Send both gratuitous ARP REQUESTs and REPLYs

Due to a linux kernel bug [1], network peers risk missing a gratuitous
arp update. This can be safely worked around by enabling arp_accept for
network interfaces that may receive those ARP packets [2]. Sadly, due to
another kernel bug [3], gratuitous ARP packets that we send are not
honoured by arp_accept. If we switch from REPLY to REQUEST packets, then
all recent kernels should enforce ARP table entry override on gARP
received.

REPLYs are left for backwards compatibility in case some network peers
honor REPLYs and not REQUESTs.

[1] https://patchwork.ozlabs.org/patch/760372/
[2] https://bugs.launchpad.net/fuel/+bug/1456272
[3] https://patchwork.ozlabs.org/patch/760373/

Related-Bug: #1690165
Change-Id: Iacd01875bf1299ff68fb5d1009d72088270320bb
This commit is contained in:
Ihar Hrachyshka 2017-05-10 09:05:53 -07:00
parent 96c5dd6a2b
commit 82831b9d8d
2 changed files with 35 additions and 27 deletions

View File

@ -1062,19 +1062,26 @@ def _arping(ns_name, iface_name, address, count, log_exception):
time.sleep(2) time.sleep(2)
first = False first = False
# Pass -w to set timeout to ensure exit if interface removed while # some Linux kernels* don't honour REPLYs. Send both gratuitous REQUEST
# running # and REPLY packets (REQUESTs are left for backwards compatibility for
arping_cmd = ['arping', '-A', '-I', iface_name, '-c', 1, # in case if some network peers, vice versa, honor REPLYs and not
# REQUESTs)
#
# * https://patchwork.ozlabs.org/patch/763016/
for arg in ('-U', '-A'):
arping_cmd = ['arping', arg, '-I', iface_name, '-c', 1,
# Pass -w to set timeout to ensure exit if interface
# removed while running
'-w', 1.5, address] '-w', 1.5, address]
try: try:
ip_wrapper = IPWrapper(namespace=ns_name) ip_wrapper = IPWrapper(namespace=ns_name)
# Since arping is used to send gratuitous ARP, a response is not # Since arping is used to send gratuitous ARP, a response is
# expected. In some cases (no response) and with some platforms # not expected. In some cases (no response) and with some
# (>=Ubuntu 14.04), arping exit code can be 1. # platforms (>=Ubuntu 14.04), arping exit code can be 1.
ip_wrapper.netns.execute(arping_cmd, extra_ok_codes=[1]) ip_wrapper.netns.execute(arping_cmd, extra_ok_codes=[1])
except Exception as exc: except Exception as exc:
msg = _("Failed sending gratuitous ARP " msg = _("Failed sending gratuitous ARP to %(addr)s on "
"to %(addr)s on %(iface)s in namespace %(ns)s: %(err)s") "%(iface)s in namespace %(ns)s: %(err)s")
logger_method = LOG.exception logger_method = LOG.exception
if not log_exception: if not log_exception:
logger_method = LOG.warning logger_method = LOG.warning

View File

@ -1674,7 +1674,8 @@ class TestArpPing(TestIPCmdBase):
ip_wrapper = mIPWrapper(namespace=mock.sentinel.ns_name) ip_wrapper = mIPWrapper(namespace=mock.sentinel.ns_name)
# Just test that arping is called with the right arguments # Just test that arping is called with the right arguments
arping_cmd = ['arping', '-A', for arg in ('-A', '-U'):
arping_cmd = ['arping', arg,
'-I', mock.sentinel.iface_name, '-I', mock.sentinel.iface_name,
'-c', 1, '-c', 1,
'-w', mock.ANY, '-w', mock.ANY,