From owner-freebsd-net  Sat Feb 10 14:10:50 2001
Delivered-To: freebsd-net@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id 1F72337B401
	for <freebsd-net@freebsd.org>; Sat, 10 Feb 2001 14:10:31 -0800 (PST)
Received: (qmail 91324 invoked by uid 1000); 10 Feb 2001 22:10:27 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 10 Feb 2001 22:10:27 -0000
Date: Sat, 10 Feb 2001 16:10:27 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: <freebsd-net@freebsd.org>
Subject: Cloned routes and refcounts question
Message-ID: <Pine.BSF.4.31.0102101601350.91316-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I've been doing some playing around with syn-ack ratelimiting, and I think
I've just noticed a problem in the refcounting of routes.

Specifically, I'm doing testing by synflooding from 10.1.1.1 to 10.1.1.3
with 10.1.1.1 set to deny all tcp packets coming back from 10.1.1.3.
After a few seconds of this, the route table on 10.1.1.3 contains this
entry:

Destination        Gateway            Flags     Refs     Use     Netif Expire
10.1.1.1           0:a0:cc:23:82:91   UHLW    75284   151583      dc0   638

The refs field worries me.  As I understand it, refs should simply be the
count of the number of active connections using that route - clearly the
number should be much lower.  Note that 10.1.1.1 is also the default
gateway for 10.1.1.3, if that changes anything.  10.* are both running
recent -currents.

Out of curiousity, I checked the route table on my 4.2 box, which is on a
different network and wasn't participating in the syn-fun whatsoever.
Sure enough, it has more refcounts to its gateway than it should too:


Destination        Gateway            Flags     Refs     Use     Netif Expire
default            24.183.3.1         UGSc       18      223      dc0
24.183.3.1         0:50:54:72:8c:54   UHLW       19        0      dc0   1197

So, two questions:

1.  Are route entries refcounts only supposed to correspond to connections
currently in existance, or do they get bumped by other network subsystems?

2.  Does anyone have a guess as to where this leak is coming from in the
cloning process?  I'm not very familiar with the route table at this
moment.

Thanks,

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message