From owner-freebsd-bugs Mon Oct 28 4: 0:14 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1660637B401 for ; Mon, 28 Oct 2002 04:00:12 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA13143E3B for ; Mon, 28 Oct 2002 04:00:11 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9SC0Bx3066059 for ; Mon, 28 Oct 2002 04:00:11 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9SC0BZD066010; Mon, 28 Oct 2002 04:00:11 -0800 (PST) Date: Mon, 28 Oct 2002 04:00:11 -0800 (PST) Message-Id: <200210281200.g9SC0BZD066010@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Maxim Konovalov Subject: Re: kern/39937: ipstealth issue Reply-To: Maxim Konovalov Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR kern/39937; it has been noted by GNATS. From: Maxim Konovalov To: bug-followup@FreeBSD.org Cc: Chris Wasser , Subject: Re: kern/39937: ipstealth issue Date: Mon, 28 Oct 2002 14:56:02 +0300 (MSK) [ CC: Murray Stokely, our dhcp maintainer ] OK, I found the problem but I have no idea about proper fix now. We have: options IPSTEALTH net.inet.ip.stealth=1 net.inet.ip.forwarding=1 We run dhclient and get lock up. The problem is in endless loop: ip_input -> ip_forward -> ip_output -> ip_input. The loop is present regardless of net.inet.ip.stealth but with net.inet.ip.stealth=0 ip_input() has a chance to decrement TTL on each cycle and a packet expires. Why does the loop exist? dhclient(8) invokes dhclient-script(8) which installs a static route: route add $alias_ip_address 127.0.0.1 which makes endless routing loop. Frankly, I do not understand a purpose of that route. Here is a quick and probably dirty hack: Index: isc-dhcp/client/scripts/freebsd =================================================================== RCS file: /home/ncvs/src/contrib/isc-dhcp/client/scripts/freebsd,v retrieving revision 1.20 diff -u -r1.20 freebsd --- isc-dhcp/client/scripts/freebsd 19 Feb 2002 12:10:40 -0000 1.20 +++ isc-dhcp/client/scripts/freebsd 28 Oct 2002 11:44:16 -0000 @@ -122,7 +122,6 @@ if [ -n "$new_routers" ]; then $LOGGER "New Routers: $new_routers" fi - route add $new_ip_address 127.1 >/dev/null 2>&1 for router in $new_routers; do route add default $router >/dev/null 2>&1 done @@ -138,7 +137,6 @@ if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ]; then ifconfig $interface inet alias $alias_ip_address $alias_subnet_arg - route add $alias_ip_address 127.0.0.1 fi make_resolv_conf exit_with_hooks 0 @@ -168,7 +166,6 @@ fi if [ x$alias_ip_address != x ]; then ifconfig $interface inet alias $alias_ip_address $alias_subnet_arg - route add $alias_ip_address 127.0.0.1 fi exit_with_hooks 0 fi @@ -191,9 +188,7 @@ if [ x$new_ip_address != x$alias_ip_address ] && \ [ x$alias_ip_address != x ]; then ifconfig $interface inet alias $alias_ip_address $alias_subnet_arg - route add $alias_ip_address 127.0.0.1 fi - route add $new_ip_address 127.1 >/dev/null 2>&1 for router in $new_routers; do route add default $router >/dev/null 2>&1 done %%% With this patch my 4.7-STABLE works OK. -- Maxim Konovalov, maxim@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message