[B.A.T.M.A.N.] [PATCH] batman-adv: allow updating DAT entry timeouts on incoming ARP Replies

[B.A.T.M.A.N.] [PATCH] batman-adv: allow updating DAT entry timeouts on incoming ARP Replies

[Linus Lüssing]

Currently incoming ARP Replies, for example via a DHT-PUT message, do
not update the timeout for an already existing DAT entry. These ARP
Replies are dropped instead.

This however defeats the purpose of the DHCPACK snooping, for instance.
Right now, a DAT entry in the DHT will be purged every five minutes,
likely leading to a mesh-wide ARP Request broadcast after this timeout.
Which then recreates the entry. The idea of the DHCPACK snooping is to
be able to update an entry before a timeout happens, to avoid ARP Request
flooding.

This patch fixes this issue by updating a DAT entry on incoming
ARP Replies even if a matching DAT entry already exists. While still
filtering the ARP Reply towards the soft-interface, to avoid duplicate
messages on the client device side.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
---

This patch was verified in VMs via gratuitous ARP Replies generated by
"mausezahn", together with the
"batman-adv: allow snooping gratuitous ARP Replies" patch.

Before this patch, the timeout observed via "batctl dc" would continue
to increase on gratuitous ARP Reply reception. After this patch, the
last-seen value was reset to 0 successfully.
---
 net/batman-adv/distributed-arp-table.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 310a4f35..8d290da0 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -1444,7 +1444,6 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
 			   hw_src, &ip_src, hw_dst, &ip_dst,
 			   dat_entry->mac_addr,	&dat_entry->ip);
 		dropped = true;
-		goto out;
 	}
 
 	/* Update our internal cache with both the IP addresses the node got
@@ -1453,6 +1452,9 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
 	batadv_dat_entry_add(bat_priv, ip_src, hw_src, vid);
 	batadv_dat_entry_add(bat_priv, ip_dst, hw_dst, vid);
 
+	if (dropped)
+		goto out;
+
 	/* If BLA is enabled, only forward ARP replies if we have claimed the
 	 * source of the ARP reply or if no one else of the same backbone has
 	 * already claimed that client. This prevents that different gateways
-- 
2.11.0

Re: [B.A.T.M.A.N.] [PATCH] batman-adv: allow updating DAT entry timeouts on incoming ARP Replies

[Sven Eckelmann]

[-- Attachment #1: Type: text/plain, Size: 1459 bytes --]

On Thursday, 14 February 2019 16:52:43 CET Linus Lüssing wrote:
> Currently incoming ARP Replies, for example via a DHT-PUT message, do
> not update the timeout for an already existing DAT entry. These ARP
> Replies are dropped instead.
> 
> This however defeats the purpose of the DHCPACK snooping, for instance.
> Right now, a DAT entry in the DHT will be purged every five minutes,
> likely leading to a mesh-wide ARP Request broadcast after this timeout.
> Which then recreates the entry. The idea of the DHCPACK snooping is to
> be able to update an entry before a timeout happens, to avoid ARP Request
> flooding.
> 
> This patch fixes this issue by updating a DAT entry on incoming
> ARP Replies even if a matching DAT entry already exists. While still
> filtering the ARP Reply towards the soft-interface, to avoid duplicate
> messages on the client device side.
> 
> Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
> ---
> 
> This patch was verified in VMs via gratuitous ARP Replies generated by
> "mausezahn", together with the
> "batman-adv: allow snooping gratuitous ARP Replies" patch.
> 
> Before this patch, the timeout observed via "batctl dc" would continue
> to increase on gratuitous ARP Reply reception. After this patch, the
> last-seen value was reset to 0 successfully.
> ---


@Antonio: Any opinions about the patch [1]?

Kind regards,
	Sven

[1] https://patchwork.open-mesh.org/patch/17828/

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [B.A.T.M.A.N.] [PATCH] batman-adv: allow updating DAT entry timeouts on incoming ARP Replies

[Antonio Quartulli]

[-- Attachment #1.1: Type: text/plain, Size: 2685 bytes --]

Hi,

On 14/02/2019 16:52, Linus Lüssing wrote:
> Currently incoming ARP Replies, for example via a DHT-PUT message, do
> not update the timeout for an already existing DAT entry. These ARP
> Replies are dropped instead.
> 
> This however defeats the purpose of the DHCPACK snooping, for instance.
> Right now, a DAT entry in the DHT will be purged every five minutes,
> likely leading to a mesh-wide ARP Request broadcast after this timeout.
> Which then recreates the entry. The idea of the DHCPACK snooping is to
> be able to update an entry before a timeout happens, to avoid ARP Request
> flooding.
> 
> This patch fixes this issue by updating a DAT entry on incoming
> ARP Replies even if a matching DAT entry already exists. While still
> filtering the ARP Reply towards the soft-interface, to avoid duplicate
> messages on the client device side.
> 
> Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
> ---
> 
> This patch was verified in VMs via gratuitous ARP Replies generated by
> "mausezahn", together with the
> "batman-adv: allow snooping gratuitous ARP Replies" patch.
> 
> Before this patch, the timeout observed via "batctl dc" would continue
> to increase on gratuitous ARP Reply reception. After this patch, the
> last-seen value was reset to 0 successfully.
> ---
>  net/batman-adv/distributed-arp-table.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
> index 310a4f35..8d290da0 100644
> --- a/net/batman-adv/distributed-arp-table.c
> +++ b/net/batman-adv/distributed-arp-table.c
> @@ -1444,7 +1444,6 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
>  			   hw_src, &ip_src, hw_dst, &ip_dst,
>  			   dat_entry->mac_addr,	&dat_entry->ip);
>  		dropped = true;
> -		goto out;
>  	}
>  
>  	/* Update our internal cache with both the IP addresses the node got
> @@ -1453,6 +1452,9 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
>  	batadv_dat_entry_add(bat_priv, ip_src, hw_src, vid);
>  	batadv_dat_entry_add(bat_priv, ip_dst, hw_dst, vid);
>  
> +	if (dropped)
> +		goto out;
> +
>  	/* If BLA is enabled, only forward ARP replies if we have claimed the
>  	 * source of the ARP reply or if no one else of the same backbone has
>  	 * already claimed that client. This prevents that different gateways
> 

The patch makes sense, especially because this change will allow to
"refresh" entries before they expire (No matter how the ARP reply was
generated)

Acked-by: Antonio Quartulli <a@unstable.cc>


-- 
Antonio Quartulli


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]