> On Mar 20, 2023, at 1:35 AM, [email protected] wrote: > >> On 19. Mar 2023, at 16:59, Marek Zarychta <[email protected]> >> wrote: >> >> W dniu 19.03.2023 o 14:42, [email protected] pisze: >>>> On 19. Mar 2023, at 14:12, Marek Zarychta <[email protected]> >>>> wrote: >>>> >>>> Dear subscribers of the list, >>>> >>>> TCP algo modules can be loaded/unloaded/changed on the fly. In FreeBSD >>>> 14-CURRENT one can even change it on an active socket with tcpsso(8) >>>> utility, but there is no way to run jail with different TCP stack. Neither >>>> normal nor VNET jail support switching sysctl >>>> net.inet.tcp.functions_default. >>>> >>>> Is there any way to set TCP algo inherited through fork+exec in a similar >>>> way setfib(1) assigns fib or perhaps assign TCP algo per VNET instance? >>> Hi Marek, >>> >>> so you are asking for the sysctl variable net.inet.tcp.functions_default to >>> be vnet specific? >> >> Thanks for the reply Michael, >> >> yes, and... not. I tend to run non-vnet jails when it's possible, so in my >> case, a jail(8) parameter like exec.fib would fit better, and even an >> execute helper utility, a counterpart of setfib(1) would suffice. > Im not familiar with fibs, but the TCP stack knows about the vnet, so the > handling of the stack can > be made vnet specific in the same way the handling of the CC module is.
A quick look at tcp_subr.c, I think it is doable and make `tcp_func_set_ptr` a per vnet one will be flexible enough. > But I'm not sure about fibs. > I can bring this up on the next FreeBSD transport VC and see what others > think. As for fibs, they stand for 'forwarding information base' and are for the routing part. I do not think it is a proper hook point for upper layers such as TCP in this context. Best regards, Zhenlei > > Best regards > Michael >> >> With kind regards >> >> Marek >> >>> >>> Best regards >>> Michael >>>> I am asking, since the almost perfect tcp_rack(4) applied on the host is >>>> missing TCP-MD5 singing feature which is required in one of the jails. >>>> >>>> Cheers >>>> -- >>>> Marek Zarychta
