• Daniel Borkmann's avatar
    net, neigh: Add NTF_MANAGED flag for managed neighbor entries · 7482e384
    Daniel Borkmann authored
    Allow a user space control plane to insert entries with a new NTF_EXT_MANAGED
    flag. The flag then indicates to the kernel that the neighbor entry should be
    periodically probed for keeping the entry in NUD_REACHABLE state iff possible.
    
    The use case for this is targeting XDP or tc BPF load-balancers which use
    the bpf_fib_lookup() BPF helper in order to piggyback on neighbor resolution
    for their backends. Given they cannot be resolved in fast-path, a control
    plane inserts the L3 (without L2) entries manually into the neighbor table
    and lets the kernel do the neighbor resolution either on the gateway or on
    the backend directly in case the latter resides in the same L2. This avoids
    to deal with L2 in the control plane and to rebuild what the kernel already
    does best anyway.
    
    NTF_EXT_MANAGED can be combined with NTF_EXT_LEARNED in order to avoid GC
    eviction. The kernel then adds NTF_MANAGED flagged entries to a per-neighbor
    table which gets triggered by the system work queue to periodically call
    neigh_event_send() for performing the resolution. The implementation allows
    migration from/to NTF_MANAGED neighbor entries, so that already existing
    entries can be converted by the control plane if needed. Potentially, we could
    make the interval for periodically calling neigh_event_send() configurable;
    right now it's set to DELAY_PROBE_TIME which is also in line with mlxsw which
    has similar driver-internal infrastructure c723c735 ("mlxsw: spectrum_router:
    Periodically update the kernel's neigh table"). In future, the latter could
    possibly reuse the NTF_MANAGED neighbors as well.
    
    Example:
    
      # ./ip/ip n replace 192.168.178.30 dev enp5s0 managed extern_learn
      # ./ip/ip n
      192.168.178.30 dev enp5s0 lladdr f4:8c:50:5e:71:9a managed extern_learn REACHABLE
      [...]
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Acked-by: default avatarRoopa Prabhu <roopa@nvidia.com>
    Link: https://linuxplumbersconf.org/event/11/contributions/953/Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    7482e384
neighbour.c 94.7 KB