On Thu, Oct 06, 2016 at 11:12:18PM +0200, Christian Weisgerber wrote:
> Something is very broken at the intersection of IPv6, NDP, and IPsec
> in -current.
I also see issues with IPv6 and NDP, but no IPsec involved. There
are several other threads on bugs@ about broken IPv6.
It seems that sending neighbor solicitation retries for expired ND
entries does not work. The diff below helps in my case, although
it is only a workaround and not MP safe. It would be interesting
to know wether it also affects your scenario.
The RTF_CACHED code was introduced with this commit:
----------------------------
revision 1.190
date: 2016/08/22 16:01:52; author: mpi; state: Exp; lines: +24 -6;
commitid: Jx7agqiuXqs8RRGd;
Make the ``rt_gwroute'' pointer of RTF_GATEWAY entries immutable.
This means that no protection is needed to guarantee that the next hop
route wont be modified by CPU1 while CPU0 is dereferencing it in a L2
resolution functions.
While here also fix an ``ifa'' leak resulting in RTF_GATEWAY being always
invalid.
dlg@ likes it, inputs and ok bluhm@
----------------------------
bluhm
Index: netinet6/nd6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.193
diff -u -p -r1.193 nd6.c
--- netinet6/nd6.c 3 Oct 2016 12:33:21 -0000 1.193
+++ netinet6/nd6.c 13 Oct 2016 21:47:25 -0000
@@ -827,7 +827,7 @@ nd6_free(struct rtentry *rt, int gc)
* caches, and disable the route entry not to be used in already
* cached routes.
*/
- if (!ISSET(rt->rt_flags, RTF_STATIC|RTF_CACHED))
+ if (!ISSET(rt->rt_flags, RTF_STATIC))
rtdeletemsg(rt, ifp, ifp->if_rdomain);
splx(s);
