Date: Wed, 18 Dec 2024 11:09:48 +0800 From: Zhenlei Huang <zlei@FreeBSD.org> To: Mark Johnston <markj@freebsd.org> Cc: freebsd-jail@freebsd.org Subject: Re: setting VNET tunables in a new jail Message-ID: <309B65DD-9CB5-4E3C-87E7-162DA221D85F@FreeBSD.org> In-Reply-To: <765C6033-2A81-4CDA-9366-4742F1750421@FreeBSD.org> References: <Z2Hq704UowT2mz2v@nuc> <765C6033-2A81-4CDA-9366-4742F1750421@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_76B56E63-7EF8-4073-A6BB-6213A13E8AC0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Dec 18, 2024, at 11:05 AM, Zhenlei Huang <zlei@FreeBSD.org> wrote: >=20 >=20 >=20 >> On Dec 18, 2024, at 5:19 AM, Mark Johnston <markj@freebsd.org = <mailto:markj@freebsd.org>> wrote: >>=20 >> We have a number of sysctls which are defined as tunables, whose = values >> cannot be changed after boot. Some of these sysctls, such as = net.fibs, >> are per-VNET so could in principle be changed at jail creation time. >=20 > For current/15, it is actually doable since my previous work [1] and = [2]. Sorry I forgot to mention the commits: 1. 110113bc086f sysctl(9): Enable vnet sysctl variables to be loader = tunable 2. cf7974fd9e55 sysctl: Update 'master' copy of vnet SYSCTLs on kernel = environment variables change >=20 > A usage example is the test plan in https://reviews.freebsd.org/D41825 = <https://reviews.freebsd.org/D41825>; . >=20 > For short, `kenv some.kenv=3Dfoo`, and then create vnet jail, `jail -c = xxx persist` . >=20 > Those commits are not MFCed to stable/14 and stable/13, as I'm not = satisfied > with the implementation. The current implementation is somewhat hacky > and I planed to re-work it. >=20 >> I'd find it useful to be able to pass a set of tunables to = jail_set(2), >> so that corresponding VNET jail has tunables set to the specified >> values. For instance, it'd be useful in test suites where I want to >> exercise the network stack with different VNET sysctl settings, = without >> having to configure the test runner at boot time. >>=20 >> I think the implementation would involve passing an environment to >> vnet_alloc(), which would copy the parent VNET context and then = iterate >> over all VNET tunables in the system, invoking >> sysctl_load_tunable_by_oid_locked() in such a way that the custom >> environment is used to update the tunable's value. >=20 > That is per-jail kenv, quite close to my working copy. >=20 >>=20 >> Is there already some way to do what I want? If not, is there some >> reason we shouldn't implement this feature? Are there examples of = VNET >> tunables for which it'd be unsafe to have values differing from the >> parent VNET? One can print a list of such variables with "sysctl >> -aVNT"; the list is pretty short and I don't see many obvious = problems >> with allowing them to be modified. >>=20 >=20 > Best regards, > Zhenlei >=20 --Apple-Mail=_76B56E63-7EF8-4073-A6BB-6213A13E8AC0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><br = class=3D""><div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D"">On Dec 18, 2024, at 11:05 AM, Zhenlei Huang <<a = href=3D"mailto:zlei@FreeBSD.org" class=3D"">zlei@FreeBSD.org</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><meta = http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii" = class=3D""><div style=3D"word-wrap: break-word; -webkit-nbsp-mode: = space; line-break: after-white-space;" class=3D""><br class=3D""><div = class=3D""><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D"">On Dec 18, 2024, at 5:19 AM, Mark Johnston <<a = href=3D"mailto:markj@freebsd.org" class=3D"">markj@freebsd.org</a>> = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div = class=3D"">We have a number of sysctls which are defined as tunables, = whose values<br class=3D"">cannot be changed after boot. Some of = these sysctls, such as net.fibs,<br class=3D"">are per-VNET so could in = principle be changed at jail creation time.<br = class=3D""></div></div></blockquote><div class=3D""><br = class=3D""></div><div class=3D"">For current/15, it is actually doable = since my previous work [1] and = [2].</div></div></div></div></blockquote><div><br = class=3D""></div><div>Sorry I forgot to mention the = commits:</div><div><br class=3D""></div><div>1. 110113bc086f sysctl(9): = Enable vnet sysctl variables to be loader tunable</div><div>2. = cf7974fd9e55 sysctl: Update 'master' copy of vnet SYSCTLs on kernel = environment variables change</div><br class=3D""><blockquote type=3D"cite"= class=3D""><div class=3D""><div style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><div = class=3D""><div class=3D""><br class=3D""></div><div class=3D"">A usage = example is the test plan in <a = href=3D"https://reviews.freebsd.org/D41825" = class=3D"">https://reviews.freebsd.org/D41825</a> .</div><div = class=3D""><br class=3D""></div><div class=3D"">For short, `kenv = some.kenv=3Dfoo`, and then create vnet jail, `jail -c xxx persist` = .</div><div class=3D""><br class=3D""></div><div class=3D"">Those = commits are not MFCed to stable/14 and stable/13, as I'm not = satisfied</div><div class=3D"">with the implementation. The current = implementation is somewhat hacky</div><div class=3D"">and I planed to = re-work it.</div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D""><div class=3D"">I'd find it useful to be able to pass a set = of tunables to jail_set(2),<br class=3D"">so that corresponding VNET = jail has tunables set to the specified<br class=3D"">values. For = instance, it'd be useful in test suites where I want to<br = class=3D"">exercise the network stack with different VNET sysctl = settings, without<br class=3D"">having to configure the test runner at = boot time.<br class=3D""><br class=3D"">I think the implementation would = involve passing an environment to<br class=3D"">vnet_alloc(), which = would copy the parent VNET context and then iterate<br class=3D"">over = all VNET tunables in the system, invoking<br = class=3D"">sysctl_load_tunable_by_oid_locked() in such a way that the = custom<br class=3D"">environment is used to update the tunable's = value.<br class=3D""></div></div></blockquote><div class=3D""><br = class=3D""></div><div class=3D"">That is per-jail kenv, quite close to = my working copy.</div><br class=3D""><blockquote type=3D"cite" = class=3D""><div class=3D""><div class=3D""><br class=3D"">Is there = already some way to do what I want? If not, is there some<br = class=3D"">reason we shouldn't implement this feature? Are there = examples of VNET<br class=3D"">tunables for which it'd be unsafe to have = values differing from the<br class=3D"">parent VNET? One can print = a list of such variables with "sysctl<br class=3D"">-aVNT"; the list is = pretty short and I don't see many obvious problems<br class=3D"">with = allowing them to be modified.<br class=3D""><br = class=3D""></div></div></blockquote></div><br class=3D""><div class=3D""> <div class=3D"">Best regards,</div><div class=3D"">Zhenlei</div> </div> <br class=3D""></div></div></blockquote></div><br class=3D""><div = class=3D""> <div><br class=3D""></div></div></body></html>= --Apple-Mail=_76B56E63-7EF8-4073-A6BB-6213A13E8AC0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?309B65DD-9CB5-4E3C-87E7-162DA221D85F>