I wrote, just a few minutes ago (sigh!),

> I'm seeing weird errors trying to add a route:  [...]

Of course, no sooner did I send a note to the list than I tumbled to
the actual problem.  (Nothing like displaying my ignorance and
carelessness to the whole list to make me find the bug!)

The problem was, the code that was setting up tun0 was not zero-filling
the struct ifaliasreq it was using before it made the SIOCAIFADDR call
to install the address.  This is relevant, despite the code loading all
the relevant fields of the structs sockaddr_in, because ifa_ifwithnet()
compares the entire struct sockaddr_in, including the port number bits,
including even the "unused" padding bytes at the end.  So installing an
address with nonzero bits there makes it impossible to add a route
pointing down it unless you happen to know what those bits are...hmm,
this could have security uses if you put a random cookie of some sort
there?  (Nah, maybe not, since you probably can see those bits if you
SIOCGIFADDR....)

I'd be inclined to say this ought to be fixed, though I'm not quite
sure how - it seems to me it needs an AF-specific "clean out any unused
bits in this sockaddr" (or perhaps "this ifaddr"), or else an
AF-specific comparison function for use by things like ifa_ifwithnet().

Of course, ifa_ifwithnet() isn't very AF-independent anyway because it
assumes the AF's addresses fit the bits-with-netmask model used by IP.
I'm not quite sure what the Correct fix is....

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B