Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Mar 2023 18:35:29 +0100
From:      tuexen@freebsd.org
To:        Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Cc:        "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject:   Re: assigning different TCP stacks to the jails
Message-ID:  <9EF3E6E6-E372-413E-A214-690F003AF524@freebsd.org>
In-Reply-To: <adf55596-a729-4934-79d9-f02750e84960@plan-b.pwste.edu.pl>
References:  <18985515-e3bf-1575-4abb-30e511a45ae7@plan-b.pwste.edu.pl> <7BBAF016-3D98-40F2-9215-30E572B5857E@freebsd.org> <adf55596-a729-4934-79d9-f02750e84960@plan-b.pwste.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On 19. Mar 2023, at 16:59, Marek Zarychta =
<zarychtam@plan-b.pwste.edu.pl> wrote:
>=20
> W dniu 19.03.2023 o 14:42, tuexen@freebsd.org pisze:
>>> On 19. Mar 2023, at 14:12, Marek Zarychta =
<zarychtam@plan-b.pwste.edu.pl> wrote:
>>>=20
>>> Dear subscribers of the list,
>>>=20
>>> TCP algo modules can be loaded/unloaded/changed on the fly. In =
FreeBSD 14-CURRENT one can even change it on an active socket with =
tcpsso(8) utility, but there is no way to run jail with different TCP =
stack. Neither normal nor VNET jail support switching sysctl =
net.inet.tcp.functions_default.
>>>=20
>>> Is there any way to set TCP algo inherited through fork+exec in a =
similar way setfib(1) assigns fib or perhaps assign TCP algo per VNET =
instance?
>> Hi Marek,
>>=20
>> so you are asking for the sysctl variable =
net.inet.tcp.functions_default to be vnet specific?
>=20
> Thanks for the reply Michael,
>=20
> yes, and... not. I tend to run non-vnet jails when it's possible, so =
in my case, a jail(8) parameter like exec.fib would fit better, and even =
an execute helper utility, a counterpart of setfib(1) would suffice.
Im not familiar with fibs, but the TCP stack knows about the vnet, so =
the handling of the stack can
be made vnet specific in the same way the handling of the CC module is. =
But I'm not sure about fibs.
I can bring this up on the next FreeBSD transport VC and see what others =
think.

Best regards
Michael
>=20
> With kind regards
>=20
> Marek
>=20
>>=20
>> Best regards
>> Michael
>>> I am asking, since the almost perfect tcp_rack(4) applied on the =
host is missing TCP-MD5 singing feature which is required in one of the =
jails.
>>>=20
>>> Cheers
>>> --=20
>>> Marek Zarychta

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9EF3E6E6-E372-413E-A214-690F003AF524>