This patchset introduces optimizations for batman-adv in setups having several gateways into a common (switched) Ethernet backbone network especially if dat is additionally enabled.
Using the current implementation with bla and dat enabled, several problems can be observed in a real setup: 1. Multiplication of ARP replies from dat enabled gateways and dat enabled mesh nodes leading to an "ARP reply storm" in the common backbone network. 2. In rare corner cases bla does not fully prevent looping of unicast frames in the direction Backbone --> mesh --> backbone and looping of multicast frames in the direction mesh --> backbone --> mesh. The latter can lead to temporary confusion in the switched backbone resulting in packet loss and communication timeouts.
The observed problems are solved by introduction of additional rules for the dat handling, bla packet forwarding and bla claiming/unclaiming of clients.
v4: - removed unnecessary include in soft-interface.c - solved issue with double-use and refcounting of pointers in routing.c
v3:
- rebased patchset - moved snooping of ip addresses for dat speed up into separate function - removed "patch of a patch" - removed automatic claiming during check of a claim - fixed issues of the patchset not being compiled due to chosen batman options
Kind regards, Andreas
Andreas Pape (6): batman-adv: prevent multiple ARP replies sent by gateways if dat enbled batman-adv: speed up dat by snooping received ip traffic batman-adv: prevent duplication of ARP replies when DAT is used batman-adv: drop unicast packets from other backbone gw batman-adv: changed debug messages for easier bla debugging batman-adv: handle race condition for claims between gateways
net/batman-adv/bridge_loop_avoidance.c | 87 ++++++++++++++++++++++++++--- net/batman-adv/bridge_loop_avoidance.h | 11 ++++ net/batman-adv/distributed-arp-table.c | 97 ++++++++++++++++++++++++++++++++ net/batman-adv/distributed-arp-table.h | 9 +++- net/batman-adv/routing.c | 25 +++++++- net/batman-adv/soft-interface.c | 3 + 6 files changed, 220 insertions(+), 12 deletions(-)
.................................................................. PHOENIX CONTACT ELECTRONICS GmbH
Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Roland Bent, Dr. Martin Heubeck ___________________________________________________________________ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ---------------------------------------------------------------------------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___________________________________________________________________
If dat is enabled it must be made sure that only the backbone gw which has claimed the remote destination for the ARP request answers the ARP request directly if the MAC address is known due to the local dat table. This prevents multiple ARP replies in a common backbone if more than one gateway already knows the remote mac searched for in the ARP request.
Signed-off-by: Andreas Pape apape@phoenixcontact.com --- net/batman-adv/bridge_loop_avoidance.c | 49 ++++++++++++++++++++++++++++++++ net/batman-adv/bridge_loop_avoidance.h | 11 +++++++ net/batman-adv/distributed-arp-table.c | 15 ++++++++++ 3 files changed, 75 insertions(+), 0 deletions(-)
diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c index 748a9ea..2f46ce9 100644 --- a/net/batman-adv/bridge_loop_avoidance.c +++ b/net/batman-adv/bridge_loop_avoidance.c @@ -2045,3 +2045,52 @@ out: batadv_hardif_put(primary_if); return 0; } + +#ifdef CONFIG_BATMAN_ADV_DAT +/** + * batadv_bla_handle_local_claim - check if address is claimed + * + * @bat_priv: the bat priv with all the soft interface information + * @addr: mac address of which the claim status is checked + * @vid: the VLAN ID + * + * addr is checked if this address is claimed by the local device itself. + * + * Return: true if bla is disabled or the mac is claimed by the device, + * false if the device addr is already claimed by another gateway + */ +bool batadv_bla_handle_local_claim(struct batadv_priv *bat_priv, + u8 *addr, unsigned short vid) +{ + struct batadv_bla_claim search_claim; + struct batadv_bla_claim *claim = NULL; + struct batadv_hard_iface *primary_if = NULL; + bool ret = true; + + if (!atomic_read(&bat_priv->bridge_loop_avoidance)) + return ret; + + primary_if = batadv_primary_if_get_selected(bat_priv); + if (!primary_if) + return ret; + + /* First look if the mac address is claimed */ + ether_addr_copy(search_claim.addr, addr); + search_claim.vid = vid; + + claim = batadv_claim_hash_find(bat_priv, &search_claim); + + /* If there is a claim and we are not owner of the claim, + * return false. + */ + if (claim) { + if (!batadv_compare_eth(claim->backbone_gw->orig, + primary_if->net_dev->dev_addr)) + ret = false; + batadv_claim_put(claim); + } + + batadv_hardif_put(primary_if); + return ret; +} +#endif diff --git a/net/batman-adv/bridge_loop_avoidance.h b/net/batman-adv/bridge_loop_avoidance.h index 0f01dae..cc07be9 100644 --- a/net/batman-adv/bridge_loop_avoidance.h +++ b/net/batman-adv/bridge_loop_avoidance.h @@ -47,6 +47,10 @@ void batadv_bla_update_orig_address(struct batadv_priv *bat_priv, void batadv_bla_status_update(struct net_device *net_dev); int batadv_bla_init(struct batadv_priv *bat_priv); void batadv_bla_free(struct batadv_priv *bat_priv); +#ifdef CONFIG_BATMAN_ADV_DAT +bool batadv_bla_handle_local_claim(struct batadv_priv *bat_priv, u8 *addr, + unsigned short vid); +#endif
#define BATADV_BLA_CRC_INIT 0 #else /* ifdef CONFIG_BATMAN_ADV_BLA */ @@ -112,6 +116,13 @@ static inline void batadv_bla_free(struct batadv_priv *bat_priv) { }
+static inline +bool batadv_bla_handle_local_claim(struct batadv_priv *bat_priv, u8 *addr, + unsigned short vid) +{ + return true; +} + #endif /* ifdef CONFIG_BATMAN_ADV_BLA */
#endif /* ifndef _NET_BATMAN_ADV_BLA_H_ */ diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index 278800a..c11f035 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -48,6 +48,7 @@ #include "originator.h" #include "send.h" #include "translation-table.h" +#include "bridge_loop_avoidance.h"
static void batadv_dat_purge(struct work_struct *work);
@@ -1003,6 +1004,20 @@ bool batadv_dat_snoop_outgoing_arp_request(struct batadv_priv *bat_priv, goto out; }
+ /* If BLA is enabled, only send ARP replies if we have claimed + * the destination for the ARP request or if no one else of + * the backbone gws belonging to our backbone has claimed the + * destination. + */ + if (!batadv_bla_handle_local_claim(bat_priv, + dat_entry->mac_addr, vid)) { + batadv_dbg(BATADV_DBG_DAT, bat_priv, + "Device %pM claimed by another backbone gw. Don't send ARP reply!", + dat_entry->mac_addr); + ret = true; + goto out; + } + skb_new = arp_create(ARPOP_REPLY, ETH_P_ARP, ip_src, bat_priv->soft_iface, ip_dst, hw_src, dat_entry->mac_addr, hw_src); -- 1.7.0.4
.................................................................. PHOENIX CONTACT ELECTRONICS GmbH
Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Roland Bent, Dr. Martin Heubeck ___________________________________________________________________ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ---------------------------------------------------------------------------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___________________________________________________________________
--- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -48,6 +48,7 @@ #include "originator.h" #include "send.h" #include "translation-table.h" +#include "bridge_loop_avoidance.h"
Please try to keep the includes in alphabetical order like this:
+#include "bridge_loop_avoidance.h" #include "hard-interface.h" #include "hash.h" #include "originator.h" #include "send.h" #include "translation-table.h"
Maybe Marek can also do this when he wants to apply it (in case Simon/Marek/... don't find anything else problematic in the patchset)
Kind regards, Sven
On Thursday 12 May 2016 08:31:32 Andreas Pape wrote:
@@ -1003,6 +1004,20 @@ bool batadv_dat_snoop_outgoing_arp_request(struct batadv_priv *bat_priv, goto out; }
/* If BLA is enabled, only send ARP replies if we have claimed
* the destination for the ARP request or if no one else of
* the backbone gws belonging to our backbone has claimed the
* destination.
*/
if (!batadv_bla_handle_local_claim(bat_priv,
dat_entry->mac_addr, vid)) {
batadv_dbg(BATADV_DBG_DAT, bat_priv,
"Device %pM claimed by another backbone gw. Don't send ARP
reply!",
dat_entry->mac_addr);
ret = true;
goto out;
}
There is still my question/comment pending for this from your PATCHv2. I'll quote:
I would agree to Antonio that sending a claim is not necessary, and might actually lead to bad choices of the outgoing backbone gateway. After all, at this point any "random" backbone gateway may answer to this request, just because it has the DAT entry, but maybe may actually not be able to reach the client via the mesh.
I think checking if a local claim exists is a good idea, but sending a claim is not a good idea - this might introduce effects which will be even more complicated to debug.
Cheers, Simon
Hi Simon,
Simon Wunderlich sw@simonwunderlich.de schrieb am 18.05.2016 14:32:09:
Von: Simon Wunderlich sw@simonwunderlich.de An: Andreas Pape APape@phoenixcontact.com Datum: 18.05.2016 14:32 Betreff: Re: Antwort: Re: [B.A.T.M.A.N.] [PATCH v4 1/6] batman-adv: prevent multiple ARP replies sent by gateways if dat enbled
Hi Andreas,
On Wednesday 18 May 2016 09:50:21 Andreas Pape wrote:
Von: Simon Wunderlich sw@simonwunderlich.de An: b.a.t.m.a.n@lists.open-mesh.org Kopie: Andreas Pape apape@phoenixcontact.com Datum: 13.05.2016 19:37 Betreff: Re: [B.A.T.M.A.N.] [PATCH v4 1/6] batman-adv: prevent multiple ARP replies sent by gateways if dat enbled
On Thursday 12 May 2016 08:31:32 Andreas Pape wrote:
@@ -1003,6 +1004,20 @@ bool
batadv_dat_snoop_outgoing_arp_request(struct
batadv_priv *bat_priv, goto out;
}
/* If BLA is enabled, only send ARP replies if we have
claimed
* the destination for the ARP request or if no one else of
* the backbone gws belonging to our backbone has claimed
the
* destination.
*/
if (!batadv_bla_handle_local_claim(bat_priv,
dat_entry->mac_addr, vid)) {
batadv_dbg(BATADV_DBG_DAT, bat_priv,
"Device %pM claimed by another backbone gw. Don't
send
ARP
reply!",
dat_entry->mac_addr);
ret = true;
goto out;
}
There is still my question/comment pending for this from your
PATCHv2.
I'll
quote:
I would agree to Antonio that sending a claim is not necessary, and
might
actually lead to bad choices of the outgoing backbone gateway. After
all, at
this point any "random" backbone gateway may answer to this request,
just
because it has the DAT entry, but maybe may actually not be able to
reach the
client via the mesh.
looks like your reply didn't go to the mailing list, not sure if this was your intention. Anyway ...
That wasn't my intention. It was just my fault;-). Sorry, if you receive this twice. I once again forgot to disable html support in my e-mail client...
I removed the automatic claim in function
batadv_bla_handle_local_claim
but obviously missed to change the comment here accordingly:-( I haven't
had
much time recently to work on this and did not spent enough time to work through the new version of the patchset in a way I should have done....
Ah right, I missed that point, and was merely checking my old comments
...
sorry, I should have checked better too.
Perhaps it might be a also a good idea to rename the function to
something
which cannot be mixed easily with the function batadv_handle_claim.
What
about the name batadv_bla_check_claim?
Yes, definitely! We should rename it. check_claim sounds good to me.
If there are no other objections I will change the name as discussed in my
next attempt.
Thanks a lot, Simon
Best regards, Andreas
.................................................................. PHOENIX CONTACT ELECTRONICS GmbH
Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Roland Bent, Dr. Martin Heubeck ___________________________________________________________________ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ---------------------------------------------------------------------------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___________________________________________________________________
Speeding up dat address lookup is achieved by snooping all incoming ip traffic. This especially increases the propability in bla setups that a gateway into a common backbone network already has a fitting dat entry to answer incoming ARP requests directly coming from the backbone network thus further reducing ARP traffic in the mesh.
Signed-off-by: Andreas Pape apape@phoenixcontact.com --- net/batman-adv/distributed-arp-table.c | 50 ++++++++++++++++++++++++++++++++ net/batman-adv/distributed-arp-table.h | 9 +++++- net/batman-adv/soft-interface.c | 3 ++ 3 files changed, 61 insertions(+), 1 deletions(-)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index c11f035..309daf1 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -27,6 +27,7 @@ #include <linux/if_arp.h> #include <linux/if_ether.h> #include <linux/if_vlan.h> +#include <linux/ip.h> #include <linux/in.h> #include <linux/jiffies.h> #include <linux/kernel.h> @@ -362,6 +363,55 @@ out: batadv_dat_entry_put(dat_entry); }
+/** + * batadv_dat_entry_check - check and update a dat entry + * @bat_priv: the bat priv with all the soft interface information + * @skb: socket buffer + * @vid: VLAN identifier + * + * snoops incoming socket buffer for dat cache updates, if dat is enabled. + * Can be called from other modules. + */ +void batadv_dat_entry_check(struct batadv_priv *bat_priv, struct sk_buff *skb, + unsigned short vid) +{ + struct vlan_ethhdr *vhdr = NULL, tmp_vhdr; + struct ethhdr *ethhdr = NULL; + struct iphdr *iphdr = NULL, tmp_iphdr; + + if (!atomic_read(&bat_priv->distributed_arp_table)) + return; + + ethhdr = eth_hdr(skb); + + switch (ntohs(ethhdr->h_proto)) { + case ETH_P_IP: + iphdr = skb_header_pointer(skb, ETH_HLEN, sizeof(tmp_iphdr), + &tmp_iphdr); + break; + case ETH_P_8021Q: + vhdr = skb_header_pointer(skb, 0, sizeof(tmp_vhdr), + &tmp_vhdr); + if (!vhdr) + return; + if (ntohs(vhdr->h_vlan_encapsulated_proto) != ETH_P_IP) + return; + iphdr = skb_header_pointer(skb, sizeof(tmp_vhdr), + sizeof(tmp_iphdr), + &tmp_iphdr); + break; + } + + if (!iphdr) + return; + + batadv_dbg(BATADV_DBG_DAT, bat_priv, + "Snooped IP address: %pI4 %pM (vid: %d)\n", + &iphdr->saddr, ethhdr->h_source, + BATADV_PRINT_VID(vid)); + batadv_dat_entry_add(bat_priv, iphdr->saddr, ethhdr->h_source, vid); +} + #ifdef CONFIG_BATMAN_ADV_DEBUG
/** diff --git a/net/batman-adv/distributed-arp-table.h b/net/batman-adv/distributed-arp-table.h index 813ecea..cf1b93c 100644 --- a/net/batman-adv/distributed-arp-table.h +++ b/net/batman-adv/distributed-arp-table.h @@ -80,7 +80,8 @@ batadv_dat_init_own_addr(struct batadv_priv *bat_priv, int batadv_dat_init(struct batadv_priv *bat_priv); void batadv_dat_free(struct batadv_priv *bat_priv); int batadv_dat_cache_seq_print_text(struct seq_file *seq, void *offset); - +void batadv_dat_entry_check(struct batadv_priv *bat_priv, struct sk_buff *skb, + unsigned short vid); /** * batadv_dat_inc_counter - increment the correct DAT packet counter * @bat_priv: the bat priv with all the soft interface information @@ -173,6 +174,12 @@ static inline void batadv_dat_inc_counter(struct batadv_priv *bat_priv, { }
+static inline +void batadv_dat_entry_check(struct batadv_priv *bat_priv, struct sk_buff *skb, + unsigned short vid) +{ +} + #endif /* CONFIG_BATMAN_ADV_DAT */
#endif /* _NET_BATMAN_ADV_DISTRIBUTED_ARP_TABLE_H_ */ diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c index 81665b1..a86748f 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c @@ -442,6 +442,9 @@ void batadv_interface_rx(struct net_device *soft_iface, goto dropped; }
+ /* Snoop incoming traffic for dat update */ + batadv_dat_entry_check(bat_priv, skb, vid); + /* skb->dev & skb->pkt_type are set here */ skb->protocol = eth_type_trans(skb, soft_iface);
-- 1.7.0.4
.................................................................. PHOENIX CONTACT ELECTRONICS GmbH
Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Roland Bent, Dr. Martin Heubeck ___________________________________________________________________ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ---------------------------------------------------------------------------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___________________________________________________________________
If none of the backbone gateways in a bla setup has already knowledge of the mac address searched for in an incoming ARP request from the backbone an address resolution via the DHT of DAT is started. The gateway can send several ARP requests to different DHT nodes and therefore can get several replies. This patch assures that not all of the possible ARP replies are returned to the backbone by checking the local DAT cache of the gateway. If there is an entry in the local cache the gateway has already learned the requested address and there is no need to forward the additional reply to the backbone. Furthermore it is checked if this gateway has claimed the source of the ARP reply and only forwards it to the backbone if it has claimed the source or if there is no claim at all.
Signed-off-by: Andreas Pape apape@phoenixcontact.com --- net/batman-adv/distributed-arp-table.c | 32 ++++++++++++++++++++++++++++++++ 1 files changed, 32 insertions(+), 0 deletions(-)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index 309daf1..53c5cb6 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -1239,6 +1239,7 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv, __be32 ip_src, ip_dst; u8 *hw_src, *hw_dst; bool dropped = false; + struct batadv_dat_entry *dat_entry = NULL; unsigned short vid;
if (!atomic_read(&bat_priv->distributed_arp_table)) @@ -1258,12 +1259,41 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv, hw_dst = batadv_arp_hw_dst(skb, hdr_size); ip_dst = batadv_arp_ip_dst(skb, hdr_size);
+ /* If ip_dst is already in cache and has the right mac address, + * drop this frame if this ARP reply is destined for us because it's + * most probably an ARP reply generated by another node of the DHT. + * We have most probably received already a reply earlier. Delivering + * this frame would lead to doubled receive of an ARP reply. + */ + dat_entry = batadv_dat_entry_hash_find(bat_priv, ip_src, vid); + if ((dat_entry) && (batadv_compare_eth(hw_src, dat_entry->mac_addr))) { + batadv_dbg(BATADV_DBG_DAT, bat_priv, "Doubled ARP reply removed: ARP MSG = [src: %pM-%pI4 dst: %pM-%pI4]; dat_entry: %pM-%pI4\n", + hw_src, &ip_src, hw_dst, &ip_dst, + dat_entry->mac_addr, &dat_entry->ip); + dropped = true; + goto out; + } + /* Update our internal cache with both the IP addresses the node got * within the ARP reply */ batadv_dat_entry_add(bat_priv, ip_src, hw_src, vid); batadv_dat_entry_add(bat_priv, ip_dst, hw_dst, vid);
+ /* If BLA is enabled, only forward ARP replies if we have claimed the + * source of the ARP reply or if no one else of the same backbone has + * already claimed that client. This prevents that different gateways + * to the same backbone all forward the ARP reply leading to multiple + * replies in the backbone. + */ + if (!batadv_bla_handle_local_claim(bat_priv, hw_src, vid)) { + batadv_dbg(BATADV_DBG_DAT, bat_priv, + "Device %pM claimed by another backbone gw. Drop ARP reply.\n", + hw_src); + dropped = true; + goto out; + } + /* if this REPLY is directed to a client of mine, let's deliver the * packet to the interface */ @@ -1276,6 +1306,8 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv, out: if (dropped) kfree_skb(skb); + if (dat_entry) + batadv_dat_entry_put(dat_entry); /* if dropped == false -> deliver to the interface */ return dropped; } -- 1.7.0.4
.................................................................. PHOENIX CONTACT ELECTRONICS GmbH
Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Roland Bent, Dr. Martin Heubeck ___________________________________________________________________ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ---------------------------------------------------------------------------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___________________________________________________________________
Additional dropping of unicast packets received from another backbone gw of the same backbone network before being forwarded to the same backbone again is necessary. It was observed in a test setup that in rare cases these frames lead to looping unicast traffic backbone->mesh->backbone.
Signed-off-by: Andreas Pape apape@phoenixcontact.com --- net/batman-adv/routing.c | 25 ++++++++++++++++++++++--- 1 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c index e3857ed..667e2cd 100644 --- a/net/batman-adv/routing.c +++ b/net/batman-adv/routing.c @@ -861,14 +861,16 @@ int batadv_recv_unicast_packet(struct sk_buff *skb, struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); struct batadv_unicast_packet *unicast_packet; struct batadv_unicast_4addr_packet *unicast_4addr_packet; - u8 *orig_addr; - struct batadv_orig_node *orig_node = NULL; + u8 *orig_addr, *orig_addr_gw; + struct batadv_orig_node *orig_node = NULL, *orig_node_gw = NULL; int check, hdr_size = sizeof(*unicast_packet); enum batadv_subtype subtype; - bool is4addr; + bool is4addr, is_gw; + struct ethhdr *ethhdr;
unicast_packet = (struct batadv_unicast_packet *)skb->data; unicast_4addr_packet = (struct batadv_unicast_4addr_packet *)skb->data; + ethhdr = eth_hdr(skb);
is4addr = unicast_packet->packet_type == BATADV_UNICAST_4ADDR; /* the caller function should have already pulled 2 bytes */ @@ -891,6 +893,23 @@ int batadv_recv_unicast_packet(struct sk_buff *skb,
/* packet for me */ if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) { + /* If this is a unicast packet from another backgone gw, + * drop it. + */ + orig_addr_gw = ethhdr->h_source; + orig_node_gw = batadv_orig_hash_find(bat_priv, orig_addr_gw); + if (orig_node_gw) { + is_gw = batadv_bla_is_backbone_gw(skb, orig_node_gw, + hdr_size); + batadv_orig_node_put(orig_node_gw); + if (is_gw) { + batadv_dbg(BATADV_DBG_BLA, bat_priv, + "Dropped unicast pkt received from another backbone gw %pM.\n", + orig_addr_gw); + return NET_RX_DROP; + } + } + if (is4addr) { subtype = unicast_4addr_packet->subtype; batadv_dat_inc_counter(bat_priv, subtype); -- 1.7.0.4
.................................................................. PHOENIX CONTACT ELECTRONICS GmbH
Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Roland Bent, Dr. Martin Heubeck ___________________________________________________________________ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ---------------------------------------------------------------------------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___________________________________________________________________
Some of the bla debug messages are extended and additional messages are added for easier bla debugging. Some debug messages introduced with the dat changes in prior patches of this patch series have been changed to be more compliant to other existing debug messages.
Acked-by: Simon Wunderlich sw@simonwunderlich.de Signed-off-by: Andreas Pape apape@phoenixcontact.com --- net/batman-adv/bridge_loop_avoidance.c | 18 ++++++++++++++---- net/batman-adv/routing.c | 2 +- 2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c index 2f46ce9..c426327 100644 --- a/net/batman-adv/bridge_loop_avoidance.c +++ b/net/batman-adv/bridge_loop_avoidance.c @@ -715,8 +715,8 @@ static void batadv_bla_add_claim(struct batadv_priv *bat_priv, goto claim_free_ref;
batadv_dbg(BATADV_DBG_BLA, bat_priv, - "bla_add_claim(): changing ownership for %pM, vid %d\n", - mac, BATADV_PRINT_VID(vid)); + "bla_add_claim(): changing ownership for %pM, vid %d to gw %pM\n", + mac, BATADV_PRINT_VID(vid), backbone_gw->orig);
spin_lock_bh(&claim->backbone_gw->crc_lock); claim->backbone_gw->crc ^= crc16(0, claim->addr, ETH_ALEN); @@ -1240,10 +1240,13 @@ static void batadv_bla_purge_claims(struct batadv_priv *bat_priv, continue;
batadv_dbg(BATADV_DBG_BLA, bat_priv, - "bla_purge_claims(): %pM, vid %d, time out\n", + "bla_purge_claims(): timed out.\n"); + +purge_now: + batadv_dbg(BATADV_DBG_BLA, bat_priv, + "bla_purge_claims(): %pM, vid %d\n", claim->addr, claim->vid);
-purge_now: batadv_handle_unclaim(bat_priv, primary_if, claim->backbone_gw->orig, claim->addr, claim->vid); @@ -1787,6 +1790,13 @@ bool batadv_bla_rx(struct batadv_priv *bat_priv, struct sk_buff *skb, /* possible optimization: race for a claim */ /* No claim exists yet, claim it for us! */ + + batadv_dbg(BATADV_DBG_BLA, bat_priv, + "bla_rx(): Unclaimed MAC %pM found. Claim it. Local: %s\n", + ethhdr->h_source, + batadv_is_my_client(bat_priv, + ethhdr->h_source, vid) ? + "yes" : "no"); batadv_handle_claim(bat_priv, primary_if, primary_if->net_dev->dev_addr, ethhdr->h_source, vid); diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c index 667e2cd..7eeae86 100644 --- a/net/batman-adv/routing.c +++ b/net/batman-adv/routing.c @@ -904,7 +904,7 @@ int batadv_recv_unicast_packet(struct sk_buff *skb, batadv_orig_node_put(orig_node_gw); if (is_gw) { batadv_dbg(BATADV_DBG_BLA, bat_priv, - "Dropped unicast pkt received from another backbone gw %pM.\n", + "recv_unicast_packet(): Dropped unicast pkt received from another backbone gw %pM.\n", orig_addr_gw); return NET_RX_DROP; } -- 1.7.0.4
.................................................................. PHOENIX CONTACT ELECTRONICS GmbH
Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Roland Bent, Dr. Martin Heubeck ___________________________________________________________________ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ---------------------------------------------------------------------------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___________________________________________________________________
Consider the following situation which has been found in a test setup: Gateway B has claimed client C and gateway A has the same backbone network as B. C sends a broad- or multicast to B and directly after this packet decides to send another packet to A due to a better TQ value. B will forward the broad-/multicast into the backbone as it is the responsible gw and after that A will claim C as it has been chosen by C as the best gateway. If it now happens that A claims C before it has received the broad-/multicast forwarded by B (due to backbone topology or due to some delay in B when forwarding the packet) we get a critical situation: in the current code A will immediately unclaim C when receiving the multicast due to the roaming client scenario although the position of C has not changed in the mesh. If this happens the multi-/broadcast forwarded by B will be sent back into the mesh by A and we have looping packets until one of the gateways claims C again. In order to prevent this, unclaiming of a client due to the roaming client scenario is only done after a certain time is expired after the last claim of the client. 100 ms are used here, which should be slow enough for big backbones and slow gateways but fast enough not to break the roaming client use case.
Acked-by: Simon Wunderlich sw@simonwunderlich.de Signed-off-by: Andreas Pape apape@phoenixcontact.com --- net/batman-adv/bridge_loop_avoidance.c | 20 ++++++++++++++++---- 1 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c index c426327..0790cbc 100644 --- a/net/batman-adv/bridge_loop_avoidance.c +++ b/net/batman-adv/bridge_loop_avoidance.c @@ -1904,10 +1904,22 @@ bool batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb, /* if yes, the client has roamed and we have * to unclaim it. */ - batadv_handle_unclaim(bat_priv, primary_if, - primary_if->net_dev->dev_addr, - ethhdr->h_source, vid); - goto allow; + if (batadv_has_timed_out(claim->lasttime, 100)) { + /* only unclaim if the last claim entry is + * older than 100 ms to make sure we really + * have a roaming client here. + */ + batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla_tx(): Roaming client %pM detected. Unclaim it.\n", + ethhdr->h_source); + batadv_handle_unclaim(bat_priv, primary_if, + primary_if->net_dev->dev_addr, + ethhdr->h_source, vid); + goto allow; + } else { + batadv_dbg(BATADV_DBG_BLA, bat_priv, "bla_tx(): Race for claim %pM detected. Drop packet.\n", + ethhdr->h_source); + goto handled; + } }
/* check if it is a multicast/broadcast frame */ -- 1.7.0.4
.................................................................. PHOENIX CONTACT ELECTRONICS GmbH
Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont USt-Id-Nr.: DE811742156 Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528 Geschäftsführer / Executive Board: Roland Bent, Dr. Martin Heubeck ___________________________________________________________________ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ---------------------------------------------------------------------------------------------------- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden. ___________________________________________________________________
b.a.t.m.a.n@lists.open-mesh.org