From: Ido Schimmel <[email protected]>
Date: Wed, 9 Jan 2019 09:57:39 +0000
> IPv4 routing tables are flushed in two cases:
>
> 1. In response to events in the netdev and inetaddr notification chains
> 2. When a network namespace is being dismantled
>
> In both cases only routes associated with a dead nexthop group are
> flushed. However, a nexthop group will only be marked as dead in case it
> is populated with actual nexthops using a nexthop device. This is not
> the case when the route in question is an error route (e.g.,
> 'blackhole', 'unreachable').
>
> Therefore, when a network namespace is being dismantled such routes are
> not flushed and leaked [1].
>
> To reproduce:
> # ip netns add blue
> # ip -n blue route add unreachable 192.0.2.0/24
> # ip netns del blue
>
> Fix this by not skipping error routes that are not marked with
> RTNH_F_DEAD when flushing the routing tables.
>
> To prevent the flushing of such routes in case #1, add a parameter to
> fib_table_flush() that indicates if the table is flushed as part of
> namespace dismantle or not.
>
> Note that this problem does not exist in IPv6 since error routes are
> associated with the loopback device.
...
> Fixes: 8cced9eff1d4 ("[NETNS]: Enable routing configuration in non-initial
> namespace.")
> Signed-off-by: Ido Schimmel <[email protected]>
Applied and queued up for -stable.
