From nobody Fri Mar 21 08:13:59 2025 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZJwGF4jKKz5qq7n for ; Fri, 21 Mar 2025 08:14:29 +0000 (UTC) (envelope-from paul@redbarn.org) Received: from util.redbarn.org (util.redbarn.org [IPv6:2001:559:8000:cd::222]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.redbarn.org", Issuer "RapidSSL TLS RSA CA G1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZJwGD4JCmz41bZ; Fri, 21 Mar 2025 08:14:28 +0000 (UTC) (envelope-from paul@redbarn.org) Authentication-Results: mx1.freebsd.org; dkim=fail ("headers rsa verify failed") header.d=redbarn.org header.s=util header.b="gaH9F/Y4"; dmarc=pass (policy=reject) header.from=redbarn.org; spf=pass (mx1.freebsd.org: domain of paul@redbarn.org designates 2001:559:8000:cd::222 as permitted sender) smtp.mailfrom=paul@redbarn.org Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.redbarn.org", Issuer "RapidSSL TLS RSA CA G1" (not verified)) by util.redbarn.org (Postfix) with ESMTPS id 6D540160C24; Fri, 21 Mar 2025 08:14:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=redbarn.org; s=util; t=1742544865; bh=tB2vW5R4odf7Ige021K63lvyuzWVq6xngJ/nDFJyhCk=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=gaH9F/Y4Z5fJzAYXUT+Lottxd6QJi/ku1BnJLhXFNBSxbMeF3+TQgWgJ7l+Q3J1Hj a/S93LtWdghJH4tpNrg/RbeKWSRXr2KyyCfppw+WiGW8rbcXhHUkgb5gdPiDPBbG7z 0tjT18vjFhD8+ejCBqZMRzqhBUvvKAg2wL/NtFEE= Received: from localhost.localnet (unknown [205.220.129.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 30315C3F12; Fri, 21 Mar 2025 08:14:10 +0000 (UTC) From: Paul Vixie To: Mark Johnston , Julian Elischer Cc: "freebsd-net@freebsd.org" Subject: Re: per-FIB socket binding Date: Fri, 21 Mar 2025 08:13:59 +0000 Message-ID: <24545810.ouqheUzb2q@localhost> Organization: FW In-Reply-To: <31693e65-7d88-40ea-900d-d736cadcfe1f@elischer.org> References: <7772475.EvYhyI6sBW@dhcp-151.access.rits.tisf.net> <31693e65-7d88-40ea-900d-d736cadcfe1f@elischer.org> List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spamd-Result: default: False [-1.90 / 15.00]; NEURAL_HAM_LONG(-0.99)[-0.993]; NEURAL_HAM_SHORT(-0.97)[-0.973]; MID_RHS_NOT_FQDN(0.50)[]; CTE_CASE(0.50)[]; DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2001:559:8000::/48]; NEURAL_HAM_MEDIUM(-0.13)[-0.134]; MIME_GOOD(-0.10)[text/plain]; DMARC_POLICY_ALLOW(0.00)[redbarn.org,reject]; R_DKIM_REJECT(0.00)[redbarn.org:s=util]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_TLS_ALL(0.00)[]; HAS_ORG_HEADER(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; DKIM_TRACE(0.00)[redbarn.org:-]; FREEFALL_USER(0.00)[paul]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; MISSING_XM_UA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:33651, ipnet:2001:559:8000::/48, country:US]; RCVD_IN_DNSWL_NONE(0.00)[2001:559:8000:cd::222:from,24.104.150.213:received] X-Rspamd-Queue-Id: 4ZJwGD4JCmz41bZ X-Spamd-Bar: - This is a reply to the first of two of Julian's recent messages. On Friday, March 14, 2025 4:26:30 AM UTC Julian Elischer wrote: > On 1/28/25 12:09 AM, Mark Johnston wrote: > > On Sat, Jan 25, 2025 at 08:44:25PM +0000, Paul Vixie wrote: > >> does anyone remember why the FIB of a socket or process cannot be > >> discovered from user mode? lack of motivation -- or deliberate design > >> decision? > That was probably me. > I probably just didn't need it for my case and didn't spend time on it. KK. I have a need now. > > ... > > > > So, an application already knows the FIB number of any given socket, > > since it can find its own FIB number, and new sockets always inherit the > > FIB number of the process or the listening socket. Therefore, I believe > > there's no reason not to provide an explicit mechanism to query the FIB > > number. > > I believe so.. Not all sockets within a process are created within that process. When stdin, stdout, and stderr are pty's or pipes, they predate the process, and have no FIB of their own since they aren't sockets. Therefore the process FIB in this case has to be set after fork and before exec by the parent, so that work done within this process is within the FIB that only the parent would otherwise know about. I expect to teach sshd, http, and nginx to look at the FIB of its network socket (which after fibnum2 will not always be that of the listener socket) and then setfib() the forked process FIB to this value before execing the shell or command. Obviously that subprocess will be able to setfib() to some other value if so desired, but the default FIB for the shell and its subprocesses should be the same as for the network socket. For this I do not need a getfib() syscall but I will need an SO_FIB socket option which would allow both setting and getting. We'll have to leave SO_SETFIB for ABI/API stability reasons, of course. -- Paul Vixie