lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250701144216.823867-3-idosch@nvidia.com>
Date: Tue, 1 Jul 2025 17:42:16 +0300
From: Ido Schimmel <idosch@...dia.com>
To: <netdev@...r.kernel.org>
CC: <dsahern@...il.com>, <stephen@...workplumber.org>, <petrm@...dia.com>,
	"Ido Schimmel" <idosch@...dia.com>
Subject: [PATCH iproute2-next 2/2] ip neigh: Add support for "extern_valid" flag

Add support for the recently added "extern_valid" flag that can be used
to indicate to the kernel that a neighbor entry was learned and
determined to be valid externally. The kernel will not remove or
invalidate the entry, but it can probe the entry and notify user space
when the entry becomes reachable. The kernel will return the entry to
stale state if it did not receive a confirmation after probing the
entry.

Example usage and output:

 # ip neigh add 192.0.2.1 nud none dev br0.10 extern_valid
 Error: Cannot create externally validated neighbor with an invalid state.
 # ip neigh add 192.0.2.1 lladdr 00:11:22:33:44:55 nud stale dev br0.10 extern_valid
 $ ip neigh show dev br0.10
 192.0.2.1 lladdr 00:11:22:33:44:55 extern_valid STALE
 $ ip -j -p neigh show dev br0.10
 [ {
         "dst": "192.0.2.1",
         "lladdr": "00:11:22:33:44:55",
         "extern_valid": null,
         "state": [ "STALE" ]
     } ]

Signed-off-by: Ido Schimmel <idosch@...dia.com>
---
 ip/ipneigh.c            |  6 +++++-
 man/man8/ip-neighbour.8 | 10 +++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/ip/ipneigh.c b/ip/ipneigh.c
index bd7f44e10426..e678545ad535 100644
--- a/ip/ipneigh.c
+++ b/ip/ipneigh.c
@@ -47,7 +47,7 @@ static void usage(void)
 		"Usage: ip neigh { add | del | change | replace }\n"
 		"                { ADDR [ lladdr LLADDR ] [ nud STATE ] proxy ADDR }\n"
 		"                [ dev DEV ] [ router ] [ use ] [ managed ] [ extern_learn ]\n"
-		"                [ protocol PROTO ]\n"
+		"                [ extern_valid ] [ protocol PROTO ]\n"
 		"\n"
 		"	ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n"
 		"				  [ vrf NAME ] [ nomaster ]\n"
@@ -152,6 +152,8 @@ static int ipneigh_modify(int cmd, int flags, int argc, char **argv)
 			req.ndm.ndm_state = NUD_NONE;
 		} else if (matches(*argv, "extern_learn") == 0) {
 			req.ndm.ndm_flags |= NTF_EXT_LEARNED;
+		} else if (strcmp(*argv, "extern_valid") == 0) {
+			ext_flags |= NTF_EXT_EXT_VALIDATED;
 		} else if (strcmp(*argv, "dev") == 0) {
 			NEXT_ARG();
 			dev = *argv;
@@ -446,6 +448,8 @@ int print_neigh(struct nlmsghdr *n, void *arg)
 		print_null(PRINT_ANY, "extern_learn", "%s ", "extern_learn");
 	if (r->ndm_flags & NTF_OFFLOADED)
 		print_null(PRINT_ANY, "offload", "%s ", "offload");
+	if (ext_flags & NTF_EXT_EXT_VALIDATED)
+		print_null(PRINT_ANY, "extern_valid", "%s ", "extern_valid");
 
 	if (show_stats) {
 		if (tb[NDA_CACHEINFO])
diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8
index 6fed47ced857..1f890c0d0c7c 100644
--- a/man/man8/ip-neighbour.8
+++ b/man/man8/ip-neighbour.8
@@ -27,7 +27,8 @@ ip-neighbour \- neighbour/arp tables management.
 .BR router " ] [ "
 .BR use " ] [ "
 .BR managed " ] [ "
-.BR extern_learn " ]"
+.BR extern_learn " ] [ "
+.BR extern_valid " ]"
 
 .ti -8
 .BR "ip neigh" " { " show " | " flush " } [ " proxy " ] [ " to
@@ -115,6 +116,13 @@ this neigh entry was learned externally. This option can be used to
 indicate to the kernel that this is a controller learnt dynamic entry.
 Kernel will not gc such an entry.
 
+.TP
+.BI extern_valid
+this neigh entry was learned and determined to be valid externally. The kernel
+will not remove or invalidate the entry, but it can probe the entry and notify
+user space when the entry becomes reachable. The kernel will return the entry
+to stale state if it did not receive a confirmation after probing the entry.
+
 .TP
 .BI lladdr " LLADDRESS"
 the link layer address of the neighbour.
-- 
2.50.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ