kern/100080: tun(4) device close removes only IPv4 addresses and routes

Remi Denis-Courmont rdenis at
Tue Jul 11 11:10:22 UTC 2006

>Number:         100080
>Category:       kern
>Synopsis:       tun(4) device close removes only IPv4 addresses and routes
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 11 11:10:14 GMT 2006
>Originator:     Remi Denis-Courmont
>Release:        6.1
FreeBSD fbsd 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May  7 04:32:43 UTC 2006
  root at  i386
The userland layer-3 tunnel character device tun(4) "/dev/tun" should remove all addresses and routes through an allocated network interface whenever the file descriptor is closed (src/sys/net/if_tun.c:tunclose).

However, it currently seems to only remove IPv4 (AF_INET) addresses and routes, leaving dangling routes in the network stack when IPv6 is used.
This problem is known to trigger when running Miredo 0.8.5 in Teredo relay mode. At first run, the program works fine, but if it is stopped/killed or crashes, we get a dangling route on the leftover tunnel device; restarting the program will then fail with EEXIST as it tries to add the same route to a new tunnel interface. Sample configuration (/usr/local/etc/miredo.conf) would be the following one-liner:

RelayType cone

Unfortunately, setting this up in non-trivial since said software is not in the ports tree. Sources are there:

Other tunnel software using tun + IPv6 might also be affected.
Supposedly yemove the AF_INET check in tunclose() from src/sys/net/if_tun.c or add a check for all supported addresses family, including but maybe not limited to AF_INET6.

More information about the freebsd-bugs mailing list