From owner-freebsd-net@FreeBSD.ORG  Tue May 13 13:36:52 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1F71737B401
	for <freebsd-net@freebsd.org>; Tue, 13 May 2003 13:36:52 -0700 (PDT)
Received: from niwun.pair.com (niwun.pair.com [209.68.2.70])
	by mx1.FreeBSD.org (Postfix) with SMTP id 39F6243F93
	for <freebsd-net@freebsd.org>; Tue, 13 May 2003 13:36:51 -0700 (PDT)
	(envelope-from silby@silby.com)
Received: (qmail 90931 invoked by uid 3193); 13 May 2003 20:36:50 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 13 May 2003 20:36:50 -0000
Date: Tue, 13 May 2003 16:36:50 -0400 (EDT)
From: Mike Silbersack <silby@silby.com>
X-X-Sender: silby@niwun.pair.com
To: Shaun Jurrens <shaun.jurrens@skoleetaten.oslo.no>
In-Reply-To: <20030513154313.GR547@nevada.skoleetaten.oslo.no>
Message-ID: <Pine.BSF.4.44.0305131632560.84688-100000@niwun.pair.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-net@freebsd.org
Subject: Re: KVM exhaustion from routing table "leaks"
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2003 20:36:52 -0000


On Tue, 13 May 2003, Shaun Jurrens wrote:

> Specific questions:
>
> 1. Why do statically added routes assume -cloning?
> 2. Forgive my ignorance, but why is -cloning necessary for the default route?
> 3. Although I haven't done an exhaustive comparison of the content of the
> routing table, why don't cloned routes with Use==0 time out?
> 4. There was a security advisory about a possible DoS dealing with -cloning
> and KVA exhaustion on an earlier -release, was the fix part of the breakage?
> 5. Manual removal of routes with 'Use'==0 does not free up kernel memory, why?

I'm not sure I have time to properly answer your questions, so I'll give a
quick answer.

1.  I'm not aware of any actual memory leaks, and if there are any, we'd
definitely like to fix them.  (Some may have been fixed post 4.7, I'm not
really sure.)

2.  The process by which cloned routes are expired is indeed very poor,
and I'm not surprised that you have many sticking around for long periods
of time.  I had started writing an improved method of cleaning out stale
routes, but stopped when I found out what a mess it was.

3.  Someone said he had his graduate students working on a replacement to
cloned routes, I'm not sure what happened with that. :)

Mike "Silby" Silbersack