From owner-freebsd-current@freebsd.org Sun Mar 7 22:45:11 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7204D5519DF for ; Sun, 7 Mar 2021 22:45:11 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4DtxPg1r29z4jjq for ; Sun, 7 Mar 2021 22:45:11 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: by mailman.nyi.freebsd.org (Postfix) id 3EFEE5518E7; Sun, 7 Mar 2021 22:45:11 +0000 (UTC) Delivered-To: current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3EC9B551AB4 for ; Sun, 7 Mar 2021 22:45:11 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DtxPf06XXz4jjp; Sun, 7 Mar 2021 22:45:09 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from sas1-0a2be8f95474.qloud-c.yandex.net (sas1-0a2be8f95474.qloud-c.yandex.net [IPv6:2a02:6b8:c08:f21f:0:640:a2b:e8f9]) by forward105j.mail.yandex.net (Yandex) with ESMTP id B6F02B23631; Mon, 8 Mar 2021 01:45:06 +0300 (MSK) Received: from sas1-37da021029ee.qloud-c.yandex.net (sas1-37da021029ee.qloud-c.yandex.net [2a02:6b8:c08:1612:0:640:37da:210]) by sas1-0a2be8f95474.qloud-c.yandex.net (mxback/Yandex) with ESMTP id 3KHUmax7RI-j6HCrffJ; Mon, 08 Mar 2021 01:45:06 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfw.ru; s=mail; t=1615157106; bh=oYgAwn9VAlUEjqO9mROtTKdU7a3YwereGm+SrkOGCiM=; h=To:In-Reply-To:Subject:Cc:From:Message-Id:References:Date; b=MgLuxQL0c0cPHcvlPtDmTDmukqYhXf1Mm/m3xh8SXylhgDQ+R/36TixJ/iXnylryH UbhjGH6iQMlE1AyqJHCyC+PtZhhGBvWKjk/FzKaUa0ssPnOW9XaZhJcY7DAaW1Y/Ad QwOOmKiJU5pshmaojP5hLhKCTnh7D+uV1WzmQm5w= Received: by sas1-37da021029ee.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id hlwFbvn1sC-j5JiEg9P; Mon, 08 Mar 2021 01:45:05 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: Re: ifa leak on VNET teardown From: "Alexander V. Chernikov" In-Reply-To: Date: Sun, 7 Mar 2021 22:45:04 +0000 Cc: "current@FreeBSD.org" , "Bjoern A. Zeeb" Content-Transfer-Encoding: quoted-printable Message-Id: References: <275831613248826@mail.yandex.ru> To: Kristof Provost X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Rspamd-Queue-Id: 4DtxPf06XXz4jjp X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ipfw.ru header.s=mail header.b=MgLuxQL0; dmarc=none; spf=pass (mx1.freebsd.org: domain of melifaro@ipfw.ru designates 5.45.198.248 as permitted sender) smtp.mailfrom=melifaro@ipfw.ru X-Spamd-Result: default: False [-1.10 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:5.45.192.0/19]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[ipfw.ru:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[5.45.198.248:from]; ASN(0.00)[asn:13238, ipnet:5.45.192.0/18, country:RU]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[5.45.198.248:from]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[ipfw.ru:s=mail]; FREEFALL_USER(0.00)[melifaro]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[ipfw.ru]; NEURAL_SPAM_SHORT(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[5.45.198.248:from:127.0.2.255]; RWL_MAILSPIKE_POSSIBLE(0.00)[5.45.198.248:from]; MAILMAN_DEST(0.00)[current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Mar 2021 22:45:11 -0000 > On 6 Mar 2021, at 09:26, Kristof Provost wrote: >=20 > On 13 Feb 2021, at 21:58, Alexander V. Chernikov wrote: >> It turns out we're leaking some ifas for loopback interfaces on VNET = teardown: >>=20 > There=E2=80=99s a recent bug about this as well: 253998. > The problem=E2=80=99s been around for a long time though. The pf tests = trigger it from time to time, although it doesn=E2=80=99t appear to be = 100% consistent, so my current feeling is that it may be racy. >=20 > I see =E2=80=98in6_purgeaddr: err=3D65, destination address delete = failed=E2=80=99 when we do leak, and I=E2=80=99ve also been able to = confirm this is about the ::1 IPv6 loopback address. The fun part is that it turns out that these side effects are caused by = 3 different issues. The unifying factor is that all of them are = loopback-specific. AF_LINK ifa leak exists simply because there is no domain teardown = procedure associated with AF_LINK, so we leak it for every non-vmoved = interface during VNET shutdown. PR 253998 is caused by the fact that rt_flushifroutes_af() is not able = to delete RTF_PINNED routes (e.g. all interface routes). D29116 = addresses that. in6_purgeaddr error is caused by the corner case with loopback&p2p = interfaces. D29121 addresses that.=20 >=20 > Best regards, > Kristof