From owner-freebsd-net@freebsd.org Tue Dec 12 02:32:06 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 67A4CE878CC for ; Tue, 12 Dec 2017 02:32:06 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from mail.tyknet.dk (mail.tyknet.dk [IPv6:2a01:4f8:201:2327:144:76:253:226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2F43D65C31 for ; Tue, 12 Dec 2017 02:32:06 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from [10.137.3.13] (217.71.4.82.static.router4.bolignet.dk [217.71.4.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.tyknet.dk (Postfix) with ESMTPSA id 115B3BA1E57 for ; Tue, 12 Dec 2017 02:31:56 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.tyknet.dk 115B3BA1E57 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default; t=1513045916; bh=JMR76yXoUWPMOB8QqZ8XVjWaNuXE3/jBDukpR61xOik=; h=To:From:Subject:Date; b=gQxBxqLvpgo108JULNcxffKYHQ2nHM++k5lV9CXo7bye9sS1d6ZPmd9xDeVMt4TyU CJzxyYSupt3hWV7Hscq9GQo+dm8qyoIoptu2NhkY+T3UEKig9y3DPbtuMoKh85Rxdv Pk++S6eaq16foTpP9Bqw8xkkBeOgJNC/1KuVTui/VntxcBKA26Bv5P+nvEH2+t5/Rl hRDxbiTTraogS57pn+7y/MttLoeq5tZ4KRqowZ/TxGNKq+cYvgvCch5c6jDdzfPLSB kP18Rp+GshGjmF79AZH4E0ttzOm2iSU+KGEDPLw73pCmy31UzPCRk8O/fbvqJPupm/ coe5MWtwa6mVQ== To: freebsd-net@freebsd.org From: Thomas Steen Rasmussen Subject: Changes to route(8) or routing between r325235 and r326782? Message-ID: Date: Tue, 12 Dec 2017 03:31:55 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 02:32:06 -0000 Hello list :) "Something" which changes how routing works has landed in 11-STABLE between r325235 and r326782. Until now I have had a script which deletes routing table entries which point to lo0, in order to keep traffic from "shortcutting" over lo0, to make it possible to use pf to filter traffic between jails. This script has worked for years, but has now stopped working after upgrading from r325235 to r326782. Can someone enlighten me as to what changed, and why? Background/example: I add 185.96.180.10/32 as an alias on an interface, lagg0.1171. This creates two routing table entries: 185.96.180.10      link#11            UHS         lo0 185.96.180.10/32   link#11            U      lagg0.1171 If I leave this as-is the traffic from other jails use lo0 to reach 185.96.180.10 meaning they bypass pf entirely. To avoid this I simply delete the route on lo0, which makes stuff behave as I would expect - traffic to 185.96.180.10 goes via lagg0.1171 meaning I can filter in pf as needed. After upgrading to r326782 I get the following error when trying to delete the lo0 entry (I have an rc.d script to do it): $ sudo route delete 185.96.180.10 route: writing to routing socket: Address already in use delete host 185.96.180.10 fib 0: gateway uses the same route $ What gives? What do I do now? :) Thanks! Best regards Thomas Steen Rasmussen