NetBSD Problem Report #59596
From www@netbsd.org Fri Aug 15 03:17:20 2025
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id B974A1A923C
for <gnats-bugs@gnats.NetBSD.org>; Fri, 15 Aug 2025 03:17:20 +0000 (UTC)
Message-Id: <20250815031719.70D731A923E@mollari.NetBSD.org>
Date: Fri, 15 Aug 2025 03:17:19 +0000 (UTC)
From: ozaki-r@iij.ad.jp
Reply-To: ozaki-r@iij.ad.jp
To: gnats-bugs@NetBSD.org
Subject: ND resolution sends one more request than expected
X-Send-Pr-Version: www-1.0
>Number: 59596
>Category: kern
>Synopsis: ND resolution sends one more request than expected
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Aug 15 03:20:01 +0000 2025
>Last-Modified: Fri Aug 29 15:25:01 +0000 2025
>Originator: Ryota Ozaki
>Release: current, 11 and 10
>Organization:
IIJ
>Environment:
any
>Description:
ARP requests are expected to be sent net.inet.arp.nd_bmaxtries times (three by default).
However, ARP requests are actually sent one more (four).
IPv6 ND also behaves the same way.
>How-To-Repeat:
kvm# tcpdump -ne -i vioif0 &
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vioif0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
kvm# ping -c 1 10.0.1.3
PING 10.0.1.3 (10.0.1.3): 56 data bytes
09:34:46.716454 52:54:00:bb:18:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.0.1.3 tell 10.0.1.1, length 28
09:34:47.709730 52:54:00:bb:18:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.0.1.3 tell 10.0.1.1, length 28
09:34:48.709767 52:54:00:bb:18:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.0.1.3 tell 10.0.1.1, length 28
09:34:49.709826 52:54:00:bb:18:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.0.1.3 tell 10.0.1.1, length 28
^C
----10.0.1.3 PING Statistics----
1 packets transmitted, 0 packets received, 100.0% packet loss
kvm# sysctl -w net.inet.arp.nd_bmaxtries=1
net.inet.arp.nd_bmaxtries: 3 -> 1
kvm#
kvm# ping -c 1 10.0.1.3
PING 10.0.1.3 (10.0.1.3): 56 data bytes
09:35:10.392690 52:54:00:bb:18:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.0.1.3 tell 10.0.1.1, length 28
09:35:11.386709 52:54:00:bb:18:47 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.0.1.3 tell 10.0.1.1, length 28
----10.0.1.3 PING Statistics----
1 packets transmitted, 0 packets received, 100.0% packet loss
kvm#
>Fix:
diff --git a/sys/net/nd.c b/sys/net/nd.c
index e0968baacaf..10c23cb58dd 100644
--- a/sys/net/nd.c
+++ b/sys/net/nd.c
@@ -85,9 +85,11 @@ nd_timer(void *arg)
break;
case ND_LLINFO_INCOMPLETE:
- send_ns = true;
- if (ln->ln_asked++ < nd->nd_mmaxtries)
+ if (ln->ln_asked < nd->nd_mmaxtries) {
+ ln->ln_asked++;
+ send_ns = true;
break;
+ }
if (ln->ln_hold) {
struct mbuf *m0, *mnxt;
@@ -116,10 +118,8 @@ nd_timer(void *arg)
break;
case ND_LLINFO_REACHABLE:
- if (!ND_IS_LLINFO_PERMANENT(ln)) {
+ if (!ND_IS_LLINFO_PERMANENT(ln))
ln->ln_state = ND_LLINFO_STALE;
- nd_set_timer(ln, ND_TIMER_GC);
- }
break;
case ND_LLINFO_PURGE: /* FALLTHROUGH */
@@ -137,15 +137,14 @@ nd_timer(void *arg)
ln->ln_state = ND_LLINFO_PROBE;
send_ns = true;
daddrp = &taddr;
- } else {
+ } else
ln->ln_state = ND_LLINFO_STALE;
- nd_set_timer(ln, ND_TIMER_GC);
- }
break;
case ND_LLINFO_PROBE:
- send_ns = true;
- if (ln->ln_asked++ < nd->nd_umaxtries) {
+ if (ln->ln_asked < nd->nd_umaxtries) {
+ ln->ln_asked++;
+ send_ns = true;
daddrp = &taddr;
} else {
ln->ln_state = ND_LLINFO_UNREACHABLE;
@@ -170,9 +169,11 @@ nd_timer(void *arg)
* few applications would look at unreachability hints provided
* such as ND_LLINFO_UNREACHABLE or RTM_MISS.
*/
- send_ns = true;
- if (ln->ln_asked++ < nd->nd_mmaxtries)
+ if (ln->ln_asked < nd->nd_mmaxtries) {
+ ln->ln_asked++;
+ send_ns = true;
break;
+ }
missed = ND_LLINFO_UNREACHABLE;
ln->ln_state = ND_LLINFO_WAITDELETE;
@@ -180,14 +181,18 @@ nd_timer(void *arg)
break;
}
+ if (ln != NULL) {
+ int type = ND_TIMER_RETRANS;
+ if (ln->ln_state == ND_LLINFO_WAITDELETE)
+ type = ND_TIMER_RETRANS_BACKOFF;
+ else if (ln->ln_state == ND_LLINFO_STALE)
+ type = ND_TIMER_GC;
+ nd_set_timer(ln, type);
+ }
if (send_ns) {
uint8_t lladdr[255], *lladdrp;
union l3addr src, *psrc;
- if (ln->ln_state == ND_LLINFO_WAITDELETE)
- nd_set_timer(ln, ND_TIMER_RETRANS_BACKOFF);
- else
- nd_set_timer(ln, ND_TIMER_RETRANS);
if (ln->ln_state > ND_LLINFO_INCOMPLETE &&
ln->la_flags & LLE_VALID)
{
>Audit-Trail:
From: "Ryota Ozaki" <ozaki-r@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/59596 CVS commit: src/sys/net
Date: Mon, 18 Aug 2025 06:46:43 +0000
Module Name: src
Committed By: ozaki-r
Date: Mon Aug 18 06:46:43 UTC 2025
Modified Files:
src/sys/net: nd.c
Log Message:
nd: fix the number of requests for address resolution
ARP is expected to send requests for address resolution
net.inet.arp.nd_bmaxtries times at most. However, it sends
one more. IPv6 ND also behaves the same way.
The fix requires nd_set_timer reorganization to handle
scheduling timer without sending an NS message.
PR kern/59596
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/sys/net/nd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/59596 CVS commit: [netbsd-11] src
Date: Fri, 29 Aug 2025 15:19:39 +0000
Module Name: src
Committed By: martin
Date: Fri Aug 29 15:19:39 UTC 2025
Modified Files:
src/sys/net [netbsd-11]: nd.c
src/tests/net/arp [netbsd-11]: t_arp.sh
Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #22):
sys/net/nd.c: revision 1.8
tests/net/arp/t_arp.sh: revision 1.49
nd: fix the number of requests for address resolution
ARP is expected to send requests for address resolution
net.inet.arp.nd_bmaxtries times at most. However, it sends
one more. IPv6 ND also behaves the same way.
The fix requires nd_set_timer reorganization to handle
scheduling timer without sending an NS message.
PR kern/59596
tests: add tests for ARP address resolution
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.7.4.1 src/sys/net/nd.c
cvs rdiff -u -r1.48 -r1.48.2.1 src/tests/net/arp/t_arp.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/59596 CVS commit: [netbsd-10] src
Date: Fri, 29 Aug 2025 15:21:17 +0000
Module Name: src
Committed By: martin
Date: Fri Aug 29 15:21:16 UTC 2025
Modified Files:
src/sys/net [netbsd-10]: nd.c
src/tests/net/arp [netbsd-10]: t_arp.sh
Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #1154):
sys/net/nd.c: revision 1.8
tests/net/arp/t_arp.sh: revision 1.49
nd: fix the number of requests for address resolution
ARP is expected to send requests for address resolution
net.inet.arp.nd_bmaxtries times at most. However, it sends
one more. IPv6 ND also behaves the same way.
The fix requires nd_set_timer reorganization to handle
scheduling timer without sending an NS message.
PR kern/59596
tests: add tests for ARP address resolution
To generate a diff of this commit:
cvs rdiff -u -r1.5.2.1 -r1.5.2.2 src/sys/net/nd.c
cvs rdiff -u -r1.45.6.2 -r1.45.6.3 src/tests/net/arp/t_arp.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2025
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home