Date: Tue, 23 Apr 2013 21:05:41 +0200 From: Nick Hibma <nick@van-laarhoven.org> To: =?windows-1252?Q?=93FreeBSD_Current_Mailing_List=94?= <freebsd-current@freebsd.org> Subject: route -blackhole option behaves differently on localhost from a normal host Message-ID: <53B85A94-CA29-4802-97BF-536B9931730D@van-laarhoven.org>
next in thread | raw e-mail | index | archive | help
After doing a
route add <host> 127.0.0.1 -blackhole
on a FreeBSD 8.3 host I noticed that nc <host> 80 would instantly return =
with ENETUNRACH, instead of timing out, while blackhole routing to a =
real host would time out. Checking in CURRENT (october 2012) reveals the =
same behaviour:
# netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif =
Expire
default 10.0.2.2 UGS 0 1 vtnet0
10.0.2.0/24 link#1 U 0 1295 vtnet0
10.0.2.15 link#1 UHS 0 0 lo0
10.0.3.0/24 link#2 U 0 0 vtnet1
10.0.3.4 link#2 UHS 0 0 lo0
127.0.0.1 link#3 UH 0 1479 lo0
Internet6:
Destination Gateway Flags =
Netif Expire
::/96 ::1 UGRS =
lo0
::1 link#3 UH =
lo0
::ffff:0.0.0.0/96 ::1 UGRS =
lo0
fe80::/10 ::1 UGRS =
lo0
fe80::%vtnet1/64 link#2 U =
vtnet1
fe80::a00:27ff:fea4:1a9a%vtnet1 link#2 UHS =
lo0
fe80::%lo0/64 link#3 U =
lo0
fe80::1%lo0 link#3 UHS =
lo0
ff01::%vtnet1/32 fe80::a00:27ff:fea4:1a9a%vtnet1 U =
vtnet1
ff01::%lo0/32 ::1 U =
lo0
ff02::/16 ::1 UGRS =
lo0
ff02::%vtnet1/32 fe80::a00:27ff:fea4:1a9a%vtnet1 U =
vtnet1
ff02::%lo0/32 ::1 U =
lo0
# route add 4.2.2.1 127.0.0.1 -blackhole
add host 4.2.2.1: gateway 127.0.0.1
# route add 4.2.2.2 10.0.2.15 -blackhole
add host 4.2.2.2: gateway 10.0.2.15
# time nc -v -w 3 4.2.2.2 80
nc: connect to 4.2.2.2 port 80 (tcp) failed: Operation timed out
real 0m3.089s
user 0m0.000s
sys 0m0.014s
# time nc -v -w 3 4.2.2.1 80
nc: connect to 4.2.2.1 port 80 (tcp) failed: Network is unreachable
real 0m0.014s
user 0m0.000s
sys 0m0.014s
# uname -a
FreeBSD citske.localdomain 10.0-CURRENT FreeBSD 10.0-CURRENT #3 =
r241988M: Wed Oct 24 15:21:27 CEST 2012 =
root@citske.localdomain:/usr/obj/usr/src/sys/CITSKE i386
A quick grep -r through the kernel did not provide me with any obvious =
mistake, but a colleague suggested that for localhost an if 'statement' =
like the following might be missing somewhere:
if (rt && rt->rt_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
m_freem(m);
return (rt->rt_flags & RTF_BLACKHOLE ? 0 :
rt->rt_flags & RTF_HOST ? EHOSTUNREACH : =
ENETUNREACH);
}
Any pointers would be appreciated
Nick Hibma
nick@van-laarhoven.org
GTD: Time management for chaotic people.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53B85A94-CA29-4802-97BF-536B9931730D>