On 2015/09/13 11:15, Martin Pieuchot wrote: > Currently we leave RTF_STATIC route entries in the table when the > address they are attached to is removed from a system. > > That's why ifas need to be refcounted and that's why we have *a lot* > of checks in the stack to not use cached routes attached to such ifa. > > I'd like to simplify all of this by simply purging all the routes > attached to an ifa being removed. This behavior is coherent with > the fact that routes *need* an ifa to be inserted in the table. > > This makes the kernel simpler as it no longer try to find a new ifa > when a route with a stale address is being used.
This does bad things with pppoe(4) default routes, the usual way to configure this is with a wildcard 0.0.0.0 in hostname.pppoe0 and with default pointing with -ifp pppoe0. I'm not 100% sure about this but I guess that when IPCP negotiates an address and removes the temporary 0.0.0.0 wildcard address to configure it on the interface, the default -ifp route is also killed. If you want to play with this yourself and don't have pppoe available, you can build a pppoe test rig using npppd. On the client side: cat >> /etc/hostname.pppoe0 << EOF inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em0 \ authproto chap authname test authkey yayaya !route add default -ifp pppoe0 0.0.0.1 EOF On the server side (will nat/route, assuming it has internet access itself): ifconfig pppx0 up sysctl net.pipex.enable=1 sysctl net.inet.ip.forwarding=1 .... /etc/npppd/npppd.conf authentication LOCAL type local { users-file "/etc/npppd/npppd-users" } tunnel PPPOE protocol pppoe { listen on interface em1 } ipcp IPCP { pool-address 172.16.192.2-172.16.192.254 dns-servers 8.8.8.8 } interface pppx0 address 172.16.192.1 ipcp IPCP bind tunnel from PPPOE authenticated by LOCAL to pppx0 .... /etc/npppd/npppd-users test:password=yayaya: .... /etc/pf.conf <snip> pass out quick on egress inet received-on pppx nat-to egress:0 <snip> ..........