(ia6)) { in6_purgeaddr(&ia6->ia_ifa); - } else if (IFA6_IS_DEPRECATED(ia6)) { - ia6->ia6_flags |= IN6_IFF_DEPRECATED; } else { - /* - * A new RA might have made a deprecated address - * preferred. - */ - ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; + if (IFA6_IS_DEPRECATED(ia6)) + ia6->ia6_flags |= IN6_IFF_DEPRECATED; + nd6_expire_timer_update(ia6); } } } diff --git sys/netinet6/nd6.h sys/netinet6/nd6.h index 3b08e2c5dfe..5db1684895e 100644 --- sys/netinet6/nd6.h +++ sys/netinet6/nd6.h @@ -138,7 +138,6 @@ struct llinfo_nd6 { (((MIN_RANDOM_FACTOR * (x >> 10)) + (arc4random() & \ ((MAX_RANDOM_FACTOR - MIN_RANDOM_FACTOR) * (x >> 10)))) /1000) -extern int nd6_prune; extern int nd6_delay; extern int nd6_umaxtries; extern int nd6_mmaxtries; @@ -208,6 +207,7 @@ void nd6_rs_input(struct mbuf *, int, int); int in6_ifdel(struct ifnet *, struct in6_addr *); void rt6_flush(struct in6_addr *, struct ifnet *); +void nd6_expire_timer_update(struct in6_ifaddr *); #endif /* _KERNEL */ #endif /* _NETINET6_ND6_H_ */ -- I'm not entirely sure you are real.