Date: Sat, 04 Aug 2001 08:11:34 +0900 From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Andre Oppermann <oppermann@telehouse.ch>, freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: 303,000 routes in kernel Message-ID: <y7vn15gg2mx.wl@condor.jinmei.org> In-Reply-To: <93100.996790166@critter> References: <3B69CE3F.1BCCB280@telehouse.ch> <93100.996790166@critter>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Fri, 03 Aug 2001 00:09:26 +0200, >>>>> Poul-Henning Kamp <phk@critter.freebsd.dk> said: >> The problem I've got now is that for every packet I get the kernel is >> making one host entry in the routing table. Because of the many UDP >> DNS requests from all over the world I've got 303'000 (yes, three- >> hundredthreethousand) entries in the kernel routing table which have >> not expired yet. So I'm getting error messages like this now: > Hmm, I wasn't aware that we cloned routes for UDP packets, are you sure > that is what is causing the routes to exists ? (Just to mention the > obvious: it's not CodeRed probes ?) Since udp_output calls in_pcbconnect(), which is shared with TCP and makes cloned host routes, unbound UDP socket can have such routes. However, I guess DNS server implementations do bind(2) specific addresses to UDP sockets, because they have to ensure an query's destination equals to a corresponding reply's source. So, I'd like to see the result of % netstat -f inet -an | grep 53 on the server node to see if the DNS server binds specific addresses. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?y7vn15gg2mx.wl>