Use lltable/llentry for NDP

To: tech-kern%netbsd.org@localhost, tech-net%netbsd.org@localhost
Subject: Use lltable/llentry for NDP
From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
Date: Fri, 20 Nov 2015 14:13:10 +0900

Hi,

As I promised somewhere, I'm trying to use
lltable/llentry, which were introduced for ARP
while ago, for NDP as well.

Here is a patch:
http://www.netbsd.org/~ozaki-r/lltable-ndp.diff


Unlike ARP case, the old data structure (llinfo_nd6)
is similar to new one (llentry) and there isn't
so much radical changes (compared to ARP case).

One noticeable change is for neighbor cache GC
mechanism that was introduced to prevent IPv6 DoS
attacks. net.inet6.ip6.neighborgcthresh was the max
number of caches that we store in the system. After
introducing lltable/llentry, the value is changed
to be per-interface basis because lltable/llentry
stores neighbor caches in each interface separately.
And the change brings one degradation; the old GC
mechanism dropped exceeded packets based on LRU
while the new implementation drops packets in order
from the beginning of lltable (a hash table + linked
lists). It would be improved in the future.

Any comments and suggestions are appreciated.

Thanks,
  ozaki-r

Prev by Date: Re: page fault in fr_makefrip
Next by Date: Re: Use lltable/llentry for NDP
Previous by Thread: page fault in fr_makefrip
Next by Thread: Re: Use lltable/llentry for NDP
Indexes:

Home | Main Index | Thread Index | Old Index