| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250701144216.823867-3-idosch@nvidia.com>
Date: Tue, 1 Jul 2025 17:42:16 +0300
From: Ido Schimmel <idosch@...dia.com>
To: <netdev@...r.kernel.org>
CC: <dsahern@...il.com>, <stephen@...workplumber.org>, <petrm@...dia.com>,
"Ido Schimmel" <idosch@...dia.com>
Subject: [PATCH iproute2-next 2/2] ip neigh: Add support for "extern_valid" flag
Add support for the recently added "extern_valid" flag that can be used
to indicate to the kernel that a neighbor entry was learned and
determined to be valid externally. The kernel will not remove or
invalidate the entry, but it can probe the entry and notify user space
when the entry becomes reachable. The kernel will return the entry to
stale state if it did not receive a confirmation after probing the
entry.
Example usage and output:
# ip neigh add 192.0.2.1 nud none dev br0.10 extern_valid
Error: Cannot create externally validated neighbor with an invalid state.
# ip neigh add 192.0.2.1 lladdr 00:11:22:33:44:55 nud stale dev br0.10 extern_valid
$ ip neigh show dev br0.10
192.0.2.1 lladdr 00:11:22:33:44:55 extern_valid STALE
$ ip -j -p neigh show dev br0.10
[ {
"dst": "192.0.2.1",
"lladdr": "00:11:22:33:44:55",
"extern_valid": null,
"state": [ "STALE" ]
} ]
Signed-off-by: Ido Schimmel <idosch@...dia.com>
---
ip/ipneigh.c | 6 +++++-
man/man8/ip-neighbour.8 | 10 +++++++++-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/ip/ipneigh.c b/ip/ipneigh.c
index bd7f44e10426..e678545ad535 100644
--- a/ip/ipneigh.c
+++ b/ip/ipneigh.c
@@ -47,7 +47,7 @@ static void usage(void)
"Usage: ip neigh { add | del | change | replace }\n"
" { ADDR [ lladdr LLADDR ] [ nud STATE ] proxy ADDR }\n"
" [ dev DEV ] [ router ] [ use ] [ managed ] [ extern_learn ]\n"
- " [ protocol PROTO ]\n"
+ " [ extern_valid ] [ protocol PROTO ]\n"
"\n"
" ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n"
" [ vrf NAME ] [ nomaster ]\n"
@@ -152,6 +152,8 @@ static int ipneigh_modify(int cmd, int flags, int argc, char **argv)
req.ndm.ndm_state = NUD_NONE;
} else if (matches(*argv, "extern_learn") == 0) {
req.ndm.ndm_flags |= NTF_EXT_LEARNED;
+ } else if (strcmp(*argv, "extern_valid") == 0) {
+ ext_flags |= NTF_EXT_EXT_VALIDATED;
} else if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
dev = *argv;
@@ -446,6 +448,8 @@ int print_neigh(struct nlmsghdr *n, void *arg)
print_null(PRINT_ANY, "extern_learn", "%s ", "extern_learn");
if (r->ndm_flags & NTF_OFFLOADED)
print_null(PRINT_ANY, "offload", "%s ", "offload");
+ if (ext_flags & NTF_EXT_EXT_VALIDATED)
+ print_null(PRINT_ANY, "extern_valid", "%s ", "extern_valid");
if (show_stats) {
if (tb[NDA_CACHEINFO])
diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8
index 6fed47ced857..1f890c0d0c7c 100644
--- a/man/man8/ip-neighbour.8
+++ b/man/man8/ip-neighbour.8
@@ -27,7 +27,8 @@ ip-neighbour \- neighbour/arp tables management.
.BR router " ] [ "
.BR use " ] [ "
.BR managed " ] [ "
-.BR extern_learn " ]"
+.BR extern_learn " ] [ "
+.BR extern_valid " ]"
.ti -8
.BR "ip neigh" " { " show " | " flush " } [ " proxy " ] [ " to
@@ -115,6 +116,13 @@ this neigh entry was learned externally. This option can be used to
indicate to the kernel that this is a controller learnt dynamic entry.
Kernel will not gc such an entry.
+.TP
+.BI extern_valid
+this neigh entry was learned and determined to be valid externally. The kernel
+will not remove or invalidate the entry, but it can probe the entry and notify
+user space when the entry becomes reachable. The kernel will return the entry
+to stale state if it did not receive a confirmation after probing the entry.
+
.TP
.BI lladdr " LLADDRESS"
the link layer address of the neighbour.
--
2.50.0
Powered by blists - more mailing lists