Date: Mon, 28 Oct 2002 04:00:11 -0800 (PST) From: Maxim Konovalov <maxim@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/39937: ipstealth issue Message-ID: <200210281200.g9SC0BZD066010@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/39937; it has been noted by GNATS.
From: Maxim Konovalov <maxim@FreeBSD.org>
To: bug-followup@FreeBSD.org
Cc: Chris Wasser <flatline@cmdcomputers.ca>, <murray@FreeBSD.org>
Subject: Re: kern/39937: ipstealth issue
Date: Mon, 28 Oct 2002 14:56:02 +0300 (MSK)
[ CC: Murray Stokely, our dhcp maintainer ]
OK, I found the problem but I have no idea about proper fix now.
We have:
options IPSTEALTH
net.inet.ip.stealth=1
net.inet.ip.forwarding=1
We run dhclient <NIC name> and get lock up.
The problem is in endless loop: ip_input -> ip_forward -> ip_output ->
ip_input.
The loop is present regardless of net.inet.ip.stealth but with
net.inet.ip.stealth=0 ip_input() has a chance to decrement TTL on
each cycle and a packet expires.
Why does the loop exist?
dhclient(8) invokes dhclient-script(8) which installs a static route:
route add $alias_ip_address 127.0.0.1
which makes endless routing loop. Frankly, I do not understand a
purpose of that route.
Here is a quick and probably dirty hack:
Index: isc-dhcp/client/scripts/freebsd
===================================================================
RCS file: /home/ncvs/src/contrib/isc-dhcp/client/scripts/freebsd,v
retrieving revision 1.20
diff -u -r1.20 freebsd
--- isc-dhcp/client/scripts/freebsd 19 Feb 2002 12:10:40 -0000 1.20
+++ isc-dhcp/client/scripts/freebsd 28 Oct 2002 11:44:16 -0000
@@ -122,7 +122,6 @@
if [ -n "$new_routers" ]; then
$LOGGER "New Routers: $new_routers"
fi
- route add $new_ip_address 127.1 >/dev/null 2>&1
for router in $new_routers; do
route add default $router >/dev/null 2>&1
done
@@ -138,7 +137,6 @@
if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ];
then
ifconfig $interface inet alias $alias_ip_address $alias_subnet_arg
- route add $alias_ip_address 127.0.0.1
fi
make_resolv_conf
exit_with_hooks 0
@@ -168,7 +166,6 @@
fi
if [ x$alias_ip_address != x ]; then
ifconfig $interface inet alias $alias_ip_address $alias_subnet_arg
- route add $alias_ip_address 127.0.0.1
fi
exit_with_hooks 0
fi
@@ -191,9 +188,7 @@
if [ x$new_ip_address != x$alias_ip_address ] && \
[ x$alias_ip_address != x ]; then
ifconfig $interface inet alias $alias_ip_address $alias_subnet_arg
- route add $alias_ip_address 127.0.0.1
fi
- route add $new_ip_address 127.1 >/dev/null 2>&1
for router in $new_routers; do
route add default $router >/dev/null 2>&1
done
%%%
With this patch my 4.7-STABLE works OK.
--
Maxim Konovalov, maxim@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210281200.g9SC0BZD066010>