From owner-svn-src-all@freebsd.org  Tue May 21 01:10:27 2019
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19BB7159924D;
 Tue, 21 May 2019 01:10:27 +0000 (UTC)
 (envelope-from freebsd@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 690256CB52;
 Tue, 21 May 2019 01:10:26 +0000 (UTC)
 (envelope-from freebsd@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1])
 by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id x4L1ALWi076421;
 Mon, 20 May 2019 18:10:21 -0700 (PDT)
 (envelope-from freebsd@gndrsh.dnsmgr.net)
Received: (from freebsd@localhost)
 by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id x4L1AL4I076420;
 Mon, 20 May 2019 18:10:21 -0700 (PDT) (envelope-from freebsd)
From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Message-Id: <201905210110.x4L1AL4I076420@gndrsh.dnsmgr.net>
Subject: Re: svn commit: r347982 - head/sys/net
In-Reply-To: <17209181558392377@myt4-ea6eba8eca77.qloud-c.yandex.net>
To: "Alexander V. Chernikov" <melifaro@freebsd.org>
Date: Mon, 20 May 2019 18:10:21 -0700 (PDT)
CC: "rgrimes@freebsd.org" <rgrimes@freebsd.org>,
 "src-committers@freebsd.org" <src-committers@freebsd.org>,
 "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,
 "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>
Reply-To: rgrimes@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Rspamd-Queue-Id: 690256CB52
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.97 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[];
 NEURAL_HAM_SHORT(-0.97)[-0.971,0]
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 01:10:27 -0000

> 20.05.2019, 07:50, "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>:
> >> ?Author: melifaro
> >> ?Date: Sun May 19 21:49:56 2019
> >> ?New Revision: 347982
> >> ?URL: https://svnweb.freebsd.org/changeset/base/347982
> >>
> >> ?Log:
> >> ???Fix rt_ifa selection during loopback route insertion process.
> >> ?????Currently such routes are added with a link-level IFA, which is
> >> ?????plain wrong. Only after the insertion they get fixed by the special
> >> ?????link_rtrequest() ifa handler. This behaviour complicates routing code
> >> ?????and makes ifa selection more complex.
> >> ???Streamline this process by explicitly moving link_rtrequest() logic
> >> ?????to the pre-insertion rt_getifa_fib() ifa selector. Avoid calling all
> >> ?????this logic in the loopback route case by explicitly specifying
> >> ?????proper rt_ifa inside the ifa_maintain_loopback_route().?
> >>
> >> ???MFC after: 2 weeks
> >> ???Differential Revision: https://reviews.freebsd.org/D20076
> >
> > I shall again state that from a routing protocol perspecitive
> > and a POLA perspective having the kernel doing route maintanance
> > of any kind is fundementally wrong.
> >
> > I still continue to stronly object to ifa_maintain_loopback_route
> > code even being present in our kernel. Having these routes
> > is a micro optimization at best, and cause issues when real
> > and actual routing protocols are in use.
> I agree with that. It indeed causes decent amount of complications and I (as another router type person) prefer to have it gone as well.
> However, one has to carefully check uRPF functionality in our firewalls, implement fib-aware in_localip_more (and its IPv6 counterpart) to make it happen.

How about we implement the simplest next step, make this
behavior either a kernel compile time option with #ifdef,
and/or a sysctl to turn it off with a bit that defaults
to current behavior while we investigate the harder solution?

> > Bruce Evans and myself have locally killed this code, and
> > just about every router type person I show it to gets ill
> > seeing it.
> >
> > Show many another system that does this and I might reconsider,
> > but I have never ever seen one.
> >
> >> ?Modified:
> >> ???head/sys/net/if.c
> >> ???head/sys/net/route.c
...
> >
> > Rod Grimes rgrimes@freebsd.org
-- 
Rod Grimes                                                 rgrimes@freebsd.org