Re: assigning different TCP stacks to the jails
Date: Sun, 19 Mar 2023 15:59:19 UTC
W dniu 19.03.2023 o 14:42, tuexen@freebsd.org pisze: >> On 19. Mar 2023, at 14:12, Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote: >> >> Dear subscribers of the list, >> >> TCP algo modules can be loaded/unloaded/changed on the fly. In FreeBSD 14-CURRENT one can even change it on an active socket with tcpsso(8) utility, but there is no way to run jail with different TCP stack. Neither normal nor VNET jail support switching sysctl net.inet.tcp.functions_default. >> >> Is there any way to set TCP algo inherited through fork+exec in a similar way setfib(1) assigns fib or perhaps assign TCP algo per VNET instance? > Hi Marek, > > so you are asking for the sysctl variable net.inet.tcp.functions_default to be vnet specific? Thanks for the reply Michael, yes, and... not. I tend to run non-vnet jails when it's possible, so in my case, a jail(8) parameter like exec.fib would fit better, and even an execute helper utility, a counterpart of setfib(1) would suffice. With kind regards Marek > > Best regards > Michael >> I am asking, since the almost perfect tcp_rack(4) applied on the host is missing TCP-MD5 singing feature which is required in one of the jails. >> >> Cheers >> -- >> Marek Zarychta