summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorGhanan Gowripalan <ghanan@google.com>2021-01-13 17:09:44 -0800
committergVisor bot <gvisor-bot@google.com>2021-01-13 17:12:29 -0800
commitc49ce8ca8ab988fd548419c522caf45bda90317b (patch)
tree3429eeeac9831c59d40f17e6a15527767eca0e4e
parent25b5ec7135a6de80674ac1ad4d2289c29e156f42 (diff)
Clear neighbor table on NIC down
Note, this includes static entries to match linux's behaviour. ``` $ ip neigh show dev eth0 192.168.42.1 lladdr fc:ec:da:70:6e:f9 STALE $ sudo ip neigh add 192.168.42.172 lladdr 22:33:44:55:66:77 dev eth0 $ ip neigh show dev eth0 192.168.42.1 lladdr fc:ec:da:70:6e:f9 STALE 192.168.42.172 lladdr 22:33:44:55:66:77 PERMANENT $ sudo ifconfig eth0 down $ ip neigh show dev eth0 $ sudo ifconfig eth0 up $ ip neigh show dev eth0 ``` Test: stack_test.TestClearNeighborCacheOnNICDisable PiperOrigin-RevId: 351696306
-rw-r--r--pkg/tcpip/stack/nic.go10
-rw-r--r--pkg/tcpip/stack/stack_test.go52
2 files changed, 62 insertions, 0 deletions
diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go
index 4a34805b5..8a946b4fa 100644
--- a/pkg/tcpip/stack/nic.go
+++ b/pkg/tcpip/stack/nic.go
@@ -217,6 +217,16 @@ func (n *NIC) disableLocked() {
ep.Disable()
}
+ // Clear the neighbour table (including static entries) as we cannot guarantee
+ // that the current neighbour table will be valid when the NIC is enabled
+ // again.
+ //
+ // This matches linux's behaviour at the time of writing:
+ // https://github.com/torvalds/linux/blob/71c061d2443814de15e177489d5cc00a4a253ef3/net/core/neighbour.c#L371
+ if err := n.clearNeighbors(); err != nil && err != tcpip.ErrNotSupported {
+ panic(fmt.Sprintf("n.clearNeighbors(): %s", err))
+ }
+
if !n.setEnabled(false) {
panic("should have only done work to disable the NIC if it was enabled")
}
diff --git a/pkg/tcpip/stack/stack_test.go b/pkg/tcpip/stack/stack_test.go
index 856ebf6d4..4a3f937e3 100644
--- a/pkg/tcpip/stack/stack_test.go
+++ b/pkg/tcpip/stack/stack_test.go
@@ -4305,3 +4305,55 @@ func TestWritePacketToRemote(t *testing.T) {
}
})
}
+
+func TestClearNeighborCacheOnNICDisable(t *testing.T) {
+ const (
+ nicID = 1
+
+ ipv4Addr = tcpip.Address("\x01\x02\x03\x04")
+ ipv6Addr = tcpip.Address("\x01\x02\x03\x04\x01\x02\x03\x04\x01\x02\x03\x04\x01\x02\x03\x04")
+ linkAddr = tcpip.LinkAddress("\x02\x02\x03\x04\x05\x06")
+ )
+
+ s := stack.New(stack.Options{
+ NetworkProtocols: []stack.NetworkProtocolFactory{arp.NewProtocol, ipv4.NewProtocol, ipv6.NewProtocol},
+ UseNeighborCache: true,
+ })
+ e := channel.New(0, 0, "")
+ e.LinkEPCapabilities |= stack.CapabilityResolutionRequired
+ if err := s.CreateNIC(nicID, e); err != nil {
+ t.Fatalf("CreateNIC(%d, _) = %s", nicID, err)
+ }
+
+ if err := s.AddStaticNeighbor(nicID, ipv4Addr, linkAddr); err != nil {
+ t.Fatalf("s.AddStaticNeighbor(%d, %s, %s): %s", nicID, ipv4Addr, linkAddr, err)
+ }
+ if err := s.AddStaticNeighbor(nicID, ipv6Addr, linkAddr); err != nil {
+ t.Fatalf("s.AddStaticNeighbor(%d, %s, %s): %s", nicID, ipv6Addr, linkAddr, err)
+ }
+ if neighbors, err := s.Neighbors(nicID); err != nil {
+ t.Fatalf("s.Neighbors(%d): %s", nicID, err)
+ } else if len(neighbors) != 2 {
+ t.Fatalf("got len(neighbors) = %d, want = 2; neighbors = %#v", len(neighbors), neighbors)
+ }
+
+ // Disabling the NIC should clear the neighbor table.
+ if err := s.DisableNIC(nicID); err != nil {
+ t.Fatalf("s.DisableNIC(%d): %s", nicID, err)
+ }
+ if neighbors, err := s.Neighbors(nicID); err != nil {
+ t.Fatalf("s.Neighbors(%d): %s", nicID, err)
+ } else if len(neighbors) != 0 {
+ t.Fatalf("got len(neighbors) = %d, want = 0; neighbors = %#v", len(neighbors), neighbors)
+ }
+
+ // Enabling the NIC should have an empty neighbor table.
+ if err := s.EnableNIC(nicID); err != nil {
+ t.Fatalf("s.EnableNIC(%d): %s", nicID, err)
+ }
+ if neighbors, err := s.Neighbors(nicID); err != nil {
+ t.Fatalf("s.Neighbors(%d): %s", nicID, err)
+ } else if len(neighbors) != 0 {
+ t.Fatalf("got len(neighbors) = %d, want = 0; neighbors = %#v", len(neighbors), neighbors)
+ }
+}