cinap_lenrek [Fri, 11 May 2018 20:37:28 +0000 (22:37 +0200)]
ndb/dns: lookup *all* entries in dblookup(), v4 and v6 queries in parallel, remove weigthed timeouts
dblookup() used to only return the first matching entry. in
case of ipv6, we want all entries returned to get both v4
and v6 addresses... and these might not neccesarily be in
the same entry (see /lib/ndb/common). note also this makes
it behave the same as in cachedb mode which reads in the
whole database.
we do not know if v4 or v6 routing works, so the simplest
is just to query v4 and v6 nameservers in parallel. this is
done by changing serveraddrs() to return one address type,
and we make sure to get at least one v4 and one v6 address
each round.
get rid of the weigthed timeout code... there where too many
assumptions. instead, we give a round 500ms timeout (or 1 second
in patient mode) and honor the maximum query time.
cinap_lenrek [Tue, 1 May 2018 21:32:28 +0000 (23:32 +0200)]
ip/ipconfig: populate /net/ndb from v6 router advertisements, configure multiple addresses in ndbconfig()
we now update /net/ndb with the following information gathered
from router advertisements (rfc6106 and plan9 specific options):
- recursive dns servers (option 25, ndb: dns=)
- dns search list (option 31, ndb: dnsdomain=)
- plan9 fileserver (option 250, ndb: fs=)
- plan9 authserver (option 251, ndb: auth=)
note the plan9 specific options can be disabled with the -G flag.
for ndbconfig (-N flag), we now collect all ip addresses in ndb
belonging to the devices mac address and configue them all. v6
addresses are getting added when a link local address exists
or the -6 flag has been specified to automatically configure one.
move the dhcp code in its own dhcp.c file and make symbols static
that are not used across modules.
cinap_lenrek [Tue, 1 May 2018 20:17:27 +0000 (22:17 +0200)]
ndb/cs: fix crash in ndbredorder due to ndbnew() not maintaining the ->line ring
we have to maintain the ->line chain for ndbreorder() to work, so add
a little helper: ndbline() which replicates the ->entry chain and links
the last tuple to the first; makeing the whole list into a single line.
there appears to be confusion about the refresh flag of arpenter().
when we get an arp reply, it makes more sense to just refresh
waiting/existing entries instead creating a new one as we do not
know if we are going to communicate with the remote host in the future.
when we see an arp request for ourselfs however, we want to always
enter the senders address into the arp cache as it is likely the sender
attempts to communicate with us and with the arp entry, we can reply
immidiately.
reject senders from multicast/broadcast mac addresses. thats just silly.
we can get rid of the multicast/broadcast ip checks in ethermedium and
do it in arpenter() instead, checking the route type for the target to
see if its a non unicast target.
enforce strict separation of interface's arp entries by passing a
rlock'd ifc explicitely to arpenter, which we compare against the route
target interface. this makes sure arp/ndp replies only affect entries for
the receiving interface.
handle neighbor solicitation retransmission in nbsendsol() only. that is,
both ethermedium and the rxmitproc just call nbsendsol() which maintains
the timers and counters and handles the rotation on the re-transmission
chain.
devip: verify ifcid on routehint check, check Route.ref for free'd routes
v4lookup() and v6lookup() do not acquire the routelock, so it is
possible to hit routes that are on the freelist. to detect these,
we set ref to 0 and check for this case, avoiding overriding the ifc.
re-evaluate routes when the ifcid on the route hint doesnt match.
cinap_lenrek [Mon, 19 Mar 2018 00:11:08 +0000 (01:11 +0100)]
devip: pick source address for neighbor solicitations as of rfc4861 7.2.2, cleanup
rfc4861 7.2.2:
If the source address of the packet prompting the solicitation is the
same as one of the addresses assigned to the outgoing interface, that
address SHOULD be placed in the IP Source Address of the outgoing
solicitation.
this change adds ndbsendsol() which handles the source address selection
and also handles the arp table locking; avoiding access to the arp entry
after the arp table is unlocked.
cleanups:
- use ipmove() instead of memmove().
- useless extern qualifiers
cinap_lenrek [Sun, 18 Mar 2018 06:50:48 +0000 (07:50 +0100)]
devip: more v6 improvements
ipv4local() and ipv6local() now take remote address argument,
returning the closest local address to the source. this
implements the standartized source address selection rules
instead of just returning the first local v4 or v6 address.
the source address selection was broken for esp, rudp an udp,
blindly assuming ifc->lifc->local being a valid v4 address.
use ipv6local() instead.
the v6 routing code used to lookup source address route to
decide to drop the packet instead of checking the interface
on the destination route.
factor out the route hint from Conv and put it in Routehint
structure. avoiding stack bloat in v4 routing. implement the
same trick for v6 avoiding second route lookup in ipoput6.
fix memory leak in icmpv6 router solicitation handling.
remove old unfinished handling of multiple v6 routers. should
implement source specific routes instead.
avoid duplication, use common convipvers() function.