Date: Thu, 24 Jul 2008 20:31:28 +0400 From: Igor Sysoev <is@rambler-co.ru> To: Julian Elischer <julian@elischer.org> Cc: freebsd-net@freebsd.org Subject: Re: FIB MFC Message-ID: <20080724163128.GE57814@rambler-co.ru> In-Reply-To: <4888A0B5.4060302@elischer.org> References: <20080724145610.GA57814@rambler-co.ru> <4888A0B5.4060302@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 24, 2008 at 08:33:09AM -0700, Julian Elischer wrote: > Igor Sysoev wrote: > >Julian, thank you for FIB. I have tried in on FreeBSD-7. > > > >I've found that ipfw does not know about setfib: > >ipfw: invalid action setfib > > > > Oh I have not finished MFC.. > will finish today.. > > the svn server crashed last night .. :-/ > (or at least went very strange) while I was working on this so I > went to bed. > > > > >Therefore I've added missing part from CURRENT. > >Then I have tried the following configuration: > > > >vlan1: 10.0.0.100 > >vlan2: 192.168.1.100 > > > >route add default 10.0.0.1 > >setfib 1 route add default 192.168.1.1 > >ipfw add setfib 1 ip from any to any in via vlan2 > > > >I expected that outgoing packets of TCP connection established > >via vlan2 will be routed to 192.168.1.1, but this did not happen. > >The packets went to 10.0.0.1 via vlan1: > > no, while this doesmake sense, the fib is only used for outgoing > packets and the fib of local sockets is set by the process that opens > the socket. (either with setfib(2) or sockopt(SETFIB)) > > I was thinking that it might be possible to tag a socket to accept the > fib of the packet coming in, but if we do this, we should decide > API to label a socket in this way.. I think it should be sysctl to globaly enable TCP FIB inheritance. API is already exists: sockopt(SO_SETFIB) for listening socket. > It is a n execellent idea however, and I don't know why I didn't > do it already.. > > > > >tcp4 0 0 192.168.1.100.80 XXXXXXXXXX SYN_RCVD > >tcp4 0 0 192.168.1.100.80 XXXXXXXXXX SYN_RCVD > >tcp4 0 0 192.168.1.100.80 XXXXXXXXXX SYN_RCVD > > > >Can TCP connection inherit FIB from first SYN packet or not ? > > no but it is a good idea. -- Igor Sysoev http://sysoev.ru/en/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080724163128.GE57814>