Subject: kern/15681: Still a leak on cloned routes (rt->rt_parent->rt_refcnt)
To: None <gnats-bugs@gnats.netbsd.org>
From: None <seanb@qnx.com>
List: netbsd-bugs
Date: 02/20/2002 08:54:14
>Number: 15681
>Category: kern
>Synopsis: Still a leak on cloned routes (rt->rt_parent->rt_refcnt)
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Feb 20 08:54:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Sean Boudreau
>Release: 1-5-2
>Organization:
QNX
>Environment:
NetBSD fili 1.5.2 NetBSD 1.5.2
>Description:
Looks to still be a window where cloned route's parent not decremented.
>How-To-Repeat:
Something like:
#ifconfig ex0 10.25
#while true
>Fix:
Index: net/route.c
===================================================================
RCS file: /cvsroot/syssrc/sys/net/route.c,v
retrieving revision 1.36.4.2
diff -c -r1.36.4.2 route.c
*** route.c 2001/11/13 21:17:07 1.36.4.2
--- route.c 2002/02/20 16:46:30
***************
*** 508,514 ****
panic ("rtrequest delete");
rt = (struct rtentry *)rn;
if (rt->rt_gwroute) {
! rt = rt->rt_gwroute; RTFREE(rt);
(rt = (struct rtentry *)rn)->rt_gwroute = 0;
}
if (rt->rt_parent) {
--- 508,519 ----
panic ("rtrequest delete");
rt = (struct rtentry *)rn;
if (rt->rt_gwroute) {
! rt = rt->rt_gwroute;
! if (rt->rt_parent) {
! rt->rt_parent->rt_refcnt--;
! rt->rt_parent = NULL;
! }
! RTFREE(rt);
(rt = (struct rtentry *)rn)->rt_gwroute = 0;
}
if (rt->rt_parent) {
>Release-Note:
>Audit-Trail:
>Unformatted:
>do
>route add default 10.26
>route delete default
>done
Then do 'netstat -rn' and look at 'Refs' field for 'cloning' route to
network 10.
Or if you're really sadistic:
#while true
>do
>ifconfig ex0 10.25
>route add default 10.26
>route delete default
>ifconfig ex0 -alias 10.25
>done