From owner-freebsd-net@FreeBSD.ORG Thu Jul 24 16:33:07 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25A42106567C for ; Thu, 24 Jul 2008 16:33:07 +0000 (UTC) (envelope-from is@rambler-co.ru) Received: from relay0.rambler.ru (relay0.rambler.ru [81.19.66.187]) by mx1.freebsd.org (Postfix) with ESMTP id DBDAC8FC08 for ; Thu, 24 Jul 2008 16:33:06 +0000 (UTC) (envelope-from is@rambler-co.ru) Received: from localhost (is1.park.rambler.ru [81.19.64.121]) by relay0.rambler.ru (Postfix) with ESMTP id 8FB6262A1; Thu, 24 Jul 2008 20:33:05 +0400 (MSD) Date: Thu, 24 Jul 2008 20:31:28 +0400 From: Igor Sysoev To: Julian Elischer Message-ID: <20080724163128.GE57814@rambler-co.ru> References: <20080724145610.GA57814@rambler-co.ru> <4888A0B5.4060302@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4888A0B5.4060302@elischer.org> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: freebsd-net@freebsd.org Subject: Re: FIB MFC X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Jul 2008 16:33:07 -0000 On Thu, Jul 24, 2008 at 08:33:09AM -0700, Julian Elischer wrote: > Igor Sysoev wrote: > >Julian, thank you for FIB. I have tried in on FreeBSD-7. > > > >I've found that ipfw does not know about setfib: > >ipfw: invalid action setfib > > > > Oh I have not finished MFC.. > will finish today.. > > the svn server crashed last night .. :-/ > (or at least went very strange) while I was working on this so I > went to bed. > > > > >Therefore I've added missing part from CURRENT. > >Then I have tried the following configuration: > > > >vlan1: 10.0.0.100 > >vlan2: 192.168.1.100 > > > >route add default 10.0.0.1 > >setfib 1 route add default 192.168.1.1 > >ipfw add setfib 1 ip from any to any in via vlan2 > > > >I expected that outgoing packets of TCP connection established > >via vlan2 will be routed to 192.168.1.1, but this did not happen. > >The packets went to 10.0.0.1 via vlan1: > > no, while this doesmake sense, the fib is only used for outgoing > packets and the fib of local sockets is set by the process that opens > the socket. (either with setfib(2) or sockopt(SETFIB)) > > I was thinking that it might be possible to tag a socket to accept the > fib of the packet coming in, but if we do this, we should decide > API to label a socket in this way.. I think it should be sysctl to globaly enable TCP FIB inheritance. API is already exists: sockopt(SO_SETFIB) for listening socket. > It is a n execellent idea however, and I don't know why I didn't > do it already.. > > > > >tcp4 0 0 192.168.1.100.80 XXXXXXXXXX SYN_RCVD > >tcp4 0 0 192.168.1.100.80 XXXXXXXXXX SYN_RCVD > >tcp4 0 0 192.168.1.100.80 XXXXXXXXXX SYN_RCVD > > > >Can TCP connection inherit FIB from first SYN packet or not ? > > no but it is a good idea. -- Igor Sysoev http://sysoev.ru/en/