Date: Tue, 12 Dec 2017 07:12:54 -0800 (PST) From: "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net> To: Thomas Steen Rasmussen <thomas@gibfest.dk> Cc: Eugene Grosbein <eugen@grosbein.net>, freebsd-net@freebsd.org Subject: Re: Changes to route(8) or routing between r325235 and r326782? Message-ID: <201712121512.vBCFCs1L086699@pdx.rh.CN85.dnsmgr.net> In-Reply-To: <2b2e3b28-f29d-b507-cb81-801666ad4ddf@gibfest.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 12/12/2017 08:56 AM, Eugene Grosbein wrote: > > On 12.12.2017 09:31, Thomas Steen Rasmussen wrote: > > > >> After upgrading to r326782 I get the following error when trying to > >> delete the lo0 entry (I have an rc.d script to do it): > >> > >> $ sudo route delete 185.96.180.10 > >> route: writing to routing socket: Address already in use > >> delete host 185.96.180.10 fib 0: gateway uses the same route > >> $ > >> > >> What gives? What do I do now? :) > > You should be using jail+vnet in first place that allows you to get desired behaviour > > by assigning an interface to distinct jail. Take a look at jail(8) manual page > > for vnet and vnet.interface parameters. > > > Hello, > > Thanks, I am aware of vnet and it's uses. I am looking for the reason > why the current method doesn't work anymore. :) > Switching 50+ jails over to vnet is not something you "just do", the > rewriting of firewall rules alone will be quite a job. > > I am also pretty curious as to what people have been doing to solve this > over the last many years while waiting for vimage to become stable? Have > people just not been firewalling between jails? The mistake is that the kernel is doing route decisions at all, that is the domain of a daemon and should of never been put in the kernel, for reasons exactly like this. What I have done on all my systems is I comment out all the loopback route code in the kernel and do the proper routing with either OSPF or BGP. find /sys/ | xargs grep maintain_loopback_route mostly can be fixed in net/if.c. This "routing policy" in the kernel just breaks things in so many ways. -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712121512.vBCFCs1L086699>