Send both gratuitous ARP REQUESTs and REPLYs

Due to a linux kernel bug [1], network peers risk missing a gratuitous
arp update. This can be safely worked around by enabling arp_accept for
network interfaces that may receive those ARP packets [2]. Sadly, due to
another kernel bug [3], gratuitous ARP packets that we send are not
honoured by arp_accept. If we switch from REPLY to REQUEST packets, then
all recent kernels should enforce ARP table entry override on gARP
received.

REPLYs are left for backwards compatibility in case some network peers
honor REPLYs and not REQUESTs.

[1] https://patchwork.ozlabs.org/patch/760372/
[2] https://bugs.launchpad.net/fuel/+bug/1456272
[3] https://patchwork.ozlabs.org/patch/760373/

Related-Bug: #1690165
Change-Id: Iacd01875bf1299ff68fb5d1009d72088270320bb
This commit is contained in:
Ihar Hrachyshka 2017-05-10 09:05:53 -07:00
parent 96c5dd6a2b
commit 82831b9d8d
2 changed files with 35 additions and 27 deletions

View File

@ -1062,26 +1062,33 @@ def _arping(ns_name, iface_name, address, count, log_exception):
time.sleep(2) time.sleep(2)
first = False first = False
# Pass -w to set timeout to ensure exit if interface removed while # some Linux kernels* don't honour REPLYs. Send both gratuitous REQUEST
# running # and REPLY packets (REQUESTs are left for backwards compatibility for
arping_cmd = ['arping', '-A', '-I', iface_name, '-c', 1, # in case if some network peers, vice versa, honor REPLYs and not
'-w', 1.5, address] # REQUESTs)
try: #
ip_wrapper = IPWrapper(namespace=ns_name) # * https://patchwork.ozlabs.org/patch/763016/
# Since arping is used to send gratuitous ARP, a response is not for arg in ('-U', '-A'):
# expected. In some cases (no response) and with some platforms arping_cmd = ['arping', arg, '-I', iface_name, '-c', 1,
# (>=Ubuntu 14.04), arping exit code can be 1. # Pass -w to set timeout to ensure exit if interface
ip_wrapper.netns.execute(arping_cmd, extra_ok_codes=[1]) # removed while running
except Exception as exc: '-w', 1.5, address]
msg = _("Failed sending gratuitous ARP " try:
"to %(addr)s on %(iface)s in namespace %(ns)s: %(err)s") ip_wrapper = IPWrapper(namespace=ns_name)
logger_method = LOG.exception # Since arping is used to send gratuitous ARP, a response is
if not log_exception: # not expected. In some cases (no response) and with some
logger_method = LOG.warning # platforms (>=Ubuntu 14.04), arping exit code can be 1.
logger_method(msg, {'addr': address, ip_wrapper.netns.execute(arping_cmd, extra_ok_codes=[1])
'iface': iface_name, except Exception as exc:
'ns': ns_name, msg = _("Failed sending gratuitous ARP to %(addr)s on "
'err': exc}) "%(iface)s in namespace %(ns)s: %(err)s")
logger_method = LOG.exception
if not log_exception:
logger_method = LOG.warning
logger_method(msg, {'addr': address,
'iface': iface_name,
'ns': ns_name,
'err': exc})
def send_ip_addr_adv_notif( def send_ip_addr_adv_notif(

View File

@ -1674,13 +1674,14 @@ class TestArpPing(TestIPCmdBase):
ip_wrapper = mIPWrapper(namespace=mock.sentinel.ns_name) ip_wrapper = mIPWrapper(namespace=mock.sentinel.ns_name)
# Just test that arping is called with the right arguments # Just test that arping is called with the right arguments
arping_cmd = ['arping', '-A', for arg in ('-A', '-U'):
'-I', mock.sentinel.iface_name, arping_cmd = ['arping', arg,
'-c', 1, '-I', mock.sentinel.iface_name,
'-w', mock.ANY, '-c', 1,
address] '-w', mock.ANY,
ip_wrapper.netns.execute.assert_any_call(arping_cmd, address]
extra_ok_codes=[1]) ip_wrapper.netns.execute.assert_any_call(arping_cmd,
extra_ok_codes=[1])
@mock.patch('eventlet.spawn_n') @mock.patch('eventlet.spawn_n')
def test_no_ipv6_addr_notif(self, spawn_n): def test_no_ipv6_addr_notif(self, spawn_n):