1:01 p.m.
After the patch that removed the dummy tap device was added (commit
ee6c936fbb), IPv6 networks would no longer start due to a "failure to
complete DAD". Since this wait was only necessary because of the
existence of the dummy tap device (see detailed git log spelunking in
Patch 1 comment), we can just remove the wait.
Laine Stump (2):
network: don't wait for IPv6 DAD completion when starting a network
util: remove unused virNetDevIPWaitDadFinish()
src/libvirt_private.syms | 1 -
src/network/bridge_driver.c | 32 ----------
src/util/virnetdevip.c | 119 ------------------------------------
src/util/virnetdevip.h | 2 -
4 files changed, 154 deletions(-)
--
2.26.2
1:01 p.m.
New subject: [libvirt PATCH 1/2] network: don't wait for IPv6 DAD completion when starting a network
0f7436ca54 added code during virtual network startup to wait for DAD
(Duplicate Address Detection) to complete if there were any IPv6
addresses on the network. This wait was needed because (according to
the commit log) "created problems when [the "dummy" tap device] is set
to IFF_DOWN prior to DAD completing".
That commit in turn referenced commit db488c7917, which had added the
code to set the dummy tap device IFF_DOWN, commenting "DAD has
happened (dnsmasq waits for it)", and in its commit message pointed
out that if we just got rid of the dummy tap device this wouldn't be
needed.
Now that the dummy tap device has indeed been removed (commit
ee6c936fbb), there is no longer any need to set it IFF_DOWN, and thus
nothing requiring us to wait for DAD to complete. At any rate, with
the dummy tap device removed, leaving nothing else on the bridge when
it is first started, DAD never completes, leading to failure to start
any IPv6 network.
So, yes, this patch removes the wait for DAD completion, and IPv6
networks can once again start, and their associated dnsmasq process
starts successfully (this is the problem that the DAD wait was
originally intended to fix)
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/network/bridge_driver.c | 32 --------------------------------
1 file changed, 32 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 5c00befc16..87d7acab06 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2286,32 +2286,6 @@ networkAddRouteToBridge(virNetworkObjPtr obj,
return 0;
}
-static int
-networkWaitDadFinish(virNetworkObjPtr obj)
-{
- virNetworkDefPtr def = virNetworkObjGetDef(obj);
- virNetworkIPDefPtr ipdef;
- g_autofree virSocketAddrPtr *addrs = NULL;
- virSocketAddrPtr addr = NULL;
- size_t naddrs = 0;
- int ret = -1;
-
- VIR_DEBUG("Begin waiting for IPv6 DAD on network %s", def->name);
-
- while ((ipdef = virNetworkDefGetIPByIndex(def, AF_INET6, naddrs))) {
- addr = &ipdef->address;
- if (VIR_APPEND_ELEMENT_COPY(addrs, naddrs, addr) < 0)
- goto cleanup;
- }
-
- ret = (naddrs == 0) ? 0 : virNetDevIPWaitDadFinish(addrs, naddrs);
-
- cleanup:
- VIR_DEBUG("Finished waiting for IPv6 DAD on network %s with status %d",
- def->name, ret);
- return ret;
-}
-
static int
networkStartNetworkVirtual(virNetworkDriverStatePtr driver,
@@ -2444,12 +2418,6 @@ networkStartNetworkVirtual(virNetworkDriverStatePtr driver,
if (v6present && networkStartRadvd(driver, obj) < 0)
goto error;
- /* dnsmasq does not wait for DAD to complete before daemonizing,
- * so we need to wait for it ourselves.
- */
- if (v6present && networkWaitDadFinish(obj) < 0)
- goto error;
-
if (virNetDevBandwidthSet(def->bridge, def->bandwidth, true, true) < 0)
goto error;
--
2.26.2
9:19 a.m.
New subject: [libvirt PATCH 1/2] network: don't wait for IPv6 DAD completion when starting a network
On Fri, Sep 04, 2020 at 02:01:14PM -0400, Laine Stump wrote:
0f7436ca54 added code during virtual network startup to wait for DAD
(Duplicate Address Detection) to complete if there were any IPv6
addresses on the network. This wait was needed because (according to
the commit log) "created problems when [the "dummy" tap device] is set
to IFF_DOWN prior to DAD completing".
That commit in turn referenced commit db488c7917, which had added the
code to set the dummy tap device IFF_DOWN, commenting "DAD has
happened (dnsmasq waits for it)", and in its commit message pointed
out that if we just got rid of the dummy tap device this wouldn't be
needed.
Now that the dummy tap device has indeed been removed (commit
ee6c936fbb), there is no longer any need to set it IFF_DOWN, and thus
nothing requiring us to wait for DAD to complete. At any rate, with
the dummy tap device removed, leaving nothing else on the bridge when
it is first started, DAD never completes, leading to failure to start
any IPv6 network.
So, yes, this patch removes the wait for DAD completion, and IPv6
networks can once again start, and their associated dnsmasq process
starts successfully (this is the problem that the DAD wait was
originally intended to fix)
I'll note that when the virtual network first starts, the IPv6
address is shown as "global tentative" and "netstat -u" does not
show any dnsmasq listening on the IPv6 address.
Once I start the first guest, then it removes "tentative" state
and dnsmasq is now listening on IPv6 address.
In contrast wth the old patch, the "tentative" state is gone
immediately and it listens on IPv6.
IIUC, the removal "tenative" signals that DAD is complete.
IOW, with our new setup DAD is not complete until the first
guest runs.
This difference in behaviour doesn't seem to have any functional
problem. I can start the guest, it gets IPv6 connectivity and
can reach the interwebs fine.
The only nagging feeling in the back of my mind is whether the
the original dnsmasq problems with DAD were in fact solved by
some fix in dnsmasq, and the magic kernel behaviour wrt to a
bridge with no NICs is a distraction.
Anyway, I feel we can stick with this and revisit if anyone
complains later.
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/network/bridge_driver.c | 32 --------------------------------
1 file changed, 32 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 5c00befc16..87d7acab06 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2286,32 +2286,6 @@ networkAddRouteToBridge(virNetworkObjPtr obj,
return 0;
}
-static int
-networkWaitDadFinish(virNetworkObjPtr obj)
-{
- virNetworkDefPtr def = virNetworkObjGetDef(obj);
- virNetworkIPDefPtr ipdef;
- g_autofree virSocketAddrPtr *addrs = NULL;
- virSocketAddrPtr addr = NULL;
- size_t naddrs = 0;
- int ret = -1;
-
- VIR_DEBUG("Begin waiting for IPv6 DAD on network %s", def->name);
-
- while ((ipdef = virNetworkDefGetIPByIndex(def, AF_INET6, naddrs))) {
- addr = &ipdef->address;
- if (VIR_APPEND_ELEMENT_COPY(addrs, naddrs, addr) < 0)
- goto cleanup;
- }
-
- ret = (naddrs == 0) ? 0 : virNetDevIPWaitDadFinish(addrs, naddrs);
-
- cleanup:
- VIR_DEBUG("Finished waiting for IPv6 DAD on network %s with status %d",
- def->name, ret);
- return ret;
-}
-
static int
networkStartNetworkVirtual(virNetworkDriverStatePtr driver,
@@ -2444,12 +2418,6 @@ networkStartNetworkVirtual(virNetworkDriverStatePtr driver,
if (v6present && networkStartRadvd(driver, obj) < 0)
goto error;
- /* dnsmasq does not wait for DAD to complete before daemonizing,
- * so we need to wait for it ourselves.
- */
- if (v6present && networkWaitDadFinish(obj) < 0)
- goto error;
-
if (virNetDevBandwidthSet(def->bridge, def->bandwidth, true, true) < 0)
goto error;
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
1:01 p.m.
New subject: [libvirt PATCH 2/2] util: remove unused virNetDevIPWaitDadFinish()
Since we no longer need to wait for IPv6 DAD to complete, we never
call this function.
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/libvirt_private.syms | 1 -
src/util/virnetdevip.c | 119 ---------------------------------------
src/util/virnetdevip.h | 2 -
3 files changed, 122 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 1272ac6506..f8cdd01797 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2633,7 +2633,6 @@ virNetDevIPRouteGetAddress;
virNetDevIPRouteGetGateway;
virNetDevIPRouteGetMetric;
virNetDevIPRouteGetPrefix;
-virNetDevIPWaitDadFinish;
# util/virnetdevmacvlan.h
diff --git a/src/util/virnetdevip.c b/src/util/virnetdevip.c
index 1e7e64f8f3..7bd5a75f85 100644
--- a/src/util/virnetdevip.c
+++ b/src/util/virnetdevip.c
@@ -45,8 +45,6 @@
# include <linux/if_vlan.h>
#endif
-#define VIR_DAD_WAIT_TIMEOUT 20 /* seconds */
-
#define VIR_FROM_THIS VIR_FROM_NONE
VIR_LOG_INIT("util.netdevip");
@@ -372,113 +370,6 @@ virNetDevIPRouteAdd(const char *ifname,
}
-/* return true if there is a known address with 'tentative' flag set */
-static bool
-virNetDevIPParseDadStatus(struct nlmsghdr *nlh, int len,
- virSocketAddrPtr *addrs, size_t count)
-{
- struct ifaddrmsg *ifaddrmsg_ptr;
- unsigned int ifaddrmsg_len;
- struct rtattr *rtattr_ptr;
- size_t i;
- struct in6_addr *addr;
-
- VIR_WARNINGS_NO_CAST_ALIGN
- for (; NLMSG_OK(nlh, len); nlh = NLMSG_NEXT(nlh, len)) {
- VIR_WARNINGS_RESET
- if (NLMSG_PAYLOAD(nlh, 0) < sizeof(struct ifaddrmsg)) {
- /* Message without payload is the last one. */
- break;
- }
-
- ifaddrmsg_ptr = (struct ifaddrmsg *)NLMSG_DATA(nlh);
- if (!(ifaddrmsg_ptr->ifa_flags & IFA_F_TENTATIVE)) {
- /* Not tentative: we are not interested in this entry. */
- continue;
- }
-
- ifaddrmsg_len = IFA_PAYLOAD(nlh);
- VIR_WARNINGS_NO_CAST_ALIGN
- rtattr_ptr = (struct rtattr *) IFA_RTA(ifaddrmsg_ptr);
- for (; RTA_OK(rtattr_ptr, ifaddrmsg_len);
- rtattr_ptr = RTA_NEXT(rtattr_ptr, ifaddrmsg_len)) {
- VIR_WARNINGS_RESET
- if (RTA_PAYLOAD(rtattr_ptr) != sizeof(struct in6_addr)) {
- /* No address: ignore. */
- continue;
- }
-
- /* We check only known addresses. */
- for (i = 0; i < count; i++) {
- addr = &addrs[i]->data.inet6.sin6_addr;
- if (!memcmp(addr, RTA_DATA(rtattr_ptr),
- sizeof(struct in6_addr))) {
- /* We found matching tentative address. */
- return true;
- }
- }
- }
- }
- return false;
-}
-
-
-/* return after DAD finishes for all known IPv6 addresses or an error */
-int
-virNetDevIPWaitDadFinish(virSocketAddrPtr *addrs, size_t count)
-{
- struct ifaddrmsg ifa;
- unsigned int recvbuflen;
- bool dad = true;
- time_t max_time = time(NULL) + VIR_DAD_WAIT_TIMEOUT;
- g_autoptr(virNetlinkMsg) nlmsg = NULL;
-
- if (!(nlmsg = nlmsg_alloc_simple(RTM_GETADDR,
- NLM_F_REQUEST | NLM_F_DUMP))) {
- virReportOOMError();
- return -1;
- }
-
- memset(&ifa, 0, sizeof(ifa));
- /* DAD is for IPv6 addresses only. */
- ifa.ifa_family = AF_INET6;
- if (nlmsg_append(nlmsg, &ifa, sizeof(ifa), NLMSG_ALIGNTO) < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("allocated netlink buffer is too small"));
- return -1;
- }
-
- /* Periodically query netlink until DAD finishes on all known addresses. */
- while (dad && time(NULL) < max_time) {
- g_autofree struct nlmsghdr *resp = NULL;
-
- if (virNetlinkCommand(nlmsg, &resp, &recvbuflen, 0, 0,
- NETLINK_ROUTE, 0) < 0)
- return -1;
-
- if (virNetlinkGetErrorCode(resp, recvbuflen) < 0) {
- virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
- _("error reading DAD state information"));
- return -1;
- }
-
- /* Parse response. */
- dad = virNetDevIPParseDadStatus(resp, recvbuflen, addrs, count);
- if (dad)
- g_usleep(1000 * 10);
- }
- /* Check timeout. */
- if (dad) {
- virReportError(VIR_ERR_SYSTEM_ERROR,
- _("Duplicate Address Detection "
- "not finished in %d seconds"), VIR_DAD_WAIT_TIMEOUT);
- } else {
- return 0;
- }
-
- return -1;
-}
-
static int
virNetDevIPGetAcceptRA(const char *ifname)
{
@@ -798,16 +689,6 @@ virNetDevIPRouteAdd(const char *ifname,
}
-/* return after DAD finishes for all known IPv6 addresses or an error */
-int
-virNetDevIPWaitDadFinish(virSocketAddrPtr *addrs G_GNUC_UNUSED,
- size_t count G_GNUC_UNUSED)
-{
- virReportSystemError(ENOSYS, "%s",
- _("Unable to wait for IPv6 DAD on this platform"));
- return -1;
-}
-
bool
virNetDevIPCheckIPv6Forwarding(void)
{
diff --git a/src/util/virnetdevip.h b/src/util/virnetdevip.h
index 1fa6dd8836..faaa4f2c01 100644
--- a/src/util/virnetdevip.h
+++ b/src/util/virnetdevip.h
@@ -76,8 +76,6 @@ int virNetDevIPAddrDel(const char *ifname,
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT;
int virNetDevIPAddrGet(const char *ifname, virSocketAddrPtr addr)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT;
-int virNetDevIPWaitDadFinish(virSocketAddrPtr *addrs, size_t count)
- ATTRIBUTE_NONNULL(1);
bool virNetDevIPCheckIPv6Forwarding(void);
void virNetDevIPAddrFree(virNetDevIPAddrPtr ip);
--
2.26.2
8:09 a.m.
On a Friday in 2020, Laine Stump wrote:
After the patch that removed the dummy tap device was added (commit
ee6c936fbb), IPv6 networks would no longer start due to a "failure to
complete DAD". Since this wait was only necessary because of the
existence of the dummy tap device (see detailed git log spelunking in
Patch 1 comment), we can just remove the wait.
Laine Stump (2):
network: don't wait for IPv6 DAD completion when starting a network
util: remove unused virNetDevIPWaitDadFinish()
src/libvirt_private.syms | 1 -
src/network/bridge_driver.c | 32 ----------
src/util/virnetdevip.c | 119 ------------------------------------
src/util/virnetdevip.h | 2 -
4 files changed, 154 deletions(-)
Beautiful.
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano
1537
days inactive
1540
days old
4 comments
3 participants
participants (3)
-
Daniel P. Berrangé -
Ján Tomko -
Laine Stump