Subject: kern/15681: Still a leak on cloned routes (rt->rt_parent->rt_refcnt)
To: None <gnats-bugs@gnats.netbsd.org>
From: None <seanb@qnx.com>
List: netbsd-bugs
Date: 02/20/2002 08:54:14
>Number:         15681
>Category:       kern
>Synopsis:       Still a leak on cloned routes (rt->rt_parent->rt_refcnt)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 20 08:54:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Sean Boudreau
>Release:        1-5-2
>Organization:
QNX
>Environment:
NetBSD fili 1.5.2 NetBSD 1.5.2
>Description:
Looks to still be a window where cloned route's parent not decremented.
>How-To-Repeat:
Something like:

#ifconfig ex0 10.25
#while true
>Fix:
Index: net/route.c
===================================================================
RCS file: /cvsroot/syssrc/sys/net/route.c,v
retrieving revision 1.36.4.2
diff -c -r1.36.4.2 route.c
*** route.c     2001/11/13 21:17:07     1.36.4.2
--- route.c     2002/02/20 16:46:30
***************
*** 508,514 ****
                        panic ("rtrequest delete");
                rt = (struct rtentry *)rn;
                if (rt->rt_gwroute) {
!                       rt = rt->rt_gwroute; RTFREE(rt);
                        (rt = (struct rtentry *)rn)->rt_gwroute = 0;
                }
                if (rt->rt_parent) {
--- 508,519 ----
                        panic ("rtrequest delete");
                rt = (struct rtentry *)rn;
                if (rt->rt_gwroute) {
!                       rt = rt->rt_gwroute;
!                       if (rt->rt_parent) {
!                               rt->rt_parent->rt_refcnt--;
!                               rt->rt_parent = NULL;
!                       }
!                       RTFREE(rt);
                        (rt = (struct rtentry *)rn)->rt_gwroute = 0;
                }
                if (rt->rt_parent) {
>Release-Note:
>Audit-Trail:
>Unformatted:
 >do
 >route add default 10.26
 >route delete default
 >done
 
 Then do 'netstat -rn' and look at 'Refs' field for 'cloning' route to
 network 10.
 
 Or if you're really sadistic:
 
 #while true
 >do
 >ifconfig ex0 10.25
 >route add default 10.26
 >route delete default
 >ifconfig ex0 -alias 10.25
 >done