Re: assigning different TCP stacks to the jails
- In reply to: Zhenlei Huang : "Re: assigning different TCP stacks to the jails"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 20 Mar 2023 09:57:09 UTC
> On 20. Mar 2023, at 07:24, Zhenlei Huang <zlei@FreeBSD.org> wrote: > > > >> On Mar 20, 2023, at 1:35 AM, tuexen@freebsd.org wrote: >> >>> On 19. Mar 2023, at 16:59, Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote: >>> >>> W dniu 19.03.2023 o 14:42, tuexen@freebsd.org pisze: >>>>> On 19. Mar 2023, at 14:12, Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote: >>>>> >>>>> Dear subscribers of the list, >>>>> >>>>> TCP algo modules can be loaded/unloaded/changed on the fly. In FreeBSD 14-CURRENT one can even change it on an active socket with tcpsso(8) utility, but there is no way to run jail with different TCP stack. Neither normal nor VNET jail support switching sysctl net.inet.tcp.functions_default. >>>>> >>>>> Is there any way to set TCP algo inherited through fork+exec in a similar way setfib(1) assigns fib or perhaps assign TCP algo per VNET instance? >>>> Hi Marek, >>>> >>>> so you are asking for the sysctl variable net.inet.tcp.functions_default to be vnet specific? >>> >>> Thanks for the reply Michael, >>> >>> yes, and... not. I tend to run non-vnet jails when it's possible, so in my case, a jail(8) parameter like exec.fib would fit better, and even an execute helper utility, a counterpart of setfib(1) would suffice. >> Im not familiar with fibs, but the TCP stack knows about the vnet, so the handling of the stack can >> be made vnet specific in the same way the handling of the CC module is. > > > A quick look at tcp_subr.c, I think it is doable and make `tcp_func_set_ptr` a per vnet one will be flexible enough. Yes, but we must take regarding ref counting when trying to unload a module. But that can be done similar to the handling of CC modules. > >> But I'm not sure about fibs. >> I can bring this up on the next FreeBSD transport VC and see what others think. > > As for fibs, they stand for 'forwarding information base' and are for the routing part. > I do not think it is a proper hook point for upper layers such as TCP in this context. Yes, this is what I also think. Will bring it up on the transport call coming Thursday. Best regards Michael > > Best regards, > Zhenlei > >> >> Best regards >> Michael >>> >>> With kind regards >>> >>> Marek >>> >>>> >>>> Best regards >>>> Michael >>>>> I am asking, since the almost perfect tcp_rack(4) applied on the host is missing TCP-MD5 singing feature which is required in one of the jails. >>>>> >>>>> Cheers >>>>> -- >>>>> Marek Zarychta > > > >