From owner-freebsd-net@freebsd.org  Tue Dec 12 15:13:00 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C40EAE9B84E
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Tue, 12 Dec 2017 15:13:00 +0000 (UTC)
 (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net)
Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9D99B16CC
 for <freebsd-net@freebsd.org>; Tue, 12 Dec 2017 15:12:59 +0000 (UTC)
 (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net)
Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1])
 by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id vBCFCtwK086700;
 Tue, 12 Dec 2017 07:12:55 -0800 (PST)
 (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net)
Received: (from freebsd-rwg@localhost)
 by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id vBCFCs1L086699;
 Tue, 12 Dec 2017 07:12:54 -0800 (PST) (envelope-from freebsd-rwg)
From: "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net>
Message-Id: <201712121512.vBCFCs1L086699@pdx.rh.CN85.dnsmgr.net>
Subject: Re: Changes to route(8) or routing between r325235 and r326782?
In-Reply-To: <2b2e3b28-f29d-b507-cb81-801666ad4ddf@gibfest.dk>
To: Thomas Steen Rasmussen <thomas@gibfest.dk>
Date: Tue, 12 Dec 2017 07:12:54 -0800 (PST)
CC: Eugene Grosbein <eugen@grosbein.net>, freebsd-net@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2017 15:13:00 -0000

> On 12/12/2017 08:56 AM, Eugene Grosbein wrote:
> > On 12.12.2017 09:31, Thomas Steen Rasmussen wrote:
> >  
> >> After upgrading to r326782 I get the following error when trying to
> >> delete the lo0 entry (I have an rc.d script to do it):
> >>
> >> $ sudo route delete 185.96.180.10
> >> route: writing to routing socket: Address already in use
> >> delete host 185.96.180.10 fib 0: gateway uses the same route
> >> $
> >>
> >> What gives? What do I do now? :)
> > You should be using jail+vnet in first place that allows you to get desired behaviour
> > by assigning an interface to distinct jail. Take a look at jail(8) manual page
> > for vnet and vnet.interface parameters.
> >
> Hello,
> 
> Thanks, I am aware of vnet and it's uses. I am looking for the reason
> why the current method doesn't work anymore. :)
> Switching 50+ jails over to vnet is not something you "just do", the
> rewriting of firewall rules alone will be quite a job.
> 
> I am also pretty curious as to what people have been doing to solve this
> over the last many years while waiting for vimage to become stable? Have
> people just not been firewalling between jails?

The mistake is that the kernel is doing route decisions at all,
that is the domain of a daemon and should of never been put in
the kernel, for reasons exactly like this.

What I have done on all my systems is I comment out all the
loopback route code in the kernel and do the proper routing
with either OSPF or BGP.

find /sys/ | xargs grep maintain_loopback_route
mostly can be fixed in net/if.c.

This "routing policy" in the kernel just breaks things in so many ways.

-- 
Rod Grimes                                                 rgrimes@freebsd.org