Changes to route(8) or routing between r325235 and r326782?

[Eugene Grosbein]

On 12.12.2017 16:44, Thomas Steen Rasmussen wrote:
> On 12/12/2017 08:56 AM, Eugene Grosbein wrote:
>> On 12.12.2017 09:31, Thomas Steen Rasmussen wrote:
>>  
>>> After upgrading to r326782 I get the following error when trying to
>>> delete the lo0 entry (I have an rc.d script to do it):
>>>
>>> $ sudo route delete 185.96.180.10
>>> route: writing to routing socket: Address already in use
>>> delete host 185.96.180.10 fib 0: gateway uses the same route
>>> $
>>>
>>> What gives? What do I do now? :)
>> You should be using jail+vnet in first place that allows you to get desired behaviour
>> by assigning an interface to distinct jail. Take a look at jail(8) manual page
>> for vnet and vnet.interface parameters.
>>
> Hello,
> 
> Thanks, I am aware of vnet and it's uses. I am looking for the reason
> why the current method doesn't work anymore. :)

Loopback routes were not pinned by mistake that lead to kernel's inability
to assign new address/prefix to local interface if such prefix was already
installed by means of some routing daemon.

This broke stable work of parallel tunnels established to same remote network
via distinct WAN paths.

> Switching 50+ jails over to vnet is not something you "just do", the
> rewriting of firewall rules alone will be quite a job.
> 
> I am also pretty curious as to what people have been doing to solve this
> over the last many years while waiting for vimage to become stable? Have
> people just not been firewalling between jails?

I use ipfw for long time for this task. It filters inter-jail traffic over lo0 just fine.