I've been doing some playing around with syn-ack ratelimiting, and I think
I've just noticed a problem in the refcounting of routes.
Specifically, I'm doing testing by synflooding from 10.1.1.1 to 10.1.1.3
with 10.1.1.1 set to deny all tcp packets coming back from 10.1.1.3.
After a few seconds of this, the route table on 10.1.1.3 contains this
entry:
Destination Gateway Flags Refs Use Netif Expire
10.1.1.1 0:a0:cc:23:82:91 UHLW 75284 151583 dc0 638
The refs field worries me. As I understand it, refs should simply be the
count of the number of active connections using that route - clearly the
number should be much lower. Note that 10.1.1.1 is also the default
gateway for 10.1.1.3, if that changes anything. 10.* are both running
recent -currents.
Out of curiousity, I checked the route table on my 4.2 box, which is on a
different network and wasn't participating in the syn-fun whatsoever.
Sure enough, it has more refcounts to its gateway than it should too:
Destination Gateway Flags Refs Use Netif Expire
default 24.183.3.1 UGSc 18 223 dc0
24.183.3.1 0:50:54:72:8c:54 UHLW 19 0 dc0 1197
So, two questions:
1. Are route entries refcounts only supposed to correspond to connections
currently in existance, or do they get bumped by other network subsystems?
2. Does anyone have a guess as to where this leak is coming from in the
cloning process? I'm not very familiar with the route table at this
moment.
Thanks,
Mike "Silby" Silbersack
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
