From owner-freebsd-net  Thu May 30 16:36:55 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch [62.48.0.70])
	by hub.freebsd.org (Postfix) with SMTP id 608F037B407
	for <freebsd-net@freebsd.org>; Thu, 30 May 2002 16:36:48 -0700 (PDT)
Received: (qmail 53357 invoked from network); 30 May 2002 23:36:27 -0000
Received: from unknown (HELO pipeline.ch) ([62.48.0.54]) (envelope-sender <oppermann@pipeline.ch>)
          by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP
          for <freebsd-net@freebsd.org>; 30 May 2002 23:36:27 -0000
Message-ID: <3CF6B748.E8CA7FC6@pipeline.ch>
Date: Fri, 31 May 2002 01:35:37 +0200
From: Andre Oppermann <oppermann@pipeline.ch>
X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Subject: Bug in net/route.[ch] with rmx_pksent while cloning
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hi all,

there is a bug in sys/route.[ch] with the rmx_pksent statistics (which
counts how many times the route has been used to forward a ip packet).

The bug is pretty simply: When cloning an rtentry in rtrequest1() the
metrics get copied one to one. Unfortunatly also the rmx_pksent sta-
tistic is being copied as well. This is wrong as we want to start from
zero instead of an arbitrary high number. The solution is to zero this
variable in the freshly copied rtmetrics.

The output of netstat -ran looks quite weird without the fix:

 Destination        Gateway            Flags    Refs      Use  Netif Expire
 default            195.134.128.33     UGSc       54    77721   fxp0
 24.92.226.13       195.134.128.33     UGHW        1    77578   fxp0

Here 24.92.226.13 is a fresh cloned route with already 77578 packets
sent to!? No, not at all. It simply inherited this number minus a hand
full of packets from the default route.

This bug sneaked in when rt_use (which used to be in the rtentry itself,
not in the metrics) was defined to be rt_rmx.rmx_pksent (which is in the
metrics).

The bug in net/route.h is different. In struct rt_msghdr rtm_use is
defined as int whereas in reality it is a u_long. In net/rtsock.c then
we simply assign rt->rt_use to rtm_use which converts us from u_long
down to int. The solution would be to make rtm_use a u_long too but
that breaks binary compatibility in -STABLE and the RTM_VERSION has
to be bumped. Even in Stevens Vol.2 this bug is present. I don't know
how much harm this does (probably none). On the other hand I fail to
see any reason why rt_msghdr needs to havethe rtm_use information at
all. So it could be removed as well (plus RTM_VERSION bump).

The next bug (but somewhat unrelated) happens to be in usr.bin/netstat/
route.c where the rt_use information is being printed. This is not the
rt_use from the rt_msghdr but the rmx_pksent counter. Netstat prints it
as %8ld when %8lu would be really correct. The solution is to change it
to %8lu.

Diffs against 4-STABLE attached. Should apply to -CURRENT directly or
with some fuzz.

Silby, Bosko or Luigi, could you have a look at this?

-- 
Andre


--- sys/net/route.c.old Fri May 31 00:49:43 2002
+++ sys/net/route.c     Fri May 31 00:51:49 2002
@@ -740,6 +740,7 @@
 		*/
 		if (req == RTM_RESOLVE) {
 			rt->rt_rmx = (*ret_nrt)->rt_rmx; /* copy metrics */
+			rt->rt_rmx.rmx_pksent = 0; /* reset packet counter */
 			if ((*ret_nrt)->rt_flags & (RTF_CLONING | RTF_PRCLONING)) {
 				rt->rt_parent = (*ret_nrt);
 				(*ret_nrt)->rt_refcnt++;

--- sys/net/route.h.old	Thu May 30 23:42:42 2002
+++ sys/net/route.h	Thu May 30 23:52:34 2002
@@ -181,12 +181,12 @@
 	pid_t	rtm_pid;	/* identify sender */
 	int	rtm_seq;	/* for sender to identify action */
 	int	rtm_errno;	/* why failed */
-	int	rtm_use;	/* from rtentry */
+	u_long	rtm_use;	/* from rtentry */
 	u_long	rtm_inits;	/* which metrics we are initializing */
 	struct	rt_metrics rtm_rmx; /* metrics themselves */
 };
 
-#define RTM_VERSION	5	/* Up the ante and ignore older versions */
+#define RTM_VERSION	6	/* Up the ante and ignore older versions */
 
 /*
  * Message types.

--- usr.bin/netstat/route.c.old	Thu May 30 23:54:36 2002
+++ usr.bin/netstat/route.c	Thu May 30 23:54:59 2002
@@ -596,7 +596,7 @@
 	    WID_GW(addr.u_sa.sa_family));
 	p_flags(rt->rt_flags, "%-6.6s ");
 	if (addr.u_sa.sa_family == AF_INET || Wflag) {
-		printf("%6ld %8ld ", rt->rt_refcnt, rt->rt_use);
+		printf("%6ld %8lu ", rt->rt_refcnt, rt->rt_use);
 		if (Wflag) {
 			if (rt->rt_rmx.rmx_mtu != 0)
 				printf("%6lu ", rt->rt_rmx.rmx_mtu);

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message