Page MenuHomeFreeBSD

route: remove extra reference on ifa in rtinit1.
Needs ReviewPublic

Authored by on Nov 5 2019, 5:53 PM.



When initializing a new route, or deleting a route the ifa reference is
incremented in rtinit1. This is problematic for two reasons.

First, we increment the ifa reference twice when adding. This is because
we first increment the reference in rtinit1(), and then again in
rtrequest1_fib() when adding the route to the list. Second, during
deletion, we increment the ifa reference in rtinit1() the same as when

This results in two additional references on the ifaddr structure. The
end result is that the ifaddr structure for a new route will never be
free'd. This causes leaks for every address we add to an interface.

I'm not sure that simply removing this ifa_ref() is the best solution,
the reference counting code here is very tricky.

Signed-off-by: Jacob Keller <>

Diff Detail

Lint OK
No Unit Test Coverage
Build Status
Buildable 27361
Build 25611: arc lint + arc unit

Event Timeline

I'm really not sure this is the correct fix. Possibly we should just add an ifa_free after the rtrequest1_fib()?

You should be able to verify this leak by doing something like:

ifconfig dev0 <ip address>
ifconfig dev0 delete

and monitoring vmstat -m.

It looks like this change was part of the recently committed D22912 / rS356107