fixed in -current (src/sbin/route/route.c r1.153)
On 2011/06/29 12:51, Ewen McNeill wrote:
> Synopsis: route(8): add treats 0.0.0.0/ANYTHING as default route
> Category: system
> Environment:
> System : OpenBSD 4.9
> Details : OpenBSD 4.9 (GENERIC) #477: Wed Mar 2 06:50:31
> MST 2011
>
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
>
> Architecture: OpenBSD.amd64
> Machine : amd64
> Description:
> "route add" understands CIDR prefixes (eg, a.b.c.d/22) for most
> purposes, and they are used as examples in the man page, so that it
> is possible to add routes for subnets simply by specifying the CIDR
> prefix, and without using "-netmask" or "-prefixlen".
>
> However if a.b.c.d is 0.0.0.0, then irrespective of the prefix
> length specified in the CIDR prefix, "route add" will always (try to)
> add a default route, even though it will report the whole CIDR prefix
> (including the specified length) as being processed.
>
> It is possible to add a subnet starting at 0.0.0.0 using "-netmask"
> or "-prefixlen". But since only 0.0.0.0/0 is equivalent to default
> in CIDR notation, only 0.0.0.0 or 0.0.0.0/0 should be treated as the
> default route. The rest should be treated like subnets. (Subnets
> starting at 0.0.0.0 are useful to add "more specifics" for a default
> route that will be preferred by the routing engine; in my case to
> work around ripd limitations.)
>
> How-To-Repeat:
> Example session below showing incorrect handling of 0.0.0.0/LEN
> compared with -prefixlen and -netmask. Plus correct handling of eg,
> 128.0.0.0/LEN.
>
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> ewen@fw-test:~$ sudo route add 0.0.0.0/1 172.20.2.42
> add net 0.0.0.0/1: gateway 172.20.2.42
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> default 172.20.2.42 UGS 0 0 - 8 em0
> 172.20.2.42 link#1 UHLc 1 0 - 4 em0
> ewen@fw-test:~$ sudo route delete default
> delete net default
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 172.20.2.42 link#1 UHLc 0 0 - 4 em0
> ewen@fw-test:~$ sudo route add 0.0.0.0/31 172.20.2.42
> add net 0.0.0.0/31: gateway 172.20.2.42
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> default 172.20.2.42 UGS 0 0 - 8 em0
> 172.20.2.42 link#1 UHLc 1 0 - 4 em0
> ewen@fw-test:~$ sudo route delete default
> delete net default
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 172.20.2.42 link#1 UHLc 0 0 - 4 em0
> ewen@fw-test:~$ sudo route add 0.0.0.0 -prefixlen 31 172.20.2.42
> add net 0.0.0.0: gateway 172.20.2.42
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 0.0.0.0/31 172.20.2.42 UGS 0 0 - 8 em0
> 172.20.2.42 link#1 UHLc 1 0 - 4 em0
> ewen@fw-test:~$ sudo route delete 0.0.0.0 -prefixlen 31
> delete net 0.0.0.0
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 172.20.2.42 link#1 UHLc 0 0 - 4 em0
> ewen@fw-test:~$ sudo route add 0.0.0.0 -prefixlen 1 172.20.2.42
> add net 0.0.0.0: gateway 172.20.2.42
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 0/1 172.20.2.42 UGS 0 0 - 8 em0
> 172.20.2.42 link#1 UHLc 1 0 - 4 em0
> ewen@fw-test:~$ sudo route delete 0.0.0.0 -prefixlen 1
> delete net 0.0.0.0
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 172.20.2.42 link#1 UHLc 0 0 - 4 em0
> ewen@fw-test:~$ sudo route add 0.0.0.0 -netmask 128.0.0.0 172.20.2.42
> add net 0.0.0.0: gateway 172.20.2.42
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 0/1 172.20.2.42 UGS 0 0 - 8 em0
> 172.20.2.42 link#1 UHLc 1 0 - 4 em0
> ewen@fw-test:~$ sudo route delete 0.0.0.0 -netmask 128.0.0.0
> delete net 0.0.0.0
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 172.20.2.42 link#1 UHLc 0 0 - 4 em0
> ewen@fw-test:~$
>
> ewen@fw-test:~$ sudo route add 128.0.0.0/31 172.20.2.42
> add net 128.0.0.0/31: gateway 172.20.2.42
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 128.0.0.0/31 172.20.2.42 UGS 0 0 - 8 em0
> 172.20.2.42 link#1 UHLc 1 0 - 4 em0
> ewen@fw-test:~$ sudo route delete 128.0.0.0/31
> delete net 128.0.0.0/31
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 172.20.2.42 link#1 UHLc 0 0 - 4 em0
> ewen@fw-test:~$ sudo route add 128.0.0.0/1 172.20.2.42
> add net 128.0.0.0/1: gateway 172.20.2.42
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 128/1 172.20.2.42 UGS 0 0 - 8 em0
> 172.20.2.42 link#1 UHLc 1 0 - 4 em0
> ewen@fw-test:~$ sudo route delete 128.0.0.0/1
> delete net 128.0.0.0/1
> ewen@fw-test:~$ netstat -nr -finet | grep 172.20.2.42
> 172.20.2.42 link#1 UHLc 0 0 - 4 em0
> ewen@fw-test:~$
>
> Fix:
> "route add" should treat "a.b.c.d/NN" as equivalent to "a.b.c.d
> -prefixlen NN", and only consider 0.0.0.0 or 0.0.0.0/0 as equivalent
> to default. Not every possible string starting with 0.0.0.0.
>
> I've not read through the source code, but suspect this is a
> too-greedy special case handler (for default route) in the route
> binary.
>
>
> dmesg:
> OpenBSD 4.9 (GENERIC) #477: Wed Mar 2 06:50:31 MST 2011
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
> real mem = 535801856 (510MB)
> avail mem = 507539456 (484MB)
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x1ffffef0 (10 entries)
> bios0: vendor Bochs version "Bochs" date 01/01/2007
> bios0: Bochs Bochs
> acpi0 at bios0: rev 0
> acpi0: sleep states S3 S4 S5
> acpi0: tables DSDT FACP SSDT APIC HPET
> acpi0: wakeup devices
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> acpihpet0 at acpi0: 100000000 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpicpu0 at acpi0
> mpbios0 at bios0: Intel MP Specification 1.4
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Opteron or Athlon 64, 2660.26 MHz
> cpu0:
> FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,PGE,CMOV,PAT,MMX,FXSR,SSE,SSE2,SSE3,POPCNT
> cpu0: apic clock running at 1000MHz
> mpbios0: bus 0 is type PCI
> mpbios0: bus 1 is type ISA
> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 11, 24 pins
> ioapic0: misconfigured as apic 0, remapped to apid 1
> vmt0 at mainbus0
> vmware: open failed, eax=564d5868, ecx=0000001e, edx=00005658
> vmt0: failed to open backdoor RPC channel (TCLO protocol)
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
> pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
> pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
> channel 0 wired to compatibility, channel 1 wired to compatibility
> wd0 at pciide0 channel 0 drive 0: <QEMU HARDDISK>
> wd0: 16-sector PIO, LBA48, 20480MB, 41943040 sectors
> wd0(pciide0:0:0): using PIO mode 0, DMA mode 2
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 0.12> ATAPI
> 5/cdrom removable
> cd0(pciide0:1:0): using PIO mode 0
> uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 1
> int 11 (irq 11)
> piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic
> 1 int 9 (irq 9)
> iic0 at piixpm0
> iic0: addr 0x4c 48=00 words 00=0000 01=0000 02=0000 03=0000 04=0000
> 05=0000 06=0000 07=0000
> iic0: addr 0x4e 48=00 words 00=0000 01=0000 02=0000 03=0000 04=0000
> 05=0000 06=0000 07=0000
> vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> em0 at pci0 dev 3 function 0 "Intel PRO/1000MT (82540EM)" rev 0x03:
> apic 1 int 11 (irq 11), address 00:16:3e:03:48:48
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pms0 at pckbc0 (aux slot)
> pckbc0: using irq 12 for aux slot
> wsmouse0 at pms0 mux 0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> fd0 at fdc0 drive 0: density unknown
> fd1 at fdc0 drive 1: density unknown
> usb0 at uhci0: USB revision 1.0
> uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> nvram: invalid checksum
> vscsi0 at root
> scsibus1 at vscsi0: 256 targets
> softraid0 at root
> root on wd0a swap on wd0b dump on wd0b
> clock: unknown CMOS layout
>
> usbdevs:
> Controller /dev/usb0:
> addr 1: full speed, self powered, config 1, UHCI root hub(0x0000),
> Intel(0x8086), rev 1.00
> port 1 powered
> port 2 powered
