Re: nd6 'stale' timer unreasonably long?

To: tech-net%netbsd.org@localhost
Subject: Re: nd6 'stale' timer unreasonably long?
From: Timo Buhrmester <timo%math.uni-bonn.de@localhost>
Date: Fri, 13 Feb 2026 15:23:26 +0100

> >    c) I think a sysctl for that GC timer might be appropriate.
> I think this is an obvious first start.

Like this? (It's against trunk but I tested it on 10.1_STABLE; seems to work)


diff --git a/share/man/man7/sysctl.7 b/share/man/man7/sysctl.7
index 7bc0897e8834..61d0faf64466 100644
--- a/share/man/man7/sysctl.7
+++ b/share/man/man7/sysctl.7
@@ -1874,6 +1874,7 @@ The currently defined protocols and names are:
 .It icmp6	nd6_delay	integer	yes
 .It icmp6	nd6_maxnudhint	integer	yes
 .It icmp6	nd6_mmaxtries	integer	yes
+.It icmp6	nd6_gctimer	integer	yes
 .It icmp6	nd6_prune	integer	yes
 .It icmp6	nd6_umaxtries	integer	yes
 .It icmp6	nd6_useloopback	integer	yes
@@ -2113,6 +2114,9 @@ The variable specifies
 .Dv MAX_MULTICAST_SOLICIT
 constant in IPv6 neighbor discovery specification
 .Pq RFC 2461 .
+.It Li icmp6.nd6_gctimer
+The duration stale neighbors will be kept for, before being garbage collected,
+in seconds.
 .It Li icmp6.nd6_prune
 The variable specifies interval between IPv6 neighbor cache babysitting,
 in seconds.
diff --git a/sys/net/nd.c b/sys/net/nd.c
index ef67a4cd39da..d6b8210d2d0a 100644
--- a/sys/net/nd.c
+++ b/sys/net/nd.c
@@ -43,8 +43,6 @@ __KERNEL_RCSID(0, "$NetBSD: nd.c,v 1.8 2025/08/18 06:46:43 ozaki-r Exp $");
 
 static struct nd_domain *nd_domains[AF_MAX];
 
-static int nd_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */
-
 static void nd_set_timertick(struct llentry *, time_t);
 static struct nd_domain *nd_find_domain(int);
 
@@ -293,13 +291,13 @@ nd_set_timer(struct llentry *ln, int type)
 		if (ln->ln_expire > time_uptime)
 			xtick = (ln->ln_expire - time_uptime) * hz;
 		else
-			xtick = nd_gctimer * hz;
+			xtick = nd->nd_gctimer * hz;
 		break;
 	case ND_TIMER_DELAY:
 		xtick = nd->nd_delay * hz;
 		break;
 	case ND_TIMER_GC:
-		xtick = nd_gctimer * hz;
+		xtick = nd->nd_gctimer * hz;
 		break;
 	default:
 		panic("%s: invalid timer type\n", __func__);
diff --git a/sys/net/nd.h b/sys/net/nd.h
index b0edb99f2270..6ea5c97d8821 100644
--- a/sys/net/nd.h
+++ b/sys/net/nd.h
@@ -78,6 +78,7 @@ struct nd_domain {
 	int nd_maxretrans;	/* maximum retransmission time in msec */
 	int nd_maxnudhint;	/* max # of subsequent upper layer hints */
 	int nd_maxqueuelen;	/* max # of packets in unresolved ND entries */
+	int nd_gctimer;		/* stale neighbor GC timer duration */
 	bool (*nd_nud_enabled)(struct ifnet *);
 	unsigned int (*nd_reachable)(struct ifnet *);	/* msec */
 	unsigned int (*nd_retrans)(struct ifnet *);	/* msec */
diff --git a/sys/netinet/icmp6.h b/sys/netinet/icmp6.h
index 4c8659c0c058..1b987012c696 100644
--- a/sys/netinet/icmp6.h
+++ b/sys/netinet/icmp6.h
@@ -646,6 +646,7 @@ struct icmp6_filter {
 #define	ICMPV6CTL_ND6_MAXQLEN	24
 #define	ICMPV6CTL_REFLECT_PMTU	25
 #define	ICMPV6CTL_DYNAMIC_RT_MSG	26
+#define	ICMPV6CTL_ND6_GCTIMER	27
 
 #ifdef _KERNEL
 struct	rtentry;
diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c
index a88d3e4d48d2..f37331a9de80 100644
--- a/sys/netinet6/icmp6.c
+++ b/sys/netinet6/icmp6.c
@@ -3031,6 +3031,13 @@ sysctl_net_inet6_icmp6_setup(struct sysctllog **clog)
 		       NULL, 0, &nd6_useloopback, 0,
 		       CTL_NET, PF_INET6, IPPROTO_ICMPV6,
 		       ICMPV6CTL_ND6_USELOOPBACK, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "nd6_gctimer",
+		       SYSCTL_DESCR("stale neighbor GC timer duration"),
+		       NULL, 0, &nd6_nd_domain.nd_gctimer, 0,
+		       CTL_NET, PF_INET6, IPPROTO_ICMPV6,
+		       ICMPV6CTL_ND6_GCTIMER, CTL_EOL);
 #if 0 /* obsoleted */
 	sysctl_createv(clog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c
index 8ae3392fbac7..b1c0addba84a 100644
--- a/sys/netinet6/nd6.c
+++ b/sys/netinet6/nd6.c
@@ -128,6 +128,7 @@ struct nd_domain nd6_nd_domain = {
 	.nd_retransmultiple = BACKOFF_MULTIPLE,
 	.nd_maxretrans = MAX_RETRANS_TIMER,
 	.nd_maxnudhint = 0,	/* max # of subsequent upper layer hints */
+	.nd_gctimer = 24*60*60,	/* stale neighbor GC timer duration */
 	.nd_maxqueuelen = 1,	/* max # of packets in unresolved ND entries */
 	.nd_nud_enabled = nd6_nud_enabled,
 	.nd_reachable = nd6_llinfo_reachable,

References:
- nd6 'stale' timer unreasonably long?
  - From: Timo Buhrmester
- Re: nd6 'stale' timer unreasonably long?
  - From: Timo Buhrmester
- Re: nd6 'stale' timer unreasonably long?
  - From: Timo Buhrmester
- Re: nd6 'stale' timer unreasonably long?
  - From: Lloyd Parkes

Prev by Date: Re: nd6 'stale' timer unreasonably long?
Previous by Thread: Re: nd6 'stale' timer unreasonably long?
Indexes:

Home | Main Index | Thread Index | Old Index