Re: carp BACKUP and NA

Thu, 06 Mar 2014 02:14:26 -0800 

On 06/03/14(Thu) 09:34, Martin Pieuchot wrote:
> On 19/02/14(Wed) 12:53, Martin Pieuchot wrote:
> > Generally, when a NA is received we check if the receiving interface
> > has the target address advertised and if it's the case we warn about
> > duplicate addresses and bail.
> > 
> > But in the case of a carp interface in BACKUP state it's different.  In
> > this case we have a hack that sets the ifa to NULL and continue.  This
> > hack relies on the fact that no cache entry will be found later on 
> > (because it was removed when the state switch to BACKUP) or that there
> > is no lladdr change in the NA (like it is right now) to work properly.
> > 
> > So instead of expecting such things, simply ignore NAs with matching
> > address on carp BACKUP nodes since they are more likely to come from
> > the carp MASTER.
> > 
> > Less is more, ok?
> 
> Anybody?

And now a correct version without a "typo" (|| should be &&) spotted by
sthen@.  Here's a freshly retested the diff:

Index: netinet6/nd6_nbr.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.75
diff -u -p -r1.75 nd6_nbr.c
--- netinet6/nd6_nbr.c  24 Jan 2014 12:20:22 -0000      1.75
+++ netinet6/nd6_nbr.c  6 Mar 2014 10:08:17 -0000
@@ -570,9 +570,6 @@ nd6_na_input(struct mbuf *m, int off, in
        struct rtentry *rt;
        struct sockaddr_dl *sdl;
        union nd_opts ndopts;
-#if NCARP > 0
-       struct sockaddr_dl *proxydl = NULL;
-#endif
        char addr[INET6_ADDRSTRLEN], addr0[INET6_ADDRSTRLEN];
 
        if (ip6->ip6_hlim != 255) {
@@ -632,11 +629,6 @@ nd6_na_input(struct mbuf *m, int off, in
        }
 
        ifa = &in6ifa_ifpwithaddr(ifp, &taddr6)->ia_ifa;
-#if NCARP > 0
-       if (ifp->if_type == IFT_CARP && ifa &&
-           !carp_iamatch6(ifp, lladdr, &proxydl))
-               ifa = NULL;
-#endif
 
        /*
         * Target address matches one of my interface address.
@@ -652,8 +644,18 @@ nd6_na_input(struct mbuf *m, int off, in
                goto freeit;
        }
 
-       /* Just for safety, maybe unnecessary. */
        if (ifa) {
+#if NCARP > 0
+               struct sockaddr_dl *proxydl = NULL;
+
+               /*
+                * Ignore NAs silently for carp addresses if we're not
+                * the CARP master.
+                */
+               if (ifp->if_type == IFT_CARP &&
+                   !carp_iamatch6(ifp, lladdr, &proxydl))
+                       goto freeit;
+#endif
                log(LOG_ERR,
                    "nd6_na_input: duplicate IP6 address %s\n",
                    inet_ntop(AF_INET6, &taddr6, addr, sizeof(addr)));

Reply via email to