[PATCH v2 0/8] ndp: Unsolicited RAs
The default route a guest obtains via NDP has an expiry. We set this to the maximum allowed, 65535s (about 18 hours). We missed, however, that after that expiry, the guest won't send a new Router Solicitation. Instead it expects an unsolicited Router Advertisement to have come at some point before the expiry. This means that on an IPv6 setup, the default will disappear after 18 hours. Correct this by sending unsolicited Router Advertisements as required by RFC 4861. Along the way we make a number of small cleanups to the NDP code. Link: https://github.com/kubevirt/kubevirt/issues/13191 v2: * Some minor stylistic fixes * Use srandom() * Better explanation of the random requirements for the RAs David Gibson (8): ndp: Remove redundant update to addr_seen ndp: Add ndp_send() helper ndp: Split out helpers for sending specific NDP message types ndp: Use struct assignment in preference to memcpy() for IPv6 addresses ndp: Make route lifetime a #define util: Add general low-level random bytes helper passt: Seed libc's pseudo random number generator ndp: Send unsolicited Router Advertisements ip.h | 9 +++ ndp.c | 219 +++++++++++++++++++++++++++++++++++++------------------- ndp.h | 7 +- passt.c | 42 ++++------- util.c | 54 ++++++++++++++ util.h | 2 + 6 files changed, 228 insertions(+), 105 deletions(-) -- 2.47.0
ndp() updates addr_seen or addr_ll_seen based on the source address of the
received packet. This is redundant since tap6_handler() has already
updated addr_seen for any type of packet, not just NDP.
Signed-off-by: David Gibson
ndp() has a conditional on message type generating the reply message, then
a tiny amount of common code, then another conditional to send the reply
with slightly different parameters. We can make this a bit neater by
making a helper function for sending the reply, and call it from each of
the different message type paths.
Signed-off-by: David Gibson
Currently the large ndp() function responds to all NDP messages we handle,
both parsing the message as necessary and sending the response. Split out
the code to construct and send specific message types into ndp_na() (to
send NA messages) and ndp_ra() (to send RA messages).
As well as breaking up an excessively large function, this is a first step
to being able to send unsolicited NDP messages.
While we're there, remove a slighty ugly goto.
Signed-off-by: David Gibson
There are a number of places we can simply assign IPv6 addresses about,
rather than the current mildly ugly memcpy().
Signed-off-by: David Gibson
Currently we open-code the lifetime of the route we advertise via NDP to be
65535s (the maximum). Change it to a #define.
Signed-off-by: David Gibson
Currently secret_init() open codes getting good quality random bytes from
the OS, either via getrandom(2) or reading /dev/random. We're going to
add at least one more place that needs random data in future, so make a
general helper for getting random bytes. While we're there, fix a number
of minor bugs:
- getrandom() can theoretically return a "short read", so handle that case
- getrandom() as well as read can return a transient EINTR
- We would attempt to read data from /dev/random if we failed to open it
(open() returns -1), but not if we opened it as fd 0 (unlikely, but ok)
- More specific error reporting
Signed-off-by: David Gibson
We have an upcoming case where we need pseudo-random numbers to scatter
timings, but we don't need cryptographically strong random numbers. libc's
built in random() is fine for this purpose, but we should seed it. Extend
secret_init() - the only current user of random numbers - to do this as
well as generating the SipHash secret. Using /dev/random for a PRNG seed
is probably overkill, but it's simple and we only do it once, so we might
as well.
Signed-off-by: David Gibson
Currently, our NDP implementation only sends Router Advertisements (RA)
when it receives a Router Solicitation (RS) from the guest. However,
RFC 4861 requires that we periodically send unsolicited RAs.
Linux as a guest also requires this: it will send an RS when a link first
comes up, but the route it gets from this will have a finite lifetime (we
set this to 65535s, the maximum allowed, around 18 hours). When that
expires the guest will not send a new RS, but instead expects the route to
have been renewed (if still valid) by an unsolicited RA.
Implement sending unsolicited RAs on a partially randomised timer, as
required by RFC 4861. The RFC also specifies that solicited RAs should
also be delayed, or even omitted, if the next unsolicited RA is soon
enough. For now we don't do that, always sending an immediate RA in
response to an RS. We can get away with this because in our use cases
we expect to just have passt itself and the guest on the link, rather than
a large broadcast domain.
Link: https://github.com/kubevirt/kubevirt/issues/13191
Signed-off-by: David Gibson
On Thu, 14 Nov 2024 14:33:02 +1100
David Gibson
The default route a guest obtains via NDP has an expiry. We set this to the maximum allowed, 65535s (about 18 hours). We missed, however, that after that expiry, the guest won't send a new Router Solicitation. Instead it expects an unsolicited Router Advertisement to have come at some point before the expiry. This means that on an IPv6 setup, the default will disappear after 18 hours.
Correct this by sending unsolicited Router Advertisements as required by RFC 4861. Along the way we make a number of small cleanups to the NDP code.
Link: https://github.com/kubevirt/kubevirt/issues/13191
v2: * Some minor stylistic fixes * Use srandom() * Better explanation of the random requirements for the RAs
Applied. -- Stefano
participants (2)
-
David Gibson
-
Stefano Brivio