svn commit: r347982 - head/sys/net

Rodney W. Grimes freebsd at gndrsh.dnsmgr.net
Tue May 21 01:10:27 UTC 2019 

> 20.05.2019, 07:50, "Rodney W. Grimes" <freebsd at gndrsh.dnsmgr.net>:
> >> ?Author: melifaro
> >> ?Date: Sun May 19 21:49:56 2019
> >> ?New Revision: 347982
> >> ?URL: https://svnweb.freebsd.org/changeset/base/347982
> >>
> >> ?Log:
> >> ???Fix rt_ifa selection during loopback route insertion process.
> >> ?????Currently such routes are added with a link-level IFA, which is
> >> ?????plain wrong. Only after the insertion they get fixed by the special
> >> ?????link_rtrequest() ifa handler. This behaviour complicates routing code
> >> ?????and makes ifa selection more complex.
> >> ???Streamline this process by explicitly moving link_rtrequest() logic
> >> ?????to the pre-insertion rt_getifa_fib() ifa selector. Avoid calling all
> >> ?????this logic in the loopback route case by explicitly specifying
> >> ?????proper rt_ifa inside the ifa_maintain_loopback_route().?
> >>
> >> ???MFC after: 2 weeks
> >> ???Differential Revision: https://reviews.freebsd.org/D20076
> >
> > I shall again state that from a routing protocol perspecitive
> > and a POLA perspective having the kernel doing route maintanance
> > of any kind is fundementally wrong.
> >
> > I still continue to stronly object to ifa_maintain_loopback_route
> > code even being present in our kernel. Having these routes
> > is a micro optimization at best, and cause issues when real
> > and actual routing protocols are in use.
> I agree with that. It indeed causes decent amount of complications and I (as another router type person) prefer to have it gone as well.
> However, one has to carefully check uRPF functionality in our firewalls, implement fib-aware in_localip_more (and its IPv6 counterpart) to make it happen.

How about we implement the simplest next step, make this
behavior either a kernel compile time option with #ifdef,
and/or a sysctl to turn it off with a bit that defaults
to current behavior while we investigate the harder solution?

> > Bruce Evans and myself have locally killed this code, and
> > just about every router type person I show it to gets ill
> > seeing it.
> >
> > Show many another system that does this and I might reconsider,
> > but I have never ever seen one.
> >
> >> ?Modified:
> >> ???head/sys/net/if.c
> >> ???head/sys/net/route.c
...
> >
> > Rod Grimes rgrimes at freebsd.org
-- 
Rod Grimes                                                 rgrimes at freebsd.org

More information about the svn-src-all mailing list