Date: Mon, 23 Dec 2024 19:45:48 +0000 From: Paul Vixie <paul@redbarn.org> To: freebsd-net@freebsd.org Subject: Re: per-FIB socket binding Message-ID: <7772475.EvYhyI6sBW@dhcp-151.access.rits.tisf.net> In-Reply-To: <oqn0rr49-1snq-9o09-88p3-ssn063967509@yvfgf.mnoonqbm.arg> References: <Z2G_q5s35AremgYc@nuc> <4p5o59s4-5p70-0775-1479-990o1s5po7r2@yvfgf.mnoonqbm.arg> <oqn0rr49-1snq-9o09-88p3-ssn063967509@yvfgf.mnoonqbm.arg>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --nextPart3873984.kQq0lBPeGt Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" On Monday, December 23, 2024 7:23:35 PM UTC Bjoern A. Zeeb wrote: > On Sat, 21 Dec 2024, Bjoern A. Zeeb wrote: > >> Any thoughts/comments? > > > > That all said with your opt-in approach if the code itself doesn't bring > > too many new complications I'd be happy with it (assuming FIBs still > > have a use case). > > Seems there's plenty people using multi-FIB in various scenarios still, > which is good to know. > > Go for it. i've been thinking along these lines for a few years now, since my vm server is multi-fib. each interface has a fib, mostly zero. for incoming TCP SYNs, i'd like to carry that fib# into the resulting PCB so that that fib's routing table and especially its default route will be used for that connection. yes, i can do that with ipfw, and am in fact doing so now. however, that's crocky. i think defaulting to the interface FIB for connections created and maintained by the kernel should always happen -- not opt-in, not opt-out, just always. is it worth me sending a patch that does this or would it be considered controversial? (making this happen for UDP is also interesting but is a separate matter since those servers already have to maintain socket-per-interface in order to get their source addresses to match the client's destination address.) -- Paul Vixie --nextPart3873984.kQq0lBPeGt Content-Transfer-Encoding: 7Bit Content-Type: text/html; charset="us-ascii" <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><span style="font-size:0.83em;">On Monday, December 23, 2024 7:23:35 PM UTC Bjoern A. Zeeb wrote:</span></p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> On Sat, 21 Dec 2024, Bjoern A. Zeeb wrote:</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> >> Any thoughts/comments?</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> > </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> > That all said with your opt-in approach if the code itself doesn't bring</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> > too many new complications I'd be happy with it (assuming FIBs still</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> > have a use case).</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> Seems there's plenty people using multi-FIB in various scenarios still,</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> which is good to know.</p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> Go for it.</p> <br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">i've been thinking along these lines for a few years now, since my vm server is multi-fib. each interface has a fib, mostly zero. for incoming TCP SYNs, i'd like to carry that fib# into the resulting PCB so that that fib's routing table and especially its default route will be used for that connection. yes, i can do that with ipfw, and am in fact doing so now. however, that's crocky. i think defaulting to the interface FIB for connections created and maintained by the kernel should always happen -- not opt-in, not opt-out, just always. is it worth me sending a patch that does this or would it be considered controversial?</p> <br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">(making this happen for UDP is also interesting but is a separate matter since those servers already have to maintain socket-per-interface in order to get their source addresses to match the client's destination address.)</p> <br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">-- </p> <p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Paul Vixie</p> </body> </html> --nextPart3873984.kQq0lBPeGt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7772475.EvYhyI6sBW>