On 2015/09/13 11:15, Martin Pieuchot wrote:
> Currently we leave RTF_STATIC route entries in the table when the
> address they are attached to is removed from a system.
>
> That's why ifas need to be refcounted and that's why we have *a lot*
> of checks in the stack to not use cached routes attached to such ifa.
>
> I'd like to simplify all of this by simply purging all the routes
> attached to an ifa being removed. This behavior is coherent with
> the fact that routes *need* an ifa to be inserted in the table.
>
> This makes the kernel simpler as it no longer try to find a new ifa
> when a route with a stale address is being used.
This does bad things with pppoe(4) default routes, the usual way to
configure this is with a wildcard 0.0.0.0 in hostname.pppoe0 and with
default pointing with -ifp pppoe0.
I'm not 100% sure about this but I guess that when IPCP negotiates
an address and removes the temporary 0.0.0.0 wildcard address to
configure it on the interface, the default -ifp route is also killed.
If you want to play with this yourself and don't have pppoe available,
you can build a pppoe test rig using npppd.
On the client side:
cat >> /etc/hostname.pppoe0 << EOF
inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em0 \
authproto chap authname test authkey yayaya
!route add default -ifp pppoe0 0.0.0.1
EOF
On the server side (will nat/route, assuming it has internet access itself):
ifconfig pppx0 up
sysctl net.pipex.enable=1
sysctl net.inet.ip.forwarding=1
.... /etc/npppd/npppd.conf
authentication LOCAL type local {
users-file "/etc/npppd/npppd-users"
}
tunnel PPPOE protocol pppoe {
listen on interface em1
}
ipcp IPCP {
pool-address 172.16.192.2-172.16.192.254
dns-servers 8.8.8.8
}
interface pppx0 address 172.16.192.1 ipcp IPCP
bind tunnel from PPPOE authenticated by LOCAL to pppx0
.... /etc/npppd/npppd-users
test:password=yayaya:
.... /etc/pf.conf
<snip>
pass out quick on egress inet received-on pppx nat-to egress:0
<snip>
..........
