CFR: FIB handling improvements

Hiroki Sato hrs at FreeBSD.org
Wed Aug 21 18:20:51 UTC 2013 

Will Andrews <will at firepipe.net> wrote
  in <CADBaqmi6c7v8ojry8uViRi9tK18n8_RaDrP+UjvcmEN9guWm3w at mail.gmail.com>:

wi> Please review: http://people.freebsd.org/~will/fix-fib-issues.1.diff
wi>
wi> This patch includes fixes for several issues relating to FIBs:
wi>
wi> * Use of dhclient with non-zero FIBs.  With this patch, it is possible
wi> to use DHCP on a specific interface with a non-zero FIB and have it
wi> work correctly with this rc.conf snippet:
wi>
wi> ifconfig_em1="SYNCDHCP"
wi> dhclient_fib_em1=1

 I think the target FIB should be handled by dhclient, not in the rc.d
 scripts.  More specifically, dhclient should call SIOCGIFFIB ioctl to
 obtain ifp->if_fib and use it if defined.  It allows the following
 configuration which is much simpler and reliable:

 ifconfig_em1="fib 1 SYNCDHCP"

wi> * Always add loopback routes for non-zero FIBs, for both IPv4 and
wi> IPv6.  Arguably, this could be a policy issue, but it is currently
wi> less-than-trivial to specify (in rc.conf) that a route needs to be
wi> applied to every FIB.

 I am not sure why this is needed.  Are the loopback host routes
 installed into all of the FIBs automatically when lo0 is initialized?

 Even if it is required, get_fibmod() is not necessary.  The following
 should work:

 # route add -inet 127.0.0.1/8 -iface lo0 -fib all

wi> * Having two or more FIBs whose interfaces share the same prefix and
wi> netmask.  This involves adding fibnum arguments to ifa_ifwithnet() and
wi> ifa_ifwithdstaddr(), and checking it within.
wi>
wi> * Setting the FIB on a network interface.  rtinit1() looks it up via
wi> the current process context, so we must be calling setfib(2) from
wi> within ifconfig.
wi>
wi> * Creating & deleting loopback routes now works correctly for
wi> non-default FIBs, by using the interface's FIB instead of always 0.
wi>
wi> Commits would be made on each of these issues separately, but since
wi> they are all related, I thought it would be easier for others to
wi> evaluate them with context.

 The other changes look reasonable to me (but not tested yet).

-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20130822/d2bb0459/attachment.sig>

More information about the freebsd-net mailing list