netstat -r flags for blackhole and reject routes [PSARC/2009/495 FastTrack timeout 09/23/2009]

Wed, 16 Sep 2009 12:10:55 -0400 

I'm submitting this fast-track for Erik Nordmark.  It times out on
09/23/2009.  The release binding is Minor due to the change in semantics
of the netstat -r 'B' route flag.


Background:
----------

Using route(1m) the administrator can add reject or blackhole
routes. A routing daemon can add them using route(7p). Such routes, if
matched by a packet, have the effect of dropping the packet. A reject
route would send an ICMP error when matched, and a blackhole would
silently drop the packet.

It is possible to see whether these flags are set on a route using 
"route get <ipaddr>".

But the flags are not reported in netstat -r. That is odd given that 
their effect is completely different than other routes.

BSD shows the setting of those flags in netstat -r. In NetBSD the 
letters are
      B       RTF_BLACKHOLE    Just discard pkts (during updates).
      R       RTF_REJECT       Host or net unreachable.

In FreeBSD the letters are
      B   RTF_BLACKHOLE    Just discard pkts (during updates)
      b   RTF_BROADCAST    The route represents a broadcast address
      R   RTF_REJECT       Host or net unreachable

Solaris currently uses 'B' for broadcast (in the netstat -ra output; 
does not appear without the 'a' option).

Proposal:
--------

Switch the current Solaris broadcast letter from 'B' to 'b' i.e. use the 
FreeBSD choice of letters above. (An alternative would be to keep 'B' 
for broadcast, and use the lower-case 'b' and 'r' for blackhole and 
reject, but that makes Solaris unique, which isn't necessarily a 
positive statement in this case.)

          Exported Interfaces
   -------------------------------------------------------------

   Interface                    Classification        Comments
   -------------------------------------------------------------
   netstat -r output            Uncommitted(*)        netstat(1m)


(*) PSARC/2001/355 has some background on this.


Man page changes:
----------------

netstat(1m) is changed as follows:
*** ipd.netstat.orig    Tue Sep 15 23:15:55 2009
--- ipd.netstat.new     Tue Sep 15 23:17:14 2009
***************
*** 692,699 ****
--- 692,702 ----

        D    Route was created dynamically by a redirect.

+      B    Packets will be silently dropped (RTF_BLACKHOLE set)

+      R    Packets will be dropped with ICMP error sent (RTF_REJECT set)

+
        If the -a option is specified, there will be routing entries
        with the following flags:

***************
*** 700,706 ****
        A    Combined routing and address resolution entries.


!      B    Broadcast addresses.


        L    Local addresses for the host.
--- 703,709 ----
        A    Combined routing and address resolution entries.


!      b    Broadcast addresses.


        L    Local addresses for the host.

Reply via email to