From owner-freebsd-net@freebsd.org  Sat Oct 21 18:10:45 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB774E361BD
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Sat, 21 Oct 2017 18:10:45 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7246A6578E
 for <freebsd-net@freebsd.org>; Sat, 21 Oct 2017 18:10:44 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be
 forged))
 by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id v9LIATTn084958
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Sat, 21 Oct 2017 20:10:30 +0200 (CEST)
 (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: freebsd-rwg@pdx.rh.CN85.dnsmgr.net
Received: from [10.58.0.4] ([10.58.0.4])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id v9LIAKV5056358
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Sun, 22 Oct 2017 01:10:20 +0700 (+07)
 (envelope-from eugen@grosbein.net)
Subject: Re: loopback routes miss RTF_PINNED flag
To: "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net>
References: <201710211738.v9LHcboD035221@pdx.rh.CN85.dnsmgr.net>
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <59EB8D87.9080700@grosbein.net>
Date: Sun, 22 Oct 2017 01:10:15 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <201710211738.v9LHcboD035221@pdx.rh.CN85.dnsmgr.net>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE
 autolearn=no autolearn_force=no version=3.4.1
X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000] *  2.6 LOCAL_FROM From my domains
 *  1.9 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Oct 2017 18:10:46 -0000

22.10.2017 0:38, Rodney W. Grimes wrote:

>> When IP address is being added to an interface, a kernel installs loopback route.
>> For P2P interfaces, we have local IP address and remote one.
>>
>> A route to remote address is added with RTF_PINNED flag,
>> so that it overrides any possibly existing route to that address added
>> by a routing daemon and that's fine.
>>
>> A route to local address created with ifa_maintain_loopback_route() function in
>> https://svnweb.freebsd.org/base/head/sys/net/if.c?annotate=323170#l1711
>> misess RTF_PINNED flag, so that it cannot override similar possibly existing route
>> and that's not fine as rtrequest1_fib() returns EEXIST in such case.
>> This error is then propagated back to userland ioctl SIOCAIFADD breaking
>> interface configuration sequence. See also https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223129
>> for real world example.
>>
>> Is there a reason for such loopback routes to not have RTF_PINNED flag?
> 
> Is there a reason that the kernel is setting a policy at all?   These
> _loopback_route routines are of dubious value and mostly interfere
> with anyone running a real routing protocol.

In case of PPP interfaces, a pinned route to remote side of the interface
it absolutely needed. And not only in such case. It was long period
during which FreeBSD administrators and PPP daemons suffered from not being
able to assign an address to an interface with ifconfig command or corresponding ioctl
when there was conflicting dynamic route that had de-facto priority it should not have.
With introduction of current RTF_PINNED semantics, this long-stanging problem finally gone.

> My local tree removes this code.
> 
> The reasons claimed to it being added was if you downed/upped an
> interface you lost these routes, which have traditionally been
> installed at boot time by /etc/netstart.

Not only for this reason, see above.

> IMHO this should be handled by code outside the kernel.

Handled by what? Administrator should be able to override dynamic routes
with basic system facilities.

> Your propossed RTF_PINNED I think actually just aggrivates
> the problem with most routing daemons fighting the kernel
> on adding/removing these routes.
> 
> bird is very noisy if you do not disable this code.

quagga plays this just fine without noise.

Routing daemons should learn to respect kernel-created pinned routes, not vice-versa.