From owner-freebsd-current@FreeBSD.ORG Tue Apr 23 19:13:40 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 15F8216D for ; Tue, 23 Apr 2013 19:13:40 +0000 (UTC) (envelope-from nick@van-laarhoven.org) Received: from vps.van-laarhoven.org (www.hibma.org [178.21.117.90]) by mx1.freebsd.org (Postfix) with ESMTP id CFDA9189B for ; Tue, 23 Apr 2013 19:13:39 +0000 (UTC) Received: from [192.168.182.112] (119.sbbs-109-120-114.ses-broadband.net [109.120.114.119]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by vps.van-laarhoven.org (Postfix) with ESMTPSA id 8595D5F21A7; Tue, 23 Apr 2013 21:04:15 +0200 (CEST) From: Nick Hibma Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Tue, 23 Apr 2013 21:05:41 +0200 Subject: route -blackhole option behaves differently on localhost from a normal host To: =?windows-1252?Q?=93FreeBSD_Current_Mailing_List=94?= Message-Id: <53B85A94-CA29-4802-97BF-536B9931730D@van-laarhoven.org> Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) X-Mailer: Apple Mail (2.1503) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2013 19:13:40 -0000 After doing a route add 127.0.0.1 -blackhole on a FreeBSD 8.3 host I noticed that nc 80 would instantly return = with ENETUNRACH, instead of timing out, while blackhole routing to a = real host would time out. Checking in CURRENT (october 2012) reveals the = same behaviour: # netstat -nr Routing tables Internet: Destination Gateway Flags Refs Use Netif = Expire default 10.0.2.2 UGS 0 1 vtnet0 10.0.2.0/24 link#1 U 0 1295 vtnet0 10.0.2.15 link#1 UHS 0 0 lo0 10.0.3.0/24 link#2 U 0 0 vtnet1 10.0.3.4 link#2 UHS 0 0 lo0 127.0.0.1 link#3 UH 0 1479 lo0 Internet6: Destination Gateway Flags = Netif Expire ::/96 ::1 UGRS = lo0 ::1 link#3 UH = lo0 ::ffff:0.0.0.0/96 ::1 UGRS = lo0 fe80::/10 ::1 UGRS = lo0 fe80::%vtnet1/64 link#2 U = vtnet1 fe80::a00:27ff:fea4:1a9a%vtnet1 link#2 UHS = lo0 fe80::%lo0/64 link#3 U = lo0 fe80::1%lo0 link#3 UHS = lo0 ff01::%vtnet1/32 fe80::a00:27ff:fea4:1a9a%vtnet1 U = vtnet1 ff01::%lo0/32 ::1 U = lo0 ff02::/16 ::1 UGRS = lo0 ff02::%vtnet1/32 fe80::a00:27ff:fea4:1a9a%vtnet1 U = vtnet1 ff02::%lo0/32 ::1 U = lo0 # route add 4.2.2.1 127.0.0.1 -blackhole add host 4.2.2.1: gateway 127.0.0.1 # route add 4.2.2.2 10.0.2.15 -blackhole add host 4.2.2.2: gateway 10.0.2.15 # time nc -v -w 3 4.2.2.2 80 nc: connect to 4.2.2.2 port 80 (tcp) failed: Operation timed out real 0m3.089s user 0m0.000s sys 0m0.014s # time nc -v -w 3 4.2.2.1 80 nc: connect to 4.2.2.1 port 80 (tcp) failed: Network is unreachable real 0m0.014s user 0m0.000s sys 0m0.014s # uname -a FreeBSD citske.localdomain 10.0-CURRENT FreeBSD 10.0-CURRENT #3 = r241988M: Wed Oct 24 15:21:27 CEST 2012 = root@citske.localdomain:/usr/obj/usr/src/sys/CITSKE i386 A quick grep -r through the kernel did not provide me with any obvious = mistake, but a colleague suggested that for localhost an if 'statement' = like the following might be missing somewhere: if (rt && rt->rt_flags & (RTF_REJECT|RTF_BLACKHOLE)) { m_freem(m); return (rt->rt_flags & RTF_BLACKHOLE ? 0 : rt->rt_flags & RTF_HOST ? EHOSTUNREACH : = ENETUNREACH); } Any pointers would be appreciated Nick Hibma nick@van-laarhoven.org GTD: Time management for chaotic people.