From owner-freebsd-net@FreeBSD.ORG  Wed Aug 21 18:20:50 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id D3088F2A;
 Wed, 21 Aug 2013 18:20:50 +0000 (UTC) (envelope-from hrs@FreeBSD.org)
Received: from mail.allbsd.org (gatekeeper.allbsd.org
 [IPv6:2001:2f0:104:e001::32])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id B21F72F90;
 Wed, 21 Aug 2013 18:20:49 +0000 (UTC)
Received: from alph.d.allbsd.org (p2049-ipbf1102funabasi.chiba.ocn.ne.jp
 [122.26.101.49]) (authenticated bits=128)
 by mail.allbsd.org (8.14.5/8.14.5) with ESMTP id r7LIKUYJ068731
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Thu, 22 Aug 2013 03:20:40 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0)
 by alph.d.allbsd.org (8.14.5/8.14.5) with ESMTP id r7LIKUsS019951;
 Thu, 22 Aug 2013 03:20:30 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Date: Thu, 22 Aug 2013 03:20:22 +0900 (JST)
Message-Id: <20130822.032022.481255110184207810.hrs@allbsd.org>
To: will@firepipe.net
Subject: Re: CFR: FIB handling improvements
From: Hiroki Sato <hrs@FreeBSD.org>
In-Reply-To: <CADBaqmi6c7v8ojry8uViRi9tK18n8_RaDrP+UjvcmEN9guWm3w@mail.gmail.com>
References: <CADBaqmi6c7v8ojry8uViRi9tK18n8_RaDrP+UjvcmEN9guWm3w@mail.gmail.com>
X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-Mailer: Mew version 6.5 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Multipart/Signed; protocol="application/pgp-signature";
 micalg=pgp-sha1;
 boundary="--Security_Multipart(Thu_Aug_22_03_20_22_2013_352)--"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.4 at gatekeeper.allbsd.org
X-Virus-Status: Clean
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
 (mail.allbsd.org [133.31.130.32]); Thu, 22 Aug 2013 03:20:40 +0900 (JST)
X-Spam-Status: No, score=-90.6 required=13.0 tests=CONTENT_TYPE_PRESENT,
 DIRECTOCNDYN,DYN_PBL,RCVD_IN_PBL,SPF_SOFTFAIL,USER_IN_WHITELIST autolearn=no
 version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
 gatekeeper.allbsd.org
Cc: freebsd-net@FreeBSD.org, gibbs@FreeBSD.org, asomers@FreeBSD.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 18:20:51 -0000

----Security_Multipart(Thu_Aug_22_03_20_22_2013_352)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Will Andrews <will@firepipe.net> wrote
  in <CADBaqmi6c7v8ojry8uViRi9tK18n8_RaDrP+UjvcmEN9guWm3w@mail.gmail.com>:

wi> Please review: http://people.freebsd.org/~will/fix-fib-issues.1.diff
wi>
wi> This patch includes fixes for several issues relating to FIBs:
wi>
wi> * Use of dhclient with non-zero FIBs.  With this patch, it is possible
wi> to use DHCP on a specific interface with a non-zero FIB and have it
wi> work correctly with this rc.conf snippet:
wi>
wi> ifconfig_em1="SYNCDHCP"
wi> dhclient_fib_em1=1

 I think the target FIB should be handled by dhclient, not in the rc.d
 scripts.  More specifically, dhclient should call SIOCGIFFIB ioctl to
 obtain ifp->if_fib and use it if defined.  It allows the following
 configuration which is much simpler and reliable:

 ifconfig_em1="fib 1 SYNCDHCP"

wi> * Always add loopback routes for non-zero FIBs, for both IPv4 and
wi> IPv6.  Arguably, this could be a policy issue, but it is currently
wi> less-than-trivial to specify (in rc.conf) that a route needs to be
wi> applied to every FIB.

 I am not sure why this is needed.  Are the loopback host routes
 installed into all of the FIBs automatically when lo0 is initialized?

 Even if it is required, get_fibmod() is not necessary.  The following
 should work:

 # route add -inet 127.0.0.1/8 -iface lo0 -fib all

wi> * Having two or more FIBs whose interfaces share the same prefix and
wi> netmask.  This involves adding fibnum arguments to ifa_ifwithnet() and
wi> ifa_ifwithdstaddr(), and checking it within.
wi>
wi> * Setting the FIB on a network interface.  rtinit1() looks it up via
wi> the current process context, so we must be calling setfib(2) from
wi> within ifconfig.
wi>
wi> * Creating & deleting loopback routes now works correctly for
wi> non-default FIBs, by using the interface's FIB instead of always 0.
wi>
wi> Commits would be made on each of these issues separately, but since
wi> they are all related, I thought it would be easier for others to
wi> evaluate them with context.

 The other changes look reasonable to me (but not tested yet).

-- Hiroki

----Security_Multipart(Thu_Aug_22_03_20_22_2013_352)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (FreeBSD)

iEYEABECAAYFAlIVBOYACgkQTyzT2CeTzy2zCwCfViMRHsTjn+1MRAi773wmnM3m
GfYAn3Iw+1R7KsY5is0KKsYg65Vztd58
=n6GQ
-----END PGP SIGNATURE-----

----Security_Multipart(Thu_Aug_22_03_20_22_2013_352)----