>Number: 6640
>Category: user
>Synopsis: ripd: continues advertising kernel prefixes when removed from
>kernel routing table
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jun 29 03:10:01 GMT 2011
>Closed-Date:
>Last-Modified:
>Originator:
>Release:
>Organization:
>Environment:
>Description:
Synopsis: ripd never stops advertising prefixes
Category: system
Environment:
System : OpenBSD 4.9
Details : OpenBSD 4.9 (GENERIC) #477: Wed Mar 2 06:50:31
MST 2011
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
Architecture: OpenBSD.amd64
Machine : amd64
Description:
ripd can be configured to advertise static routes or routes
with a specific routing label. If this is done then ripd will correctly
see the new prefixes as they are added, and advertise it with the next
RIPv2 announcement (ie, within 30 seconds).
However when the routes are deleted from the kernel routing table, ripd
still continues to advertise them, apparently forever, with the same
metric (eg, 1 indicating that its one hop away). The prefixes are not
advertised with metric 16 ("unreachable") or removed from the routing
messages. (This also appears to be true for "default" if "redistribute
default" is set, but I didn't spend as long trying to make that work.)
By recompiling ripd from the OpenBSD source, with debug symbols, and by
adding some debugging printf()s, it appears that the kernel message
arrives to tell ripd that the prefix has been deleted from the kernel
routing table, but ripd is unable to find that in its RB table and so it
ignores the advice that it has been deleted (and makes no changes to its
announcement messages).
I haven't dug into the RB tree walking and insertion code to figure out
if the insert into the RB is going wrong, or the tree walking is going
wrong. I also suspect this may be AMD64 (ie 64-bit) specific.
(I also notice that it appears that ripd has been changed to a
new kernel route table interface since 4.9 was released, but it's not
clear to me whether that'll make any difference to this bug, since it
seems to be inside ripd, rather than the kernel routing table interface.
It did mean I apparently couldn't try the current ripd code on 4.9.)
How-To-Repeat:
sudo ifconfig lo1 create
sudo ifconfig lo1 172.20.5.1/24
cat <<EOF >ripd-test.conf
redistribute rtlabel default
triggered-updates yes
interface em0 {
cost 1
}
EOF
sudo tcpdump -i em0 -n port 520
ripd -v -v -d -f ripd-test.conf
sudo route add 128.0.0.0 -prefixlen 1 172.20.5.254 -label default
# wait a while
sudo route delete 128.0.0.1 -prefixlen 1
Fix:
Somehow ripd needs to figure out that it has been advertising the
prefix that the kernel has been tell it is now gone, and to stop
advertising it. At present it doesn't get that far, because it doesn't
realise it knew about the prefix that the kernel is telling it about.
This appears to be due to RB insert and/or RB find issues. Possibly due
to fields set on insert that aren't set on find or similar.
dmesg:
OpenBSD 4.9 (GENERIC) #477: Wed Mar 2 06:50:31 MST 2011
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 535801856 (510MB)
avail mem = 507539456 (484MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x1ffffef0 (10 entries)
bios0: vendor Bochs version "Bochs" date 01/01/2007
bios0: Bochs Bochs
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HPET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
acpihpet0 at acpi0: 100000000 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Opteron or Athlon 64, 2660.26 MHz
cpu0:
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,PGE,CMOV,PAT,MMX,FXSR,SSE,SSE2,SSE3,POPCNT
cpu0: apic clock running at 1000MHz
mpbios0: bus 0 is type PCI
mpbios0: bus 1 is type ISA
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 11, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
vmt0 at mainbus0
vmware: open failed, eax=564d5868, ecx=0000001e, edx=00005658
vmt0: failed to open backdoor RPC channel (TCLO protocol)
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <QEMU HARDDISK>
wd0: 16-sector PIO, LBA48, 20480MB, 41943040 sectors
wd0(pciide0:0:0): using PIO mode 0, DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 0.12> ATAPI 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 0
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 1 int
11 (irq 11)
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 1
int 9 (irq 9)
iic0 at piixpm0
iic0: addr 0x4c 48=00 words 00=0000 01=0000 02=0000 03=0000 04=0000
05=0000 06=0000 07=0000
iic0: addr 0x4e 48=00 words 00=0000 01=0000 02=0000 03=0000 04=0000
05=0000 06=0000 07=0000
vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em0 at pci0 dev 3 function 0 "Intel PRO/1000MT (82540EM)" rev 0x03: apic
1 int 11 (irq 11), address 00:16:3e:03:48:48
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: density unknown
fd1 at fdc0 drive 1: density unknown
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
nvram: invalid checksum
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
clock: unknown CMOS layout
usbdevs:
Controller /dev/usb0:
addr 1: full speed, self powered, config 1, UHCI root hub(0x0000),
Intel(0x8086), rev 1.00
port 1 powered
port 2 powered
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
