Date: Mon, 20 May 2019 18:10:21 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: "Alexander V. Chernikov" <melifaro@freebsd.org> Cc: "rgrimes@freebsd.org" <rgrimes@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r347982 - head/sys/net Message-ID: <201905210110.x4L1AL4I076420@gndrsh.dnsmgr.net> In-Reply-To: <17209181558392377@myt4-ea6eba8eca77.qloud-c.yandex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> 20.05.2019, 07:50, "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>: > >> ?Author: melifaro > >> ?Date: Sun May 19 21:49:56 2019 > >> ?New Revision: 347982 > >> ?URL: https://svnweb.freebsd.org/changeset/base/347982 > >> > >> ?Log: > >> ???Fix rt_ifa selection during loopback route insertion process. > >> ?????Currently such routes are added with a link-level IFA, which is > >> ?????plain wrong. Only after the insertion they get fixed by the special > >> ?????link_rtrequest() ifa handler. This behaviour complicates routing code > >> ?????and makes ifa selection more complex. > >> ???Streamline this process by explicitly moving link_rtrequest() logic > >> ?????to the pre-insertion rt_getifa_fib() ifa selector. Avoid calling all > >> ?????this logic in the loopback route case by explicitly specifying > >> ?????proper rt_ifa inside the ifa_maintain_loopback_route().? > >> > >> ???MFC after: 2 weeks > >> ???Differential Revision: https://reviews.freebsd.org/D20076 > > > > I shall again state that from a routing protocol perspecitive > > and a POLA perspective having the kernel doing route maintanance > > of any kind is fundementally wrong. > > > > I still continue to stronly object to ifa_maintain_loopback_route > > code even being present in our kernel. Having these routes > > is a micro optimization at best, and cause issues when real > > and actual routing protocols are in use. > I agree with that. It indeed causes decent amount of complications and I (as another router type person) prefer to have it gone as well. > However, one has to carefully check uRPF functionality in our firewalls, implement fib-aware in_localip_more (and its IPv6 counterpart) to make it happen. How about we implement the simplest next step, make this behavior either a kernel compile time option with #ifdef, and/or a sysctl to turn it off with a bit that defaults to current behavior while we investigate the harder solution? > > Bruce Evans and myself have locally killed this code, and > > just about every router type person I show it to gets ill > > seeing it. > > > > Show many another system that does this and I might reconsider, > > but I have never ever seen one. > > > >> ?Modified: > >> ???head/sys/net/if.c > >> ???head/sys/net/route.c ... > > > > Rod Grimes rgrimes@freebsd.org -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905210110.x4L1AL4I076420>