> On 20. Mar 2023, at 07:24, Zhenlei Huang <[email protected]> wrote: > > > >> On Mar 20, 2023, at 1:35 AM, [email protected] wrote: >> >>> On 19. Mar 2023, at 16:59, Marek Zarychta <[email protected]> >>> wrote: >>> >>> W dniu 19.03.2023 o 14:42, [email protected] pisze: >>>>> On 19. Mar 2023, at 14:12, Marek Zarychta <[email protected]> >>>>> wrote: >>>>> >>>>> Dear subscribers of the list, >>>>> >>>>> TCP algo modules can be loaded/unloaded/changed on the fly. In FreeBSD >>>>> 14-CURRENT one can even change it on an active socket with tcpsso(8) >>>>> utility, but there is no way to run jail with different TCP stack. >>>>> Neither normal nor VNET jail support switching sysctl >>>>> net.inet.tcp.functions_default. >>>>> >>>>> Is there any way to set TCP algo inherited through fork+exec in a similar >>>>> way setfib(1) assigns fib or perhaps assign TCP algo per VNET instance? >>>> Hi Marek, >>>> >>>> so you are asking for the sysctl variable net.inet.tcp.functions_default >>>> to be vnet specific? >>> >>> Thanks for the reply Michael, >>> >>> yes, and... not. I tend to run non-vnet jails when it's possible, so in my >>> case, a jail(8) parameter like exec.fib would fit better, and even an >>> execute helper utility, a counterpart of setfib(1) would suffice. >> Im not familiar with fibs, but the TCP stack knows about the vnet, so the >> handling of the stack can >> be made vnet specific in the same way the handling of the CC module is. > > > A quick look at tcp_subr.c, I think it is doable and make `tcp_func_set_ptr` > a per vnet one will be flexible enough. Yes, but we must take regarding ref counting when trying to unload a module. But that can be done similar to the handling of CC modules. > >> But I'm not sure about fibs. >> I can bring this up on the next FreeBSD transport VC and see what others >> think. > > As for fibs, they stand for 'forwarding information base' and are for the > routing part. > I do not think it is a proper hook point for upper layers such as TCP in this > context. Yes, this is what I also think. Will bring it up on the transport call coming Thursday.
Best regards Michael > > Best regards, > Zhenlei > >> >> Best regards >> Michael >>> >>> With kind regards >>> >>> Marek >>> >>>> >>>> Best regards >>>> Michael >>>>> I am asking, since the almost perfect tcp_rack(4) applied on the host is >>>>> missing TCP-MD5 singing feature which is required in one of the jails. >>>>> >>>>> Cheers >>>>> -- >>>>> Marek Zarychta > > > >
