Hello Yannick, On 15/05/19(Wed) 15:50, Yannick Gravel wrote: > > Synopsis: Strange issue due to stale udp route cache > > Category: kernel > > Environment: > System : OpenBSD 6.5 > Details : OpenBSD 6.5 (GENERIC) #3: Sat Apr 13 14:42:43 MDT 2019 > > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC > > Architecture: OpenBSD.amd64 > Machine : amd64 > > Description: > > Problem with UDP Socket when there is a route change. > > Back in november 2004, I was deploying VPN hubs with OpenBSD 3.6 using > OpenBGPD for dynamic route distribution and OpenVPN for tunnels. > (Problem is still present in 6.5) > > The VPN part was working fine, but some added services installed were > not running as expected: > > - Logging to a central syslog server stopped working on VPN link restart, > even after the VPN was back up and the route to the central syslog server > added again. Syslog packet were sent through the default route even after > the more specific route toward the syslog server was restored. > > - Similar problem with a DNS server running as slave/secoundary master > running on the VPN hub that stopped fetching it's zone in the same > context as the previous one. > > At first, I could not find a solution, so I made a rule to always split > anything router/firewall/VPN from server/services. Not a fix but my way > of staying away from the issue. > > For a while, I could not wrap my mind around this. But some reading and > research lead me to this explanation. > > * On binding a UDP socket a route entry is cached > * On a routing fault the route entry in cache invalidated and replaced > (by a less specific rule) > * The cached route entry is never restored once the specific route is restored > > The issue is pointing to the function in_pcbrtentry and related in > src/sys/netinet/in_pcb.c > > Here is an Post shortly after when FreeBSD updated their code away from > the common BSD code that all BSD shared... A follow-up to a problem report > that I now know that is the same that what I am reporting here. > > http://lists.freebsd.org/pipermail/freebsd-current/2004-May/027072.html > > Back then the NetBSD code looked really similar to the OpenBSD code but > really changed in 2008 when I first investigated this.
What you're describing is a known limitation of the actual logic to cache route entries. There have been multiple attempts to improve it but none of them landed in the tree. Cheers, Martin
