From nobody@FreeBSD.org  Fri Feb 16 21:23:49 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5E5BD16A406
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 16 Feb 2007 21:23:49 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 4BD1613C4B7
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 16 Feb 2007 21:23:49 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l1GLNmKV040433
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 16 Feb 2007 21:23:48 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l1GLNmrZ040432;
	Fri, 16 Feb 2007 21:23:48 GMT
	(envelope-from nobody)
Message-Id: <200702162123.l1GLNmrZ040432@www.freebsd.org>
Date: Fri, 16 Feb 2007 21:23:48 GMT
From: Ingo Flaschberger<if@xip.at>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ICMP rejects are not generated with fastforwarding enabled
X-Send-Pr-Version: www-3.0

>Number:         109246
>Category:       kern
>Synopsis:       ICMP rejects are not generated with fastforwarding enabled
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bms
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 16 21:30:03 GMT 2007
>Closed-Date:    Thu Mar 29 20:51:32 GMT 2007
>Last-Modified:  Thu Mar 29 21:00:26 GMT 2007
>Originator:     Ingo Flaschberger
>Release:        6.1-RELEASE-p12
>Organization:
>Environment:
i386
>Description:
In the routingtable is a blackhole reject route:

Destination        Gateway            Flags    Refs      Use  Netif Expire
192.168.0/16       127.0.0.1          UGR1        0        0    lo0

With fastforwarding disabled, a ICMP reject is generated:
traceroute to 192.168.200.1 (192.168.200.1), 30 hops max, 38 byte packets
 1  10.0.0.175 (10.0.0.175)  2.752 ms  0.231 ms  0.208 ms
 2  10.0.0.175 (10.0.0.175)  0.224 ms !H  0.187 ms !H  0.193 ms !H

With fastforwarding enabled, not:
traceroute to 192.168.200.1 (192.168.200.1), 30 hops max, 38 byte packets
 1  10.0.0.175 (10.0.0.175)  0.620 ms  0.214 ms  0.142 ms
 2  * * *
 3  * * *
 4  * * *


>How-To-Repeat:
No problem:
At the router:
sysctl -w net.inet.ip.forwarding=1
route add -net 192.168.0.0/8 lo0 -reject -nostatic -proto1

At another machine:
route add -net 192.168.100.0/24 gateway <ipoftherouter>
traceroute 192.168.101.1

Problem:
At the router:
sysctl -w net.inet.ip.fastforwarding=1

At another machine:
traceroute 192.168.101.1


>Fix:

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->bms 
Responsible-Changed-By: bms 
Responsible-Changed-When: Sun Mar 4 15:38:06 UTC 2007 
Responsible-Changed-Why:  
my starter for 10 

http://www.freebsd.org/cgi/query-pr.cgi?pr=109246 

From: Bruce M Simpson <bms@incunabulum.net>
To: freebsd-gnats-submit@FreeBSD.org
Cc: Andre Oppermann <andre@FreeBSD.org>
Subject: Re: kern/109246: ICMP rejects are not generated with fastforwarding
 enabled
Date: Sun, 04 Mar 2007 15:41:59 +0000

 This is a multi-part message in MIME format.
 --------------090207040100020601090607
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Oh boy oh boy this is an interesting one.
 
 1. The kernel isn't treating RTF_REJECT consistently.
    RTF_REJECT's traditional semantics are 'emit an icmp unreachable and 
 drop when this
    forwarding entry is used'.
    Neither ip_fastfwd.c nor route.c seem to be doing this correctly. 
 rmx_expire is being inspected
    if and only if RTF_REJECT is set.
 
    rt_check() is the function to watch.
 
 2. The ip_fastfwd.c conditional looks to be cloned from the route.c 
 conditional.
    It is cloning a check in rt_check() for the sake of speed.
 
    When it issues ICMP unreachable it always does so with a code of 
 ICMP_UNREACH_HOST which is most likely incorrect.
 
 3. I believe this is because the ARP code *used* to use RTF_REJECT to 
 mark that an LLINFO entry was dampened due to not being resolved. The 
 ARP code in RELENG_6 and -CURRENT no longer does this. This behaviour 
 was BSD historical, and OK for a host, but dubious for a router given 
 how the checks were performed.
 
  This is consistent with what I see in netstat -rnA although I never see 
 rmx_expire changing for a timed out LLINFO entry due to arp not 
 resolving a destination there either.
 
 The attached patch tries to fix bug #2 which is what you've run into. 
 Please test it and let me know if it does it for you. A more involved 
 fix may be needed.
 
 Regards,
 BMS
 
 --------------090207040100020601090607
 Content-Type: text/x-patch;
  name="fastfwd-reject.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="fastfwd-reject.diff"
 
 Index: ip_fastfwd.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/netinet/ip_fastfwd.c,v
 retrieving revision 1.39
 diff -u -p -r1.39 ip_fastfwd.c
 --- ip_fastfwd.c	5 Feb 2007 00:15:40 -0000	1.39
 +++ ip_fastfwd.c	4 Mar 2007 15:41:01 -0000
 @@ -423,9 +423,16 @@ passin:
  	 * Immediately drop blackholed traffic, and directed broadcasts
  	 * for either the all-ones or all-zero subnet addresses on
  	 * locally attached networks.
 +	 * Immediately drop and issue ICMP for rejected traffic.
  	 */
  	if ((ro.ro_rt->rt_flags & (RTF_BLACKHOLE|RTF_BROADCAST)) != 0)
  		goto drop;
 +	if ((ro.ro_rt->rt_flags & RTF_REJECT) != 0) {
 +		icmp_error(m, ICMP_UNREACH,
 +		    (ro.ro_rt->rt_flags & RTF_HOST) ? ICMP_UNREACH_HOST :
 +		    ICMP_UNREACH_NET, 0, 0);
 +		goto consumed;
 +	}
  
  	/*
  	 * Step 5: outgoing firewall packet processing
 @@ -497,11 +504,13 @@ passout:
  	 */
  
  	/*
 -	 * Check if route is dampned (when ARP is unable to resolve)
 +	 * Check if this forwarding entry has expired, such as when ARP
 +	 * is unable to resolve link-layer address of the destination.
  	 */
 -	if ((ro.ro_rt->rt_flags & RTF_REJECT) &&
 -	    ro.ro_rt->rt_rmx.rmx_expire >= time_uptime) {
 -		icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0);
 +	if (ro.ro_rt->rt_rmx.rmx_expire >= time_uptime) {
 +		icmp_error(m, ICMP_UNREACH,
 +		    (ro.ro_rt->rt_flags & RTF_HOST) ? ICMP_UNREACH_HOST :
 +		    ICMP_UNREACH_NET, 0, 0);
  		goto consumed;
  	}
  
 
 --------------090207040100020601090607--
State-Changed-From-To: open->analyzed 
State-Changed-By: bms 
State-Changed-When: Sun Mar 4 16:32:31 UTC 2007 
State-Changed-Why:  
I think I see what the problem is 

http://www.freebsd.org/cgi/query-pr.cgi?pr=109246 

From: Ingo Flaschberger <if@xip.at>
To: bug-followup@FreeBSD.org, if@xip.at
Cc:  
Subject: Re: kern/109246: ICMP rejects are not generated with fastforwarding
 enabled
Date: Mon, 5 Mar 2007 01:02:48 +0100 (CET)

 basically, the patch works, but the icmp response is different.
 
 without fastforwarding I get an !H, but with fastforwarding a !N icmp 
 response.
 
 bye,
  	ingo

From: Ingo Flaschberger <if@xip.at>
To: bug-followup@FreeBSD.org
Cc: "Bruce M. Simpson" <bms@FreeBSD.org>, Andre Oppermann <andre@FreeBSD.org>
Subject: Re: kern/109246: ICMP rejects are not generated with fastforwarding
 enabled
Date: Fri, 9 Mar 2007 20:04:06 +0100 (CET)

   This message is in MIME format.  The first part should be readable text,
   while the remaining parts are likely unreadable without MIME-aware tools.
 
 ---559023410-5916492-1173467046=:24590
 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
 
 Hey,
 
 after studying route.c I have writte a while new patch, which works 
 perfect. The old patch is not needed.
 
 attached patch, diff to:
 FreeBSD: src/sys/netinet/ip_fastfwd.c,v 1.28.2.5
 
 bye,
  	Ingo
 ---559023410-5916492-1173467046=:24590
 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=patch-2.diff
 Content-Transfer-Encoding: BASE64
 Content-ID: <Pine.GSO.4.64.0703092004061.24590@filebunker.xip.at>
 Content-Description: 
 Content-Disposition: attachment; filename=patch-2.diff
 
 LS0tIGlwX2Zhc3Rmd2QuY19vcmcJU3VuIE1hciAgNCAxOTowMzowMCAyMDA3
 DQorKysgaXBfZmFzdGZ3ZC5jCUZyaSBNYXIgIDkgMTg6MTY6MjggMjAwNw0K
 QEAgLTQ5Nyw3ICs0OTcsOCBAQCBwYXNzb3V0Og0KIAkgKiBDaGVjayBpZiBy
 b3V0ZSBpcyBkYW1wbmVkICh3aGVuIEFSUCBpcyB1bmFibGUgdG8gcmVzb2x2
 ZSkNCiAJICovDQogCWlmICgocm8ucm9fcnQtPnJ0X2ZsYWdzICYgUlRGX1JF
 SkVDVCkgJiYNCi0JICAgIHJvLnJvX3J0LT5ydF9ybXgucm14X2V4cGlyZSA+
 PSB0aW1lX3NlY29uZCkgew0KKwkgICAgKHJvLnJvX3J0LT5ydF9ybXgucm14
 X2V4cGlyZSA9PSAwIHx8DQorCSAgICB0aW1lX3NlY29uZCA8IHJvLnJvX3J0
 LT5ydF9ybXgucm14X2V4cGlyZSkpIHsNCiAJCWljbXBfZXJyb3IobSwgSUNN
 UF9VTlJFQUNILCBJQ01QX1VOUkVBQ0hfSE9TVCwgMCwgMCk7DQogCQlnb3Rv
 IGNvbnN1bWVkOw0KIAl9DQo=
 
 ---559023410-5916492-1173467046=:24590--
State-Changed-From-To: analyzed->patched 
State-Changed-By: bms 
State-Changed-When: Sun Mar 18 23:05:35 UTC 2007 
State-Changed-Why:  
committed to -head 

http://www.freebsd.org/cgi/query-pr.cgi?pr=109246 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/109246: commit references a PR
Date: Sun, 18 Mar 2007 23:05:28 +0000 (UTC)

 bms         2007-03-18 23:05:21 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/netinet          ip_fastfwd.c 
   Log:
   In IPv4 fast forwarding path, send ICMP unreachable messages for
   routes which have RTF_REJECT set *and* a zero expiry timer.
   
   PR:             kern/109246
   MFC after:      10 days
   Submitted by:   Ingo Flaschberger
   
   Revision  Changes    Path
   1.40      +2 -1      src/sys/netinet/ip_fastfwd.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: bms 
State-Changed-When: Thu Mar 29 20:51:23 UTC 2007 
State-Changed-Why:  
MFC 

http://www.freebsd.org/cgi/query-pr.cgi?pr=109246 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/109246: commit references a PR
Date: Thu, 29 Mar 2007 20:51:28 +0000 (UTC)

 bms         2007-03-29 20:51:20 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_6)
     sys/netinet          ip_fastfwd.c 
   Log:
   MFC rev 1.40:
     In IPv4 fast forwarding path, send ICMP unreachable messages for
     routes which have RTF_REJECT set *and* a zero expiry timer.
   
   PR:             kern/109246
   Submitted by:   Ingo Flaschberger
   
   Revision  Changes    Path
   1.28.2.6  +2 -1      src/sys/netinet/ip_fastfwd.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
