From nobody@FreeBSD.org  Tue Jul 11 11:01:42 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 731AC16A4DA
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 11 Jul 2006 11:01:42 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3B6EF43D45
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 11 Jul 2006 11:01:42 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k6BB1fQJ034920
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 11 Jul 2006 11:01:41 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k6BB1fOR034918;
	Tue, 11 Jul 2006 11:01:41 GMT
	(envelope-from nobody)
Message-Id: <200607111101.k6BB1fOR034918@www.freebsd.org>
Date: Tue, 11 Jul 2006 11:01:41 GMT
From: Remi Denis-Courmont <rdenis@simphalempin.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: tun(4) device close removes only IPv4 addresses and routes
X-Send-Pr-Version: www-2.3

>Number:         100080
>Category:       kern
>Synopsis:       tun(4) device close removes only IPv4 addresses and routes
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bms
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 11 11:10:14 GMT 2006
>Closed-Date:    Sun Feb 25 14:49:02 GMT 2007
>Last-Modified:  Sun Feb 25 14:50:31 GMT 2007
>Originator:     Remi Denis-Courmont
>Release:        6.1
>Organization:
>Environment:
FreeBSD fbsd 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May  7 04:32:43 UTC 2006
  root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
The userland layer-3 tunnel character device tun(4) "/dev/tun" should remove all addresses and routes through an allocated network interface whenever the file descriptor is closed (src/sys/net/if_tun.c:tunclose).

However, it currently seems to only remove IPv4 (AF_INET) addresses and routes, leaving dangling routes in the network stack when IPv6 is used.
>How-To-Repeat:
This problem is known to trigger when running Miredo 0.8.5 in Teredo relay mode. At first run, the program works fine, but if it is stopped/killed or crashes, we get a dangling route on the leftover tunnel device; restarting the program will then fail with EEXIST as it tries to add the same route to a new tunnel interface. Sample configuration (/usr/local/etc/miredo.conf) would be the following one-liner:

RelayType cone

Unfortunately, setting this up in non-trivial since said software is not in the ports tree. Sources are there: http://www.remlab.net/files/miredo/v0.8/

Other tunnel software using tun + IPv6 might also be affected.
>Fix:
Supposedly yemove the AF_INET check in tunclose() from src/sys/net/if_tun.c or add a check for all supported addresses family, including but maybe not limited to AF_INET6.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->bms 
Responsible-Changed-By: bms 
Responsible-Changed-When: Fri Feb 2 23:36:29 UTC 2007 
Responsible-Changed-Why:  
I'll take this 

http://www.freebsd.org/cgi/query-pr.cgi?pr=100080 

From: Bruce M Simpson <bms@incunabulum.net>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/100080: tun(4) device close removes only IPv4 addresses
 and routes
Date: Fri, 02 Feb 2007 23:32:11 +0000

 This is a multi-part message in MIME format.
 --------------030605000904000306050305
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 The attached patch is believed to solve this problem. Tested with OpenVPN.
 
 --------------030605000904000306050305
 Content-Type: text/x-patch;
  name="tun-cleanup.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="tun-cleanup.diff"
 
 Index: if_tun.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/net/if_tun.c,v
 retrieving revision 1.161
 diff -u -p -r1.161 if_tun.c
 --- if_tun.c	6 Nov 2006 13:42:02 -0000	1.161
 +++ if_tun.c	2 Feb 2007 23:30:04 -0000
 @@ -388,16 +388,21 @@ tunclose(struct cdev *dev, int foo, int 
  		splx(s);
  	}
  
 +	/* Delete all addresses and routes which reference this interface. */
  	if (ifp->if_drv_flags & IFF_DRV_RUNNING) {
  		struct ifaddr *ifa;
  
  		s = splimp();
 -		/* find internet addresses and delete routes */
 -		TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
 -			if (ifa->ifa_addr->sa_family == AF_INET)
 -				/* Unlocked read. */
 +		TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
 +			/* deal w/IPv4 PtP destination; unlocked read */
 +			if (ifa->ifa_addr->sa_family == AF_INET) {
  				rtinit(ifa, (int)RTM_DELETE,
  				    tp->tun_flags & TUN_DSTADDR ? RTF_HOST : 0);
 +			} else {
 +				rtinit(ifa, (int)RTM_DELETE, 0);
 +			}
 +		}
 +		if_purgeaddrs(ifp);
  		ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
  		splx(s);
  	}
 
 --------------030605000904000306050305--
State-Changed-From-To: open->analyzed 
State-Changed-By: bms 
State-Changed-When: Sat Feb 3 10:01:43 UTC 2007 
State-Changed-Why:  
patch is out there for evaluation 

http://www.freebsd.org/cgi/query-pr.cgi?pr=100080 
State-Changed-From-To: analyzed->patched 
State-Changed-By: bms 
State-Changed-When: Mon Feb 5 11:15:55 UTC 2007 
State-Changed-Why:  
patched in -current 

http://www.freebsd.org/cgi/query-pr.cgi?pr=100080 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/100080: commit references a PR
Date: Mon,  5 Feb 2007 11:16:14 +0000 (UTC)

 bms         2007-02-05 11:15:52 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/net              if_tun.c 
   Log:
   Clean up after tun(4) properly; remove routes whose ifp is set to
   that of the tun instance even for the !AF_INET case, and properly
   remove configured addresses by calling if_purgeaddrs().
   
   Maintain the TUN_DSTADDR behaviour for compatibility with the OS/390
   emulator.
   
   MFC after:      3 weeks
   PR:             100080
   Reviewed by:    bz
   
   Revision  Changes    Path
   1.163     +9 -4      src/sys/net/if_tun.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: bms 
State-Changed-When: Sun Feb 25 14:48:39 UTC 2007 
State-Changed-Why:  
MFC'd 

http://www.freebsd.org/cgi/query-pr.cgi?pr=100080 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/100080: commit references a PR
Date: Sun, 25 Feb 2007 14:48:36 +0000 (UTC)

 bms         2007-02-25 14:48:29 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_6)
     sys/net              if_tun.c 
   Log:
   MFC rev 1.163:
     Clean up after tun(4) properly; remove routes whose ifp is set to
     that of the tun instance even for the !AF_INET case, and properly
     remove configured addresses by calling if_purgeaddrs().
   
     Maintain the TUN_DSTADDR behaviour for compatibility with the OS/390
     emulator.
   
   PR:             100080
   Reviewed by:    bz
   
   Revision   Changes    Path
   1.152.2.5  +9 -4      src/sys/net/if_tun.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
