From 4ee8cf8734d24c7ba78700c21dff561207d4ed1a Mon Sep 17 00:00:00 2001
From: Ghanan Gowripalan <ghanan@google.com>
Date: Sun, 31 Jan 2021 11:31:55 -0800
Subject: Use different neighbor tables per network endpoint

This stores each protocol's neighbor state separately.

This change also removes the need for each neighbor entry to keep
track of their own link address resolver now that all the entries
in a cache will use the same resolver.

PiperOrigin-RevId: 354818155
---
 pkg/tcpip/network/arp/arp.go        | 18 +++++++++++++++---
 pkg/tcpip/network/arp/arp_test.go   |  4 ++--
 pkg/tcpip/network/ip_test.go        |  6 ++++--
 pkg/tcpip/network/ipv6/icmp.go      | 38 ++++++++++++++++++++++++++++++-------
 pkg/tcpip/network/ipv6/icmp_test.go |  6 ++++--
 pkg/tcpip/network/ipv6/ndp_test.go  | 20 +++++++++----------
 6 files changed, 66 insertions(+), 26 deletions(-)

(limited to 'pkg/tcpip/network')

diff --git a/pkg/tcpip/network/arp/arp.go b/pkg/tcpip/network/arp/arp.go
index 5fd4c5574..0d7fadc31 100644
--- a/pkg/tcpip/network/arp/arp.go
+++ b/pkg/tcpip/network/arp/arp.go
@@ -148,7 +148,13 @@ func (e *endpoint) HandlePacket(pkt *stack.PacketBuffer) {
 		remoteAddr := tcpip.Address(h.ProtocolAddressSender())
 		remoteLinkAddr := tcpip.LinkAddress(h.HardwareAddressSender())
 
-		e.nic.HandleNeighborProbe(remoteAddr, remoteLinkAddr, e)
+		switch err := e.nic.HandleNeighborProbe(header.IPv4ProtocolNumber, remoteAddr, remoteLinkAddr); err.(type) {
+		case nil:
+		case *tcpip.ErrNotSupported:
+			// The stack may support ARP but the NIC may not need link resolution.
+		default:
+			panic(fmt.Sprintf("unexpected error when informing NIC of neighbor probe message: %s", err))
+		}
 
 		respPkt := stack.NewPacketBuffer(stack.PacketBufferOptions{
 			ReserveHeaderBytes: int(e.nic.MaxHeaderLength()) + header.ARPSize,
@@ -190,7 +196,7 @@ func (e *endpoint) HandlePacket(pkt *stack.PacketBuffer) {
 
 		// The solicited, override, and isRouter flags are not available for ARP;
 		// they are only available for IPv6 Neighbor Advertisements.
-		e.nic.HandleNeighborConfirmation(addr, linkAddr, stack.ReachabilityConfirmationFlags{
+		switch err := e.nic.HandleNeighborConfirmation(header.IPv4ProtocolNumber, addr, linkAddr, stack.ReachabilityConfirmationFlags{
 			// Solicited and unsolicited (also referred to as gratuitous) ARP Replies
 			// are handled equivalently to a solicited Neighbor Advertisement.
 			Solicited: true,
@@ -199,7 +205,13 @@ func (e *endpoint) HandlePacket(pkt *stack.PacketBuffer) {
 			Override: false,
 			// ARP does not distinguish between router and non-router hosts.
 			IsRouter: false,
-		})
+		}); err.(type) {
+		case nil:
+		case *tcpip.ErrNotSupported:
+		// The stack may support ARP but the NIC may not need link resolution.
+		default:
+			panic(fmt.Sprintf("unexpected error when informing NIC of neighbor confirmation message: %s", err))
+		}
 	}
 }
 
diff --git a/pkg/tcpip/network/arp/arp_test.go b/pkg/tcpip/network/arp/arp_test.go
index d753a97af..24357e15d 100644
--- a/pkg/tcpip/network/arp/arp_test.go
+++ b/pkg/tcpip/network/arp/arp_test.go
@@ -491,9 +491,9 @@ func TestDirectRequestWithNeighborCache(t *testing.T) {
 				t.Fatal(err)
 			}
 
-			neighbors, err := c.s.Neighbors(nicID)
+			neighbors, err := c.s.Neighbors(nicID, ipv4.ProtocolNumber)
 			if err != nil {
-				t.Fatalf("c.s.Neighbors(%d): %s", nicID, err)
+				t.Fatalf("c.s.Neighbors(%d, %d): %s", nicID, ipv4.ProtocolNumber, err)
 			}
 
 			neighborByAddr := make(map[tcpip.Address]stack.NeighborEntry)
diff --git a/pkg/tcpip/network/ip_test.go b/pkg/tcpip/network/ip_test.go
index 291330e8e..8d155344b 100644
--- a/pkg/tcpip/network/ip_test.go
+++ b/pkg/tcpip/network/ip_test.go
@@ -311,10 +311,12 @@ func (*testInterface) WritePacketToRemote(tcpip.LinkAddress, *stack.GSO, tcpip.N
 	return &tcpip.ErrNotSupported{}
 }
 
-func (*testInterface) HandleNeighborProbe(tcpip.Address, tcpip.LinkAddress, stack.LinkAddressResolver) {
+func (*testInterface) HandleNeighborProbe(tcpip.NetworkProtocolNumber, tcpip.Address, tcpip.LinkAddress) tcpip.Error {
+	return nil
 }
 
-func (*testInterface) HandleNeighborConfirmation(tcpip.Address, tcpip.LinkAddress, stack.ReachabilityConfirmationFlags) {
+func (*testInterface) HandleNeighborConfirmation(tcpip.NetworkProtocolNumber, tcpip.Address, tcpip.LinkAddress, stack.ReachabilityConfirmationFlags) tcpip.Error {
+	return nil
 }
 
 func TestSourceAddressValidation(t *testing.T) {
diff --git a/pkg/tcpip/network/ipv6/icmp.go b/pkg/tcpip/network/ipv6/icmp.go
index bdc88fe5d..12e5ead5e 100644
--- a/pkg/tcpip/network/ipv6/icmp.go
+++ b/pkg/tcpip/network/ipv6/icmp.go
@@ -290,7 +290,13 @@ func (e *endpoint) handleICMP(pkt *stack.PacketBuffer, hasFragmentHeader bool) {
 			received.invalid.Increment()
 			return
 		} else {
-			e.nic.HandleNeighborProbe(srcAddr, sourceLinkAddr, e)
+			switch err := e.nic.HandleNeighborProbe(ProtocolNumber, srcAddr, sourceLinkAddr); err.(type) {
+			case nil:
+			case *tcpip.ErrNotSupported:
+			// The stack may support ICMPv6 but the NIC may not need link resolution.
+			default:
+				panic(fmt.Sprintf("unexpected error when informing NIC of neighbor probe message: %s", err))
+			}
 		}
 
 		// As per RFC 4861 section 7.1.1:
@@ -456,11 +462,17 @@ func (e *endpoint) handleICMP(pkt *stack.PacketBuffer, hasFragmentHeader bool) {
 
 		// If the NA message has the target link layer option, update the link
 		// address cache with the link address for the target of the message.
-		e.nic.HandleNeighborConfirmation(targetAddr, targetLinkAddr, stack.ReachabilityConfirmationFlags{
+		switch err := e.nic.HandleNeighborConfirmation(ProtocolNumber, targetAddr, targetLinkAddr, stack.ReachabilityConfirmationFlags{
 			Solicited: na.SolicitedFlag(),
 			Override:  na.OverrideFlag(),
 			IsRouter:  na.RouterFlag(),
-		})
+		}); err.(type) {
+		case nil:
+		case *tcpip.ErrNotSupported:
+		// The stack may support ICMPv6 but the NIC may not need link resolution.
+		default:
+			panic(fmt.Sprintf("unexpected error when informing NIC of neighbor confirmation message: %s", err))
+		}
 
 	case header.ICMPv6EchoRequest:
 		received.echoRequest.Increment()
@@ -566,9 +578,15 @@ func (e *endpoint) handleICMP(pkt *stack.PacketBuffer, hasFragmentHeader bool) {
 				return
 			}
 
-			// A RS with a specified source IP address modifies the NUD state
-			// machine in the same way a reachability probe would.
-			e.nic.HandleNeighborProbe(srcAddr, sourceLinkAddr, e)
+			// A RS with a specified source IP address modifies the neighbor table
+			// in the same way a regular probe would.
+			switch err := e.nic.HandleNeighborProbe(ProtocolNumber, srcAddr, sourceLinkAddr); err.(type) {
+			case nil:
+			case *tcpip.ErrNotSupported:
+			// The stack may support ICMPv6 but the NIC may not need link resolution.
+			default:
+				panic(fmt.Sprintf("unexpected error when informing NIC of neighbor probe message: %s", err))
+			}
 		}
 
 	case header.ICMPv6RouterAdvert:
@@ -617,7 +635,13 @@ func (e *endpoint) handleICMP(pkt *stack.PacketBuffer, hasFragmentHeader bool) {
 		// If the RA has the source link layer option, update the link address
 		// cache with the link address for the advertised router.
 		if len(sourceLinkAddr) != 0 {
-			e.nic.HandleNeighborProbe(routerAddr, sourceLinkAddr, e)
+			switch err := e.nic.HandleNeighborProbe(ProtocolNumber, routerAddr, sourceLinkAddr); err.(type) {
+			case nil:
+			case *tcpip.ErrNotSupported:
+			// The stack may support ICMPv6 but the NIC may not need link resolution.
+			default:
+				panic(fmt.Sprintf("unexpected error when informing NIC of neighbor probe message: %s", err))
+			}
 		}
 
 		e.mu.Lock()
diff --git a/pkg/tcpip/network/ipv6/icmp_test.go b/pkg/tcpip/network/ipv6/icmp_test.go
index 755293377..4374d0198 100644
--- a/pkg/tcpip/network/ipv6/icmp_test.go
+++ b/pkg/tcpip/network/ipv6/icmp_test.go
@@ -139,12 +139,14 @@ func (t *testInterface) WritePacketToRemote(remoteLinkAddr tcpip.LinkAddress, gs
 	return t.LinkEndpoint.WritePacket(r, gso, protocol, pkt)
 }
 
-func (t *testInterface) HandleNeighborProbe(tcpip.Address, tcpip.LinkAddress, stack.LinkAddressResolver) {
+func (t *testInterface) HandleNeighborProbe(tcpip.NetworkProtocolNumber, tcpip.Address, tcpip.LinkAddress) tcpip.Error {
 	t.probeCount++
+	return nil
 }
 
-func (t *testInterface) HandleNeighborConfirmation(tcpip.Address, tcpip.LinkAddress, stack.ReachabilityConfirmationFlags) {
+func (t *testInterface) HandleNeighborConfirmation(tcpip.NetworkProtocolNumber, tcpip.Address, tcpip.LinkAddress, stack.ReachabilityConfirmationFlags) tcpip.Error {
 	t.confirmationCount++
+	return nil
 }
 
 func TestICMPCounts(t *testing.T) {
diff --git a/pkg/tcpip/network/ipv6/ndp_test.go b/pkg/tcpip/network/ipv6/ndp_test.go
index 4cc81e6cc..e0245487b 100644
--- a/pkg/tcpip/network/ipv6/ndp_test.go
+++ b/pkg/tcpip/network/ipv6/ndp_test.go
@@ -338,18 +338,18 @@ func TestNeighborSolicitationWithSourceLinkLayerOptionUsingNeighborCache(t *test
 				Data: hdr.View().ToVectorisedView(),
 			}))
 
-			neighbors, err := s.Neighbors(nicID)
+			neighbors, err := s.Neighbors(nicID, ProtocolNumber)
 			if err != nil {
-				t.Fatalf("s.Neighbors(%d): %s", nicID, err)
+				t.Fatalf("s.Neighbors(%d, %d): %s", nicID, ProtocolNumber, err)
 			}
 
 			neighborByAddr := make(map[tcpip.Address]stack.NeighborEntry)
 			for _, n := range neighbors {
 				if existing, ok := neighborByAddr[n.Addr]; ok {
 					if diff := cmp.Diff(existing, n); diff != "" {
-						t.Fatalf("s.Neighbors(%d) returned unexpected duplicate neighbor entry (-existing +got):\n%s", nicID, diff)
+						t.Fatalf("s.Neighbors(%d, %d) returned unexpected duplicate neighbor entry (-existing +got):\n%s", nicID, ProtocolNumber, diff)
 					}
-					t.Fatalf("s.Neighbors(%d) returned unexpected duplicate neighbor entry: %#v", nicID, existing)
+					t.Fatalf("s.Neighbors(%d, %d) returned unexpected duplicate neighbor entry: %#v", nicID, ProtocolNumber, existing)
 				}
 				neighborByAddr[n.Addr] = n
 			}
@@ -907,18 +907,18 @@ func TestNeighborAdvertisementWithTargetLinkLayerOptionUsingNeighborCache(t *tes
 				Data: hdr.View().ToVectorisedView(),
 			}))
 
-			neighbors, err := s.Neighbors(nicID)
+			neighbors, err := s.Neighbors(nicID, ProtocolNumber)
 			if err != nil {
-				t.Fatalf("s.Neighbors(%d): %s", nicID, err)
+				t.Fatalf("s.Neighbors(%d, %d): %s", nicID, ProtocolNumber, err)
 			}
 
 			neighborByAddr := make(map[tcpip.Address]stack.NeighborEntry)
 			for _, n := range neighbors {
 				if existing, ok := neighborByAddr[n.Addr]; ok {
 					if diff := cmp.Diff(existing, n); diff != "" {
-						t.Fatalf("s.Neighbors(%d) returned unexpected duplicate neighbor entry (-existing +got):\n%s", nicID, diff)
+						t.Fatalf("s.Neighbors(%d, %d) returned unexpected duplicate neighbor entry (-existing +got):\n%s", nicID, ProtocolNumber, diff)
 					}
-					t.Fatalf("s.Neighbors(%d) returned unexpected duplicate neighbor entry: %#v", nicID, existing)
+					t.Fatalf("s.Neighbors(%d, %d) returned unexpected duplicate neighbor entry: %#v", nicID, ProtocolNumber, existing)
 				}
 				neighborByAddr[n.Addr] = n
 			}
@@ -1277,8 +1277,8 @@ func TestNeighborAdvertisementValidation(t *testing.T) {
 			//   There is no need to create an entry if none exists, since the
 			//   recipient has apparently not initiated any communication with the
 			//   target.
-			if neighbors, err := s.Neighbors(nicID); err != nil {
-				t.Fatalf("s.Neighbors(%d): %s", nicID, err)
+			if neighbors, err := s.Neighbors(nicID, ProtocolNumber); err != nil {
+				t.Fatalf("s.Neighbors(%d, %d): %s", nicID, ProtocolNumber, err)
 			} else if len(neighbors) != 0 {
 				t.Fatalf("got len(neighbors) = %d, want = 0; neighbors = %#v", len(neighbors), neighbors)
 			}
-- 
cgit v1.2.3