Date: Sat, 10 Feb 2001 16:10:27 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: <freebsd-net@freebsd.org> Subject: Cloned routes and refcounts question Message-ID: <Pine.BSF.4.31.0102101601350.91316-100000@achilles.silby.com>
next in thread | raw e-mail | index | archive | help
I've been doing some playing around with syn-ack ratelimiting, and I think I've just noticed a problem in the refcounting of routes. Specifically, I'm doing testing by synflooding from 10.1.1.1 to 10.1.1.3 with 10.1.1.1 set to deny all tcp packets coming back from 10.1.1.3. After a few seconds of this, the route table on 10.1.1.3 contains this entry: Destination Gateway Flags Refs Use Netif Expire 10.1.1.1 0:a0:cc:23:82:91 UHLW 75284 151583 dc0 638 The refs field worries me. As I understand it, refs should simply be the count of the number of active connections using that route - clearly the number should be much lower. Note that 10.1.1.1 is also the default gateway for 10.1.1.3, if that changes anything. 10.* are both running recent -currents. Out of curiousity, I checked the route table on my 4.2 box, which is on a different network and wasn't participating in the syn-fun whatsoever. Sure enough, it has more refcounts to its gateway than it should too: Destination Gateway Flags Refs Use Netif Expire default 24.183.3.1 UGSc 18 223 dc0 24.183.3.1 0:50:54:72:8c:54 UHLW 19 0 dc0 1197 So, two questions: 1. Are route entries refcounts only supposed to correspond to connections currently in existance, or do they get bumped by other network subsystems? 2. Does anyone have a guess as to where this leak is coming from in the cloning process? I'm not very familiar with the route table at this moment. Thanks, Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0102101601350.91316-100000>