netbsd-bugs: kern/6422: /etc/netstart flushes routes while netmasks wrong

Subject: kern/6422: /etc/netstart flushes routes while netmasks wrong
To: None <gnats-bugs@gnats.netbsd.org>
From: None <tv@pobox.com>
List: netbsd-bugs
Date: 11/10/1998 13:19:00

>Number:         6422
>Category:       kern
>Synopsis:       /etc/netstart flushes routes while netmasks wrong
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 10 10:35:01 1998
>Last-Modified:
>Originator:     Todd Vierling
>Organization:
	DuhNet:  Pointing out the obvious since 1994.
>Release:        -current 5 November 1998
>Environment:

>Description:

/etc/netstart has this little blurb:

# Flush all routes just to make sure it is clean
if checkyesno flushroutes; then
        route flush
fi

just before ipfilter, and all the ifconfig's.  It does not, however, flush
all routes after the ifconfig's, since the ifconfig actions add localhost
routes at the same time.  This is a problem in a netboot environment on
SPARC (bootparams), where a host can gain an illegal route to an interface
for a remote host before the netmask is set.

>How-To-Repeat:

Router to uplink is 10.0.111.1.

Netboot server is 10.0.111.2, netmask 255.255.255.0.

Netboot client (NetBSD) is 10.0.111.3, netmask 255.255.255.0.

10.0.111.3 begins booting, loads its netboot file, loads its kernel over
TFTP, then runs the kernel.  After the kernel is up, but before the
netmasks are set on the interfaces (in other words, it's currently using
classful 255.0.0.0 netmask), a packet comes in for 10.0.111.3 from
10.0.100.6.  10.0.111.3 adds a route to its routing table indicating that
10.0.100.6 is on its local ethernet.  (See example of "route show" below.)

Then, the netmask is properly set, and system comes up.  User attempts to
contact host 10.0.100.6 and is dumbfounded that no packets seem to be
reaching the host.  Pings show "sendto: Host is down".

% route show
...
10.0.100.6      link#1             UH

>Fix:

Not totally sure what would be appropriate.

Workaround: none really.  I have to "route delete" the offending host(s).

I thought of separating the netmask from lo0 routes in netstart, with a
route flush in between, but that seemed icky.
>Audit-Trail:
>Unformatted: