Page MenuHomeFreeBSD

netinet6: make IPv6 fragment TTL per-VNET configurable.
ClosedPublic

Authored by melifaro on Jul 8 2022, 12:05 PM.
Tags
None
Referenced Files
F102647021: D35755.diff
Fri, Nov 15, 7:28 AM
Unknown Object (File)
Wed, Nov 6, 1:01 AM
Unknown Object (File)
Oct 14 2024, 4:32 PM
Unknown Object (File)
Oct 13 2024, 8:08 PM
Unknown Object (File)
Oct 12 2024, 11:28 AM
Unknown Object (File)
Oct 11 2024, 3:49 AM
Unknown Object (File)
Oct 10 2024, 4:16 AM
Unknown Object (File)
Oct 1 2024, 7:03 PM

Details

Summary

The primary driver is faster execution of frag6/ tests.

Test Plan

BEFORE:

14:01 [0] m@devel0 s kyua test -k /usr/tests/sys/netinet6/frag6/Kyuafile
frag6_01:frag6_01  ->  skipped: Sending IPv6 Jumbograms needs 1 kernel changes and BPF fixes  [0.031s]
frag6_02:frag6_02  ->  passed  [3.765s]
frag6_03:frag6_03  ->  passed  [3.931s]
frag6_04:frag6_04  ->  passed  [3.803s]
frag6_05:frag6_05_0  ->  passed  [78.786s]
frag6_05:frag6_05_1  ->  passed  [78.771s]
frag6_06:frag6_06_0  ->  passed  [3.796s]
frag6_07:frag6_07  ->  passed  [79.803s]
frag6_08:frag6_08  ->  passed  [79.763s]
frag6_09:frag6_09  ->  passed  [78.672s]
frag6_10:frag6_10  ->  passed  [78.614s]
frag6_11:frag6_11  ->  passed  [78.745s]
frag6_12:frag6_12  ->  passed  [78.682s]
frag6_13:frag6_13  ->  passed  [78.638s]
frag6_14:frag6_14  ->  passed  [78.775s]
frag6_15:frag6_15  ->  passed  [3.638s]
frag6_16:frag6_16  ->  passed  [4.013s]
frag6_17:frag6_17  ->  passed  [4.467s]
frag6_18:frag6_18  ->  passed  [63.153s]
frag6_19:frag6_19  ->  passed  [64.084s]
frag6_20:frag6_20  ->  passed  [137.192s]

AFTER:

14:20 [0] m@devel0 s kyua test -k /usr/tests/sys/netinet6/frag6/Kyuafile
frag6_01:frag6_01  ->  skipped: Sending IPv6 Jumbograms needs 1 kernel changes and BPF fixes  [0.015s]
frag6_02:frag6_02  ->  passed  [2.311s]
frag6_03:frag6_03  ->  passed  [2.621s]
frag6_04:frag6_04  ->  passed  [1.983s]
frag6_05:frag6_05_0  ->  passed  [5.810s]
frag6_05:frag6_05_1  ->  passed  [5.114s]
frag6_06:frag6_06_0  ->  passed  [1.885s]
frag6_07:frag6_07  ->  passed  [6.484s]
frag6_08:frag6_08  ->  passed  [5.875s]
frag6_09:frag6_09  ->  passed  [5.675s]
frag6_10:frag6_10  ->  passed  [4.881s]
frag6_11:frag6_11  ->  passed  [4.835s]
frag6_12:frag6_12  ->  passed  [5.241s]
frag6_13:frag6_13  ->  passed  [5.042s]
frag6_14:frag6_14  ->  passed  [4.887s]
frag6_15:frag6_15  ->  passed  [2.024s]
frag6_16:frag6_16  ->  passed  [2.684s]
frag6_17:frag6_17  ->  passed  [2.597s]
frag6_18:frag6_18  ->  passed  [3.205s]
frag6_19:frag6_19  ->  passed  [2.890s]
frag6_20:frag6_20  ->  passed  [6.018s]

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 46321
Build 43210: arc lint + arc unit

Event Timeline

kp added inline comments.
sys/netinet6/frag6.c
228

Should this have a check for the maximum value too?

Especially as ip6q_ttl is a u_int8_t?

236

I'd also be inclined to describe this as 'lifetime' rather than 'TTL', because at first glance I assumed this was about packet TTL.

Thanks, I wrote a very similar patch before seeing this one. :)

sys/netinet6/frag6.c
129

Why is it "max"? Every unassembled fragment is dropped after exactly fragttl seconds, so it looks like ip6_fragttl is a more accurate name.

sys/netinet6/frag6.c
228

In non-base0 (in a VNET) we should definitively check that it's not allowed to set (much) longer than the vnet0 otherwise a VNET can open up to DoSing the base and other VNETs.

Ping, is there any reason not to pursue this diff? frag6 tests still consume a lot of time. :)

Update to latest HEAD & address comments

melifaro added inline comments.
sys/netinet6/frag6.c
228

Good point. I've added the check.

This revision was not accepted when it landed; it landed in state Needs Review.Jun 1 2023, 12:08 PM
This revision was landed with ongoing or failed builds.
This revision was automatically updated to reflect the committed changes.